Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsPopular scams and how to avoid them
by Robin Torres 
Jun 12th 2009 at 5:00PM
What is social engineering? Social engineering is manipulating victims to volunteer personal information about themselves in order to perpetrate a con, scam, fraud, etc. If you have seen the movie Groundhog Day, then you have seen a very good example of it. Phil, a television weatherman, is living the same day over and over. One iteration of his morning, he asks an attractive woman her name, where she went to highschool and her English teacher. The next iteration of his morning, he "accidentally" runs into her and pretends to know her from highschool, resulting in her going to bed with him.
His con works for 3 reasons:
- He seems respectable. He is a well-dressed, articulate, minor celebrity. With this veneer of respectability, he is able to get the initial information and subsequently convince the victim, Nancy, that the forgotten nerd sitting next to her at school has sprouted into a catch.
- The victim sees value in what the con artist is offering. Nancy wants to date a celebrity or at least a successful man and is therefore both available as a victim and incautious with her information and actions.
- The victim is unaware that the information has been stolen. In the case of this movie, she cannot remember any previous iterations of the day.
Your WoW account is under investigation
An email gets sent to one of your email addresses (not necessarily the one you have attached to your WoW account) that says something like: "An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded." The email either asks you to email them your account information or it includes a link to an official looking phishing site designed to steal your info. This is essentially the same scam that has been going on for a while. It comes from what looks like a respectable source, though the only valid email would be wowaccountadmin@blizzard.com without any double "v"s or misspellings. You value protecting your account, so you give your info to this supposedly trusted source. They then use your info to steal your account.
Avoid by: Calling Blizzard directly. If your account is really under investigation, Blizzard will tell you on the phone. For more details, please see this post from Blizzard about fake emails.
In-game mail from a misspelled guildie
You receive mail from a player whose name is spelled very similarly to a guildie or friend -- perhaps with a special character or off by one letter. The mail includes a website to go to for a special deal or to look at a picture or something similar. The site either contains a keylogger or it is a phishing site. Again, when this con works, it is because it is from a source you trust (a guildie), it contains value for you (guildies often send you to interesting websites) and, if you are incautious, you are unaware that your information has been stolen until after it is. This one grabs a lot of active guildmembers because guildies often have hard to spell character names or even alts that are just misspelled versions of their mains.
Avoid by: Verify any in-game mail you get that contain external links by checking your guild roster. Also, you should have an in-guild policy that limits external links to the member restricted area of your guild forums only. In all cases, don't enter your account information unless you go to the Blizzard website directly and scan your computer daily/nightly using any of the freely available virus/malware scans.
Invite/promote request from a misspelled guildie
This one targets your guildbank and not your account. You receive a whisper, from someone who is again spelled very similar to a guildie, to have his alt invited and promoted. The imposter then cleans out your guildbank. You are basically being punished for being a considerate guildie in this situation.
Avoid by: Make sure that all invite requests come from someone in your guild roster. A quick look at your online list will show you if that person is online and will allow you to compare the names. Also, keep a category in your guild hierarchy specifically for alts that does not have access to the valuable tabs in your guildbank. It is only a mild inconvenience for main members to mail their alts anything they need.
Spectral Tiger Mount for sale in tradechat
A high level, server-known player offers up a Spectral Tiger Mount (or any other highly valuable, tradeable in-game loot) for sale at a price that is high enough to be believable, but low enough to be tempting. When contacted, the seller only asks to verify you have the gold before agreeing to send you the code via out of game email. The email contains a code and a link to a phishing site. Your account is then hacked, cleaned out and used to scam the next person. This scam gains a lot of credibility by using hacked accounts that are high level to conduct the transaction. A lot of otherwise careful players are taken in because the excitement of a great deal causes them to be incautious. For further information on this scam, read an interview with one of the actual scammers.
Avoid by: Always be extra careful when a deal seems too good. While there are legitimate sellers of these valuable items at good deals, they will usually conduct the transaction in-game. Again, only go to the Blizzard account sites directly -- never click a link in an email.
Helpful links in the comments and forums
Some of the links in the official forums and the comments here at WoW.com have been put there specifically by shady social engineers to lure unsuspecting readers into a trap. The links go to sites that contain keyloggers that download while you are loading the site. Or they are phishing sites designed to steal your information. We delete the comments that contain them when we catch them, but we don't always catch them.
Avoid by: It is safest to never click on a link in the comments or forums. But if you think it is to a trusted site, then type in the address manually, just to be safe.
Goldsellers and leveling services
Captain Obvious laughs at players who are surprised to learn that the underhanded companies offering services that are against the ToS are the same ones who are hacking accounts. Where else do you think the gold is coming from? The easiest marks for these companies are the people who use their own services, since they are voluntarily giving their information and Blizzard won't protect them.
Avoid by: Don't buy gold! Seriously. Earning gold and leveling your characters get easier with each patch. And if you think that goldbuying is a victimless activity, just scroll up and re-read. These scams wouldn't exist if there weren't a market for their stolen goods.
WoW scammers (and the most common real world criminals) need your cooperation to get your account info, so the biggest hole in your account security is you. Protect your personal data at all times. And use safety nets for when you make mistakes, like regular virus scanning and the Authenticator.
Play Safe!
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Analysis / Opinion, Account Security
Reader Comments (Page 4 of 6)
Superthrust Jun 12th 2009 6:40PM
TEJ, email me.
superthrust@gmail.com
you seem to be one of the few people on this website that listen to reason. The others seem to be idiots who only follow the uninformed editors.
RogueJedi86 Jun 12th 2009 6:44PM
Don't listen, it's a scam!
TEJ Jun 12th 2009 6:45PM
I see what you did there.
Superthrust Jun 12th 2009 6:47PM
hah. 5 bucks says that my post will be downvoted and all that. But its funny how none of these people at wowinsider seem know know what their talking about with the scamming.
Sure, they know people who have had it done to them, but reading that article made me laugh. All the things they told you to do "as precautions" will only make it easier to get what people want out of you.
This article makes me laugh.
Artificial Jun 12th 2009 6:51PM
Hehe. That's amusing. If you read the illogical justifications the scammers post and their responses and arguments, it's pretty clear they're not the brightest bulbs in the pack either. But because they've managed to find victims even stupider than themselves, they think they're geniuses. XD
Namy Jun 12th 2009 6:52PM
How exactly is the editor on this thread uninformed? We are discussing known scams and the fact that theft is theft no matter how you try to justify it with your dubious 'logic'. What is he uninformed about? Enlighten me.
TEJ Jun 12th 2009 6:54PM
How is it theft when you've spread your cheeks and lubed it up for the scammer? It's like saying "Hi guyse, I left my house door wide open at night and got robbed HALP PLOX".
Babies with candy pose more resistance than several scam victims I heard about on forums and in /2.
Superthrust Jun 12th 2009 7:02PM
uninformed about prevention. Uninformed about popular scams, uninformed about methods.
Generally, uninformed.
As for artificial, the assumption and subtle remark at calling me a "genius" is amusing. You propose that because i believe that i find someone who is unintelligent of certain things, i immediatly classify them as stupid. Stupid isn't the word for taking advantage of people's irresponsibility to learn about "ways to lose your account". Matter of fact, this article should be renamed to "How to lose your account: WoWInsider style" since they are down voting all of my posts trying to tell others how they can lose their account and how to really prevent it. So, by you saying that I am finding "stupid" people to prey on, and then classify myself the most intelligent being in the world by scamming them and showing them they are not invincible and they need to read up more on X topic, you are the "genius" here, smart guy. (please note, sarcasm. You siding with the ill informed editors and "herd" show your intelligence. No judging Necessary. :) )
I believe that no one is "stupid". Just uninformed and uneducated in the right stuff.
Artificial Jun 12th 2009 7:07PM
"How is it theft when ..."
See, an idiot. The answer to that question is patently obvious to someone of average or better intelligence.
Someone to fails to lock their bike up when they quick run into the public restroom for a minute may be acting unwisely, but if you're conclusion is that it isn't therefore theft to take their bike, you're a moron. It's still theft, even if they didn't do anything to prevent the theft other than hope it'd be okay for a minute.
I could ask, "How it is NOT theft?" You probably have an answer for that, too. One that makes your lack of intelligence even more apparent. You'll spout a whole bunch of irrelevancies (like you did above) and act like that somehow justified your point more than simply babbling aimlessly for a minute. Unable to actually grasp logical connections between ideas, you'll take any contrary statement as a refutation when it's tangential and entirely irrelevant to the point you're attempting to make.
