Skip to Content
1-15-2010 @ 4:05PM
I laugh every time I see someone say something along the lines of:"I'm smart, I won't get hacked!"Uh, well let's put it this way. My friend and her husband both play. Last week she logged on and her husband's character sent her a whisper. She figured he was at work playing on his laptop so responded as would be expected. After a little bit of conversation, and revealing "their son was going to a friend's house after school," he asked her if she could send something out of their guild bank to him, since she was the GM and he had used up his max withdrawals. Since he had been powerleveling jewelcrafting, she figured that's why he had taken all of the epic gems and eagerly went to the bank and got all the rest of the epic gems out and traded them to his character, as well as some of the gold out of the gbank to pay for training up the last few levels and getting the epic patterns from various faction leaders. Then he asked her for her password because he "bought two authenticators and they just arrived and wanted to add hers to her account for her." Not knowing the process of adding an authenticator, she gave him the login information. She suddenly went offline and figured her internet was wacky, since she did have connection problems. She went to reset the router and by the time she got back and tried logging in, her password had been changed. She called her husband asking if the authenticator being added caused her password to change, he said "What authenticator?" when she relayed what happened, he told her he hadn't been on WoW that day.So somehow her husband got hacked, they're not sure how, yet, if he went to an invalid website or if he unknowingly downloaded a trojan or keylogger of some kind. Then the hacker started contacting people on his friends list asking for loans, which some apparently gave, and all of his toons were cleaned out and deleted. They can only speculate where everything that was BoE and items, gold, etc, went, but probably to another account to filter it as much as possible, make it harder to track. They both have their accounts back, but neither of them have received their items.So even if you're smart and think it won't happen to you, as it was said many times before, these phishing scams are rather clever. Imagine logging in and talking to whom you think is your spouse, boyfriend, child, or even close friend, having them ask you for gold or items, or other information you'd readily share with them, and then having that person not being them at all, but a total stranger who only has a goal to rip you off.Their authenticators just arrived yesterday.
1-15-2010 @ 3:26PM
*raises eyebrow*There is no way the husband in that story was "hacked" by a random gold-seller/phisher/etc. There are just too many subtle yet telling ways that they could've given themselves away as a fraud TO THIS GUY'S FREAKIN' WIFE, who you would assume knows him better than just about anyone.He just HAPPENED to know that the guy was power-leveling JCing, he just HAPPENED to know that they had a son (as opposed to a daughter or childless) who was school-aged and who was trusted enough to just be all "oh, btw, not coming home after school today, kthxbai". He just HAPPENED to be able to type with the exact same inflection, grammar, overall personality of this gal's husband, to the point that she never thought something might be up?Either this person TOLD one of his personal friends his account info at some point, he had it written down where an IRL friend/visitor could see it, he's pulling an elaborately huge scam HIMSELF, his wife is largely a moron who doesn't know her own husband at all, or some combination of those four points.Sheesh. Not to insult your friends in any way, but there is NO WAY that, given the circumstances, I'll believe for a second that this was a "random" hijacking.
1-15-2010 @ 4:22PM
"He just HAPPENED to know that the guy was power-leveling JCing, he just HAPPENED to know that they had a son (as opposed to a daughter or childless) who was school-aged and who was trusted enough to just be all "oh, btw, not coming home after school today, kthxbai". He just HAPPENED to be able to type with the exact same inflection, grammar, overall personality of this gal's husband, to the point that she never thought something might be up?"Incorrect. You can find that out easily by looking at what's in the bank, what professions are (using armory you can see the professions and what level its at) and an 80 with jewelcrafting at, say 197, and say, mining, at 450... well... to me that'd look like someone dropped another profession and picked up jewelcrafting.As for talking about their son, I may have made it unclear but she told HIM their son was going to a friend's house. I don't know the exact wording but think something like:"Billy is going to Jim's house after school so you don't need to pick him up." Or whatever.And just because typing is the same means nothing. A lot of people out there use proper grammar or spell correctly. Others use things like 'u' and 'ur.' Through text it's hard to tell if the person on the other end speaks English fluently or not.I can type full conversations in one of three languages. That doesn't mean that I am native to that language, but rather that I studied it. I have met many Chinese individuals who have very thick accents, have a hard time saying many words, but when typing, it's flawless. And as for him giving his info to someone else, again, I don't know what happened, and neither does he, but I suspect he got caught by one of the misspelling searches or something and his account was keylogged. An intelligent hacker would look at what the account has to offer, and seeing he was an officer in a guild, the guildbank had epic gems and a lot of other things, even gold, see that in the character's own bags were gems both cut and uncut and not-maxed jewelcrafting, and seeing the GM is on, whispering going:"Hey, can you get me some of the gems out of the guild bank? I've used my max withdrawals.""Sure honey, oh and Billy is going to Jim's after school so you don't need to pick him up.""Okay. Oh and can I borrow some gold to pay for training jc?""Sure""By the way I bought us some authenticators and they arrived this morning. What's your password so I can add yours?""Ok it's email@example.com blahworld""Thanks."It doesn't need to be "can i has ur pw plzktnxbai" to be a hacker.And again, the character contacted others on the friends list asking for the same loan for training. I don't know how much they actually got, but yeah.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.