Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsNew scam tries to give you a free Celestial Steed
by Fox Van Allen 
Jul 13th 2010 at 1:00PM
Their latest scam vehicle? Our inherent desire for sparkle ponies. Let's get two things straight off the bat:
- You did not just win a free Celestial Steed mount. That in-game tell is an attempt to steal your account.
- No one just bought you a Celestial Steed mount. That email you got is an attempt to steal your account
Attempt to collect your sparkle pony, and within a few short hours, your entire account will be under someone else's control. If you haven't put an authenticator on your account, the scammers will do it for you, locking you out of your own account and severely hampering your ability to get it back.
More information on the latest scam, what you can do to protect yourself and what to do if you're a victim, all after the break.
The not-so-great sparkle pony scam of 2010
With more people using authenticators to protect their accounts, scammers, hackers, phishers and thieves are getting increasingly aggressive in their tactics to snare new victims. The latest attempt making the rounds is the following authentic-looking email:
Instead of helping you redeem your free sparkle pony (or, alternatively, file a request to have this faulty transaction taken off your credit card), the links included in the email will whisk you away to a sketchy land of horror, where honest and kind World of Warcraft players have their gaming experience exploited and destroyed for the profit of gold sellers.Hello, thank you for shopping at the Blizzard Store!
World of Warcraft® Mount: Celestial Steed : 314159265358979323846
To use this key to activate the pet, simply follow these instructions:
* Create a Battle.net account (or if you already have one, log in) at http://www.worldofwarcraft.com
* Verify your e-mail address. (If you have previously verified your address, skip this step.) From the main Account Management page, click the 'verify this e-mail address' link. Then, check your e-mail account for a verification e-mail. Click the link in this e-mail to verify your e-mail address.
* Return to the Battle.net account management page, then click on 'Code Redemption'.
* Enter the above Pet Key in the code field.
* Once you have successfully redeemed this code, you will be able use the pet in World of Warcraft.
NOTE: If you have previously chosen to gift your digital purchase, attaching this key to their Battle.net account will prevent the gift recipient from being able to redeem this key with your Battle.net account.
===========================================
Purchase Receipt
===========================================
Customer Account: your_address_here@wow.com
Order Date: 2010-7-11
Order #: 3778397
(1) World of Warcraft® Mount: Celestial Steed - $25.00
Credit Card Number : ****-****-****-2663
Credit Card Type : Visa
Item Subtotal: $25.00
Tax: $0.00
Shipping & Handling: $0.00
Shipping Tax: $0.00
Grand Total: $25.00
===========================================
If you have any questions or concerns about your order, please contact us at:
Phone: Toll-free at (1-800-592-5499)
Website: http://us.battle.net/account
Live phone support is available seven days a week, 8:00AM - 8:00PM Pacific Time.
Thanks for shopping with us!
Blizzard Customer Service
What to do if you are a victim
If all the items, gold and equipment you own are missing -- or worse yet, if you can't log into your account at all because it's asking for an authenticator you didn't request -- you're probably a victim of a hacking attempt. You can recover your account (and sometimes the items that are missing), but it will take some time. Here's what you should do:
- Contact Blizzard Customer Service. You can get a lot more information about the appropriate people to contact by visiting the World of Warcraft compromised account page. From there, you can learn how to contact Blizzard by phone, email or web to start the account recovery process.
- Contact your guild, if you have one. Most hackers go after guild banks if they can. Taking the extra step of contacting your guild can save everyone a lot of headaches.
- Consider buying an authenticator. Well over 99% of hacking and phishing attempts could have been prevented if the victims had purchased and installed an authenticator on their accounts. Better yet, some mobile phones like the iPhone and Android are capable of downloading a free authenticator app.
Tips on protecting yourself
- Never give out your password to anyone other than your parent or guardian. Blizzard employees and GMs will never ask for your password in game.
- Don't follow web links from strangers in game.
- If you receive an email from Blizzard about your account, do not follow any of the links present in the email itself. If you believe the message may be legitimate, type the worldofwarcraft.com or battle.net address directly in your browser's address bar.
- Blizzard does not run in-game prize drawings. If someone is offering anything to you for free, chances are it's a scam. Don't follow links given to you in game via tells, trade chat or dead gnome corpses strangely floating in mid-air outside the Stormwind auction house.
- Blizzard GMs do not contact people using level 1 characters and tells/whispers.
- Even the most cautious of people can still get hacked by accidentally downloading a keylogger by visiting the wrong site or clicking the wrong link. Make sure your computer is protected with trusted anti-virus software.
Filed under: News items, Account Security
Reader Comments (Page 4 of 6)
Creese5704 Jul 13th 2010 7:45PM
Unfortunately talitha3k my palm pre is not on the list but I do have the 6.00 one. Was totally worth the cost for the extra protection.
thepiratester Jul 13th 2010 1:17PM
Its simple. Blizz needs to seperate servers by Zone and DONT let china IP addy's on USA addy servers. We all know that most of this is from China!
That would cut down on gold sellers :)
Blizz should also look into all these sites that offer gold and set up sting operations. Find out how each service is getting the gold into other players hands and put a stop to it.
Oznak Jul 13th 2010 2:22PM
Don't let people from separate zones play together? You realize that this is how many friends who have moved (temporarily or permanently) as well as military personnel spend time with their original guild/friends? Blizzard suggests separating by zone for latency purposes, but they would never require it.
As for your second suggestion ... it's really more effort on Blizzard's part than it's worth, especially when authenticators are such an easier (and really, better) method of protecting players.
Spark Jul 13th 2010 2:53PM
-----
thepiratester Jul 13th 2010 1:17PM
Its simple. Blizz needs to seperate servers by Zone and DONT let china IP addy's on USA addy servers. We all know that most of this is from China!
-----
So then they have to use proxies to make their traffic come in from the right geolocated IP space. That may or may not be a service provided by whatever botnet they've already subscribed spamming and malware services from.
Drekten Jul 13th 2010 1:19PM
I was recovering from a hack when I got this email, I was skeptical of course. But JUUUUST IN CASE the hackers bought me a celestial steed, I COPIED the code, went to battle.net, logged in, went to item redemption, pasted the code and, to my great NOT SURPRISE, didn't work.
If you're gonna be stupid enough to believe it for a second like I did, log in through battle.net, don't just blindly click links.
MaienM Jul 13th 2010 7:30PM
Those bastards! The least they can do it give you a 10 day grace period before trying to re-hack you. That's just common courtesy, you don't go and hack someone two times in one week, that's just plain rude.
Drew Jul 13th 2010 1:21PