Skip to Content
1-15-2010 @ 1:09PM
The General Forums are filled with "I got hacked posts". Since the Hilt was added to the game the need for in game gold has skyrocketed. Gold sellers have stepped up account stealing at an alarming rate. I don't care who you are. I don't care how careful you are. I don't care how smug you are.You need an Authenticator.
1-15-2010 @ 1:17PM
^^^This!^^^I can't tell you how many smart, computer literate people I know that are 100% aware of every phishing scam out there and still got a trojan on their computer that stole their account. I know someone that could practically write an operating system if they wanted to and still got their account hacked; the very next day I put an authenticator on my account.
1-15-2010 @ 1:25PM
6 words: "We cannot ship to this address".
1-15-2010 @ 1:26PM
You do need an authenticator however this may not have saved you if you logged into the fake armory using it (depending on how fast these jerks are). Does anyone know if they were asking for authenticator numbers or not in this scam?
1-15-2010 @ 1:30PM
@ZhivaI had a guildy in the same situation. I bought his Authenticator for him and he sent me some money.
1-15-2010 @ 1:32PM
Authenticator will not prevent you from falling for a phishing site. It will prevent the scammer from using your account, but it will not automagically give you +100 int or make your firewall telekinetic. It's a good last line of defence for the "oh, crap" accidents, but it is NOT A SUBSTITUTE for caution.
1-15-2010 @ 1:33PM
Would it be illegal to re-sell the Authenticators for those who can't otherwise get them through Blizzard? Through my business I have the wherewithal to do so fairly easily, but I'm not sure about the legality of it.
1-15-2010 @ 1:35PM
wdm, even if it did ask for an authenticator number, they would have to use it within a minute or less for it to be valid. Then that would log them in to the game. Once. Or they could use it to get to your account. Once. But they wouldn't be able to remove the authenticator or change the password or make any other changes without putting another authenticator code in.An authenticator completely protects your WoW account in this case. If the phishing site uses your login info to get into other kinds of accounts... well that's why your WoW account info should be different from your bank/email/whatever info.
1-15-2010 @ 1:37PM
@zmes_matt: Dude you are right about that... when it comes to phising it doesn't matter, if you are bill gates, or the best computer engineer in the world.I am a computer engineer, I am extremely careful, I have 2 antivirus, and now i just added an authenticator to my account.. why?.... I was hacked once and i had 2 antivirus, and still was a computer engineer.. so it doesn't matter who you are.. take all the measures you can .. if you don't wanna lose money.
1-15-2010 @ 1:36PM
*sigh*I tried an authenticator - twice - found it annoying to deal with each time. Your mileage may vary.I don't put my credentials into a random web site. I'm sorry, but I just can't have any respect for anyone who falls for a phishing scam. It's been publicized. People have been warned. If you fall for one of these it's 100% your fault, because you were just that stupid. Sorry, there's no way to justify falling for these things that doesn't boil down to that.Otherwise, the only way you get hacked is some piece of malware steals your password when you put it in. Well, there are no trojans/keyloggers on the Mac. Quit spouting that everyone needs one until you can show that there are non-theoretical attacks on the Mac. People have been beating the drum of "you're going to get attacked/viruses/hacked" for a decade now, and it hasn't happened.For a trojan or even a web browser or Flash vulnerability to work, the code would somehow have to not only execute, but elevate permissions from the user to root - and that's not happening without the user giving permission. So even if one of these theoretical vulnerabilities was exploited, you're still stuck at user level permissions, and you're not going to get other application's keypresses. Try to do it, and the user will get a prompt that something wants elevated privileges - and unlike UAC, that doesn't pop up all the time. It *never* pops up while web browsing. And as such, we don't have this whole class of problems on the platform.So:1) Phishing scams are platform independent and rely on dumb users.2) There are no trojans or keyloggers on the Mac. Period. Why?3) The UNIX permissions model won't allow even a compromised browser or plugin to gain enough access to install a keylogger. In other words, there is no valid vector for such an attack.A reasonably smart Mac user is immune to account hacking. A reasonably smart Windows user may or may not be. A dumb user is vulnerable to... well, everything.Flood of insecure Windows users downranking me in 3...2...1...
1-15-2010 @ 2:03PM
"A reasonably smart Mac user is immune to account hacking. A reasonably smart Windows user may or may not be. A dumb user is vulnerable to... well, everything."I'm not going to downrank you, because your post was well thought out, but I think you place far too much faith in your operating system and your brain. Phishing is much more sophisticated than I think you suppose. This sort of "it-can't-possibly-happen-to-me" attitude is exactly what phishers rely on. Phishing doesn't depend on stupidity. It depends on carelessness. You may not be stupid, but we are all careless at one time or another.And don't think running Mac OSX provides immunity, either. Your claim that there are "no trojans/keyloggers for Mac" is just plain false (http://gadgetwise.blogs.nytimes.com/2009/04/17/mac-security-iii-the-rise-of-the-botnets/, for example). Windows has more viruses and exploits not because it is inherently less secure, but because it has the largest market share, so that is where virus writers focus their energies. Stories like this one (http://news.zdnet.co.uk/software/0,1000000121,39256036,00.htm) show that a properly motivated individual can compromise a Mac just as easily as a PC.Your operating system does not make you immune. Your IQ does not make you immune.And, for the record, blaming the victim of a crime is rarely going to win you any friends.
1-15-2010 @ 2:08PM
@Zhiva:APO? Australia / New Zealand etc? Some European country?
1-15-2010 @ 2:47PM
@placebo Ukraine. And it is in their shipping destinations list.
1-15-2010 @ 4:21PM
@Joshua Ochs At least you were right about the down-rating, if not for entirely the wrong reason. P:
1-15-2010 @ 4:24PM
Oops, no not in "if not for", there.
1-16-2010 @ 12:18AM
@ Robin "But they wouldn't be able to remove the authenticator or change the password or make any other changes without putting another authenticator code in."Many of the phishing scams ask for your CD key for this very reason. Your original CD key CAN be used to remove an authenticator from your account and not many people realize this. NEVER EVER give your CD key to ANYONE.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.