^^^This!^^^

I can't tell you how many smart, computer literate people I know that are 100% aware of every phishing scam out there and still got a trojan on their computer that stole their account. I know someone that could practically write an operating system if they wanted to and still got their account hacked; the very next day I put an authenticator on my account.

6 words: "We cannot ship to this address".

You do need an authenticator however this may not have saved you if you logged into the fake armory using it (depending on how fast these jerks are). Does anyone know if they were asking for authenticator numbers or not in this scam?

@Zhiva

I had a guildy in the same situation. I bought his Authenticator for him and he sent me some money.

Authenticator will not prevent you from falling for a phishing site. It will prevent the scammer from using your account, but it will not automagically give you +100 int or make your firewall telekinetic. It's a good last line of defence for the "oh, crap" accidents, but it is NOT A SUBSTITUTE for caution.

Would it be illegal to re-sell the Authenticators for those who can't otherwise get them through Blizzard? Through my business I have the wherewithal to do so fairly easily, but I'm not sure about the legality of it.

@zmes_matt: Dude you are right about that... when it comes to phising it doesn't matter, if you are bill gates, or the best computer engineer in the world.

I am a computer engineer, I am extremely careful, I have 2 antivirus, and now i just added an authenticator to my account.. why?.... I was hacked once and i had 2 antivirus, and still was a computer engineer.. so it doesn't matter who you are.. take all the measures you can .. if you don't wanna lose money.

*sigh*

I tried an authenticator - twice - found it annoying to deal with each time. Your mileage may vary.

I don't put my credentials into a random web site. I'm sorry, but I just can't have any respect for anyone who falls for a phishing scam. It's been publicized. People have been warned. If you fall for one of these it's 100% your fault, because you were just that stupid. Sorry, there's no way to justify falling for these things that doesn't boil down to that.

Otherwise, the only way you get hacked is some piece of malware steals your password when you put it in. Well, there are no trojans/keyloggers on the Mac. Quit spouting that everyone needs one until you can show that there are non-theoretical attacks on the Mac. People have been beating the drum of "you're going to get attacked/viruses/hacked" for a decade now, and it hasn't happened.

For a trojan or even a web browser or Flash vulnerability to work, the code would somehow have to not only execute, but elevate permissions from the user to root - and that's not happening without the user giving permission. So even if one of these theoretical vulnerabilities was exploited, you're still stuck at user level permissions, and you're not going to get other application's keypresses. Try to do it, and the user will get a prompt that something wants elevated privileges - and unlike UAC, that doesn't pop up all the time. It *never* pops up while web browsing. And as such, we don't have this whole class of problems on the platform.

So:
1) Phishing scams are platform independent and rely on dumb users.
2) There are no trojans or keyloggers on the Mac. Period. Why?
3) The UNIX permissions model won't allow even a compromised browser or plugin to gain enough access to install a keylogger. In other words, there is no valid vector for such an attack.

A reasonably smart Mac user is immune to account hacking. A reasonably smart Windows user may or may not be. A dumb user is vulnerable to... well, everything.

Flood of insecure Windows users downranking me in 3...2...1...

"A reasonably smart Mac user is immune to account hacking. A reasonably smart Windows user may or may not be. A dumb user is vulnerable to... well, everything."

I'm not going to downrank you, because your post was well thought out, but I think you place far too much faith in your operating system and your brain. Phishing is much more sophisticated than I think you suppose. This sort of "it-can't-possibly-happen-to-me" attitude is exactly what phishers rely on. Phishing doesn't depend on stupidity. It depends on carelessness. You may not be stupid, but we are all careless at one time or another.

And don't think running Mac OSX provides immunity, either. Your claim that there are "no trojans/keyloggers for Mac" is just plain false (http://gadgetwise.blogs.nytimes.com/2009/04/17/mac-security-iii-the-rise-of-the-botnets/, for example). Windows has more viruses and exploits not because it is inherently less secure, but because it has the largest market share, so that is where virus writers focus their energies. Stories like this one (http://news.zdnet.co.uk/software/0,1000000121,39256036,00.htm) show that a properly motivated individual can compromise a Mac just as easily as a PC.

Your operating system does not make you immune.
Your IQ does not make you immune.

And, for the record, blaming the victim of a crime is rarely going to win you any friends.

@Zhiva:

APO? Australia / New Zealand etc? Some European country?

@placebo

Ukraine. And it is in their shipping destinations list.

@Joshua Ochs

At least you were right about the down-rating, if not for entirely the wrong reason. P:

Oops, no not in "if not for", there.

@ Robin

"But they wouldn't be able to remove the authenticator or change the password or make any other changes without putting another authenticator code in."

Many of the phishing scams ask for your CD key for this very reason. Your original CD key CAN be used to remove an authenticator from your account and not many people realize this. NEVER EVER give your CD key to ANYONE.