Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsPopular scams and how to avoid them
by Robin Torres 
Jun 12th 2009 at 5:00PM
What is social engineering? Social engineering is manipulating victims to volunteer personal information about themselves in order to perpetrate a con, scam, fraud, etc. If you have seen the movie Groundhog Day, then you have seen a very good example of it. Phil, a television weatherman, is living the same day over and over. One iteration of his morning, he asks an attractive woman her name, where she went to highschool and her English teacher. The next iteration of his morning, he "accidentally" runs into her and pretends to know her from highschool, resulting in her going to bed with him.
His con works for 3 reasons:
- He seems respectable. He is a well-dressed, articulate, minor celebrity. With this veneer of respectability, he is able to get the initial information and subsequently convince the victim, Nancy, that the forgotten nerd sitting next to her at school has sprouted into a catch.
- The victim sees value in what the con artist is offering. Nancy wants to date a celebrity or at least a successful man and is therefore both available as a victim and incautious with her information and actions.
- The victim is unaware that the information has been stolen. In the case of this movie, she cannot remember any previous iterations of the day.
Your WoW account is under investigation
An email gets sent to one of your email addresses (not necessarily the one you have attached to your WoW account) that says something like: "An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded." The email either asks you to email them your account information or it includes a link to an official looking phishing site designed to steal your info. This is essentially the same scam that has been going on for a while. It comes from what looks like a respectable source, though the only valid email would be wowaccountadmin@blizzard.com without any double "v"s or misspellings. You value protecting your account, so you give your info to this supposedly trusted source. They then use your info to steal your account.
Avoid by: Calling Blizzard directly. If your account is really under investigation, Blizzard will tell you on the phone. For more details, please see this post from Blizzard about fake emails.
In-game mail from a misspelled guildie
You receive mail from a player whose name is spelled very similarly to a guildie or friend -- perhaps with a special character or off by one letter. The mail includes a website to go to for a special deal or to look at a picture or something similar. The site either contains a keylogger or it is a phishing site. Again, when this con works, it is because it is from a source you trust (a guildie), it contains value for you (guildies often send you to interesting websites) and, if you are incautious, you are unaware that your information has been stolen until after it is. This one grabs a lot of active guildmembers because guildies often have hard to spell character names or even alts that are just misspelled versions of their mains.
Avoid by: Verify any in-game mail you get that contain external links by checking your guild roster. Also, you should have an in-guild policy that limits external links to the member restricted area of your guild forums only. In all cases, don't enter your account information unless you go to the Blizzard website directly and scan your computer daily/nightly using any of the freely available virus/malware scans.
Invite/promote request from a misspelled guildie
This one targets your guildbank and not your account. You receive a whisper, from someone who is again spelled very similar to a guildie, to have his alt invited and promoted. The imposter then cleans out your guildbank. You are basically being punished for being a considerate guildie in this situation.
Avoid by: Make sure that all invite requests come from someone in your guild roster. A quick look at your online list will show you if that person is online and will allow you to compare the names. Also, keep a category in your guild hierarchy specifically for alts that does not have access to the valuable tabs in your guildbank. It is only a mild inconvenience for main members to mail their alts anything they need.
Spectral Tiger Mount for sale in tradechat
A high level, server-known player offers up a Spectral Tiger Mount (or any other highly valuable, tradeable in-game loot) for sale at a price that is high enough to be believable, but low enough to be tempting. When contacted, the seller only asks to verify you have the gold before agreeing to send you the code via out of game email. The email contains a code and a link to a phishing site. Your account is then hacked, cleaned out and used to scam the next person. This scam gains a lot of credibility by using hacked accounts that are high level to conduct the transaction. A lot of otherwise careful players are taken in because the excitement of a great deal causes them to be incautious. For further information on this scam, read an interview with one of the actual scammers.
Avoid by: Always be extra careful when a deal seems too good. While there are legitimate sellers of these valuable items at good deals, they will usually conduct the transaction in-game. Again, only go to the Blizzard account sites directly -- never click a link in an email.
Helpful links in the comments and forums
Some of the links in the official forums and the comments here at WoW.com have been put there specifically by shady social engineers to lure unsuspecting readers into a trap. The links go to sites that contain keyloggers that download while you are loading the site. Or they are phishing sites designed to steal your information. We delete the comments that contain them when we catch them, but we don't always catch them.
Avoid by: It is safest to never click on a link in the comments or forums. But if you think it is to a trusted site, then type in the address manually, just to be safe.