Scammers and victims, alas, are stupid people screwing other stupid people. Both end up in their particular role due to their own lack of intelligence.
TEJ Jun 12th 2009 7:24PM
See, a condescending bastard.
Now that we've finished exchanging pleasantries, do note that level of intelligence and moral ground aren't necessarily correlated. Just because I have no morals or ethics does not imply I'm a mouthbreathing keyboard drooler.
Now, in your example - the person who leaves an object of value in broad daylight. Out of line of sight. In an unsafe position. As far as I'm concerned it's like getting phished. Whether or not it coincides with your definitions of "theft" or "scam" is beyond my concern.
Artificial Jun 12th 2009 7:57PM
TEJ, you're contradicting yourself. I was responding to a post you made where you were arguing it wasn't theft. If it really was beyond your concern whether I considered it so or not, you wouldn't have bothered to make the argument. Which is not to say you were intentionally lying, although that's certainly a possibility. But if you're like most people with that viewpoint, it's more that your thoughts in fact do not form a logically consistent set. You believe contradictory things, lacking either the logical skills or the reflective skills that would be required to recognize the inconsistent state of your own mental framework. Without that self-criticism, you can't form a consistent whole. Now I'm not saying that being amoral makes you a "mouthbreathing keyboard drooler", but in fact there is a large correlation between amoral behavior and a lack of reflective cognitive skills. Self-reflection and self-criticism are essential both for forming logically consistent viewpoints and for moral/ethical though, so it is not at all surprising to find amoral people are also logically inconsistent -- it is that lack of an essential cognitive skill for reflective critical thinking that impairs such people.
Namy Jun 12th 2009 6:43PM
I don't understand why scammers try to justify their actions. There is a person at the other end of that character. A person who they set out to hurt, because it IS upsetting for someone when this kind of thing happens. Their gold and gear is a real representation of their time and effort. No matter what scammers say their actions can never be justified when it means a real person gets hurt, that's all that matters.
Balls to them I say, big giant balls! May their houses be robbed.
TEJ Jun 12th 2009 6:51PM
Any reasonable scammer won't. They continue doing their bidding without a care about opinion towards them.
Superthrust Jun 12th 2009 6:52PM
I agree with TEJ. Any scammer who succeeds once, will MOST 100% CERTAINLY scam again. and Sometimes, they get better.
Jayjay Jun 12th 2009 7:24PM
I agree supertwast -they WILL continue doing it, but that doesn't make it right.
It's not a question of hether people CAN do something, its whether they SHOULD.
A person could shoot you / rob your house / steal your possessions because you were stupid enough to open the door before checking thru your peephole (what? You don't have one?! well gee youre just ASKING to be shot or burgled then..) - doesn't mean it's right.
Dreadskull Jun 12th 2009 6:48PM
Wait, is the picture + title insinuating that Griftah's stuff is a scam?!
Lies, I've never been attacked by a Tikbalang ever since wearing his charm!
oniryuujin Jun 12th 2009 7:05PM
the only reason superthrust is trolling this post is because his business is gonna take a hit "Oh I'm not a scammer, I just know them" bullshit. If scammers really did think that these posts would make no difference they wouldn't bother having their bitch boy come here to troll. And there is no justification for theft and what u do. There's a reason scam/con artists go to jail in real life, cause its a crime. And just because laws haven't caught up with these kinds of internet crime doesn't make it right. Oh and lets say I track u down and beat u over the head with a lead pipe and justify it "Well he made me mad, oh and he's stupid" according to ur logic as long as I think ur stupid I can do anything to you.
TEJ Jun 12th 2009 7:11PM
I'm not even going to bother to list the amount of fallacies in this post.
oniryuujin Jun 12th 2009 7:16PM
oh and superthrust has yet to explain how these suggestions are gonna get more people scammed. Every suggestion is sound a logical, and just a helpful reminder to people what to watch out for. Yet thrust here continues to claim "Oh following these will get u even more scammed" yet has failed to elaborate. hmmm I don't know, watch for sneaky names wanting invites, be careful when following links, and don't buy gold.....hmmm doing these things must open a physic portal to ur mind for scammers to get ur account info.
Namy Jun 12th 2009 7:26PM
"hmmm doing these things must open a physic portal to ur mind for scammers to get ur account info"
Lol :D
Damn psychic scammers!