Goldsellers and leveling services
Captain Obvious laughs at players who are surprised to learn that the underhanded companies offering services that are against the ToS are the same ones who are hacking accounts. Where else do you think the gold is coming from? The easiest marks for these companies are the people who use their own services, since they are voluntarily giving their information and Blizzard won't protect them.
Avoid by: Don't buy gold! Seriously. Earning gold and leveling your characters get easier with each patch. And if you think that goldbuying is a victimless activity, just scroll up and re-read. These scams wouldn't exist if there weren't a market for their stolen goods.
WoW scammers (and the most common real world criminals) need your cooperation to get your account info, so the biggest hole in your account security is you. Protect your personal data at all times. And use safety nets for when you make mistakes, like regular virus scanning and the Authenticator.
Play Safe!
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Analysis / Opinion, Account Security
Reader Comments (Page 6 of 6)
Gothia Jun 13th 2009 4:00AM
Last week I was in Dalaran sewers early in the morning getting some mushrooms for the cooking daily. When I was approached by a Gnome DK asking me if I wanna arena. I was on my alt druid in dungeon blues that just dinged 80 and I promptly told him that I just dinged and I am not geared enough to arena mid season, but if u want to carry me sure I can do a couple. To make a long story short, we did a couple of matches and we won both. (pretty much me throwing hots and poping bear to run my ass off) matches. After the 2nd match this guy is like hey I'm not a scammer, but I love arenaing and I can get you up to 2K by tomorrow if you give me your account info and just to prove I'm not scamming I'll give you my info too. I was like (shit I knew this was too good to be true) I don't give my account info and if you aren't a scammer you are a rookie because even saying the word "scam" throws up a red flag- I'm out. Well this turd kept sending me tells saying how he is just trying to help and wouldn't stop begging until I finally ignored him. I don't think he actually did anything against the rules so I didn't report him, but I hope that nobody will get hacked by this loser. Should I have reported to a GM about this incident?
daniel Jun 13th 2009 4:23AM
Btw - the hacker do not steal or commit theft. Because - here is the dirty little secret - all IP and information belongs to blizzard. Read the terms of service and EULA. Your shiny epics are theirs, your gold is theirs, your guildbank is theirs and your toon with 200 /played days is theirs. You don't have any property rights over them. So when hacker transfers in game wealth from one toon to other no theft is committed.
And for keylogers - just have firewall, AV and normal settings on UAC - and you are protected by them.
I am programmer worked on some high security projects a few years afo - we can protect the users from keylogers, different attacks and all kinds of malicious software. We cannot protect them from shouting their password on the phone while waiting in line in the cafeteria.
Plan Jun 13th 2009 5:08AM
I recommend all WoW players regularly scan their computers with HijackThis and SuperAntiSpyware, and to have an anti-virus active and UP TO DATE.
AVG, Avira and Avast all offer free versions of their anti-virus software for home users (hopefully you don't play WoW from work) and although many anti-malware programs are excellent for finding and digging out the trojans and rootkits sometimes missed by anti-virus programs, you most definitely still need a solid anti-virus. A lot of people think you don't need an anti-virus anymore, and that's simply not true.
And I know all of us hate nag screens, and oftentimes we X them out in our rush to get logged on and playing, but please guys, take that extra couple of minutes to download your anti-virus and OS updates and reboot because it could save you both time and headaches later on.
Use HijackThis to get a list of processes, services, BHOs and other items that are running in the background on your computer, and use the program's official site to compare your running processes against the ratings composed by the community there. All you have to do is cut from the log file and paste it at the official site to analyze what's running. This is an excellent way to alert yourself to something wrong with your machine -- not all malware will announce itself with pop-ups and redirects. The ones that don't are the really scary ones, because those are the ones waiting for you to put in your WoW account information, or your credit card.
And it's not enough to just browse Task Manager every once in a while -- it can be spoofed, and many trojans nowadays will hide themselves in Task Manager or use the names of legitimate services. Along with regular scans with HijackThis and your anti-malware programs, you can go to the command prompt and type "tasklist /m" to get a list of the running processes on your computer AND all the dll files associated with them. This makes it much easier to spot a piece of malware posing as another instance of svchost.exe, for instance.
You don't have to be a PC technician or expert to take these steps -- all you have to do is take a spare hour or two to read up on these programs and system security, and by doing that you can save yourself, your guild, Blizzard support and your computer repair guy a lot of time and frustration by avoiding serious infection, or spotting it early.
(Well ok, maybe your computer repair guy won't be upset...but do you really want to pay him $200 to get rid of a ridiculously nasty version of Vundo? Or worse, be forced to bring it to the Geek Squad? They make your local PC handyman look like a bargain basement deal...)
Ceradene Jun 13th 2009 7:26AM
Say you are walking by a gym and see a really nice bike just leaning towards the wall. No one is in sight, you know the owner is probably working out inside.
Would you take the bike and drive off because the owner was "stupid enough" not to chain it down?
I wouldn't. And I'd like to think that when I don't lock my front door during a sunny afternoon no one will sneak in and steal my shoes.
This is how I see the scammers. They are people who would steal your umbrella the moment you run off to care for you child and leave it on a park bench. It's low. Pityful.
alvl Jun 13th 2009 9:43AM
get the Authenticator or the iPhone free one. That might not protect you from everything but will put a serious dent in the scams.
noelkytty Jun 13th 2009 2:16PM
Most people who fall for these scams are the same types who lack the common sense, intelligence and minimal computer literacy needed to avoid trojans, viruses and keyloggers when surfing the internet, period, let alone pornography or warez.
Do you really want that lack of intelligence and common sense raiding with [and wiping] you?
To anyone saying that gold buyers are to blame for people being scammed is a load of garbage, and in a round about way it is a case of class envy. Nobody should tell me or anyone else how to spend their own money, especially some kid playing a video game who doesn't know me. Some people have more money than time, and they choose to spend money [which they have plenty of] to buy gold rather than spend hours [that they do not have] farming it. Do you think that gold sellers have a disclaimer saying that they may get the gold from unscrupulous practices or methods? This situation is akin to someone saying that all people who buy cars are responsible for all people who are hit by cars while riding bicycles.
Before someone tries to point out that it is "illegal" [I have seen it before on this topic], remember that while it is against Blizzard's terms of service, nobody will, or ever should, go to jail for buying or stealing fake goods. I feel bad for those who are scammed, and you can down-rank this comment as you please, but this is fake currency, fake achievements and equipment, and losing them is not the end of the world. In the end, these characters, gold, and equipment belong to Blizzard Entertainment, NOT the owner of the account. Technically, you are renting this intellectual property from them. This is not what you want to hear, but it is the truth. [I tried to post this earlier, but it did not take - thank you for pointing this out, Daniel].
Sinfulle Jun 13th 2009 2:55PM
These maggots are the same type who would rob a blind man on the street. Know that if they feel it's all well and good to cheat people out of real money in a game, you can bet they justify doing it in all facets of life. I for one hope you mud puppies try that on your tax forms and play pick-up-sticks in prison.
Nothing is more nauseating than someone who blatantly breaks the law and hides behind a mask (Internet). You scammers are actually the ones sugarcoating actions. You rationalize stealing is fine because you do not get caught. Any judge would be able to correct that line of thinking, and I'm certain that some day you will sit before one, if you haven't already.
I hope Lucifer has a nice cozy brimstone seat waiting for you.
UsedToPlay Jun 13th 2009 3:00PM
Played this game for over 4 years -- never been scammed and never been hacked. Only gullible (read: STUPID) people get hacked/scammed. Problem of this is exasperated by the popularity and accessibility of this game. The world (RL and of Warcraft) is full of stupid people; I've met many of these idiots. They should be glad that the only place they got scammed on is inside a game.
noelkytty Jun 13th 2009 3:28PM
With comments like this, it's no wonder free market capitalism is falling to socialism in the United States. Soon, poor people will be able to tell rich people what they can and cannot do with their money with a mere vote.
artifex Jun 14th 2009 9:20AM
Speaking of URLs in reader comments, should I stop using a URL shortener and only link the long form of URLs, just to make sure everyone can see where I'm linking up front? I know a writer for the site replied pretty quickly to a past message of mine containing links thanking me for them, so it's obvious that writer was on the ball in checking them thoroughly :)
BTW the only in-game scam I've seen is one I get a couple of times a week, where someone pretending to be an official Blizzard rep says they're about to start trialing free mounts, go log in at some shady website if you want one, etc. People, especially young players, need to be reminded that if an official Blizzard person ever talks to them in game, it will look obviously different from a regular chat, with a separate window popping up, etc. And I've never seen an email scam for WoW, maybe because I don't publish my email in any game-related website.
Noscy Jun 14th 2009 9:15PM
Its like someone breaking into your house and stealing your Monoply money, then selling it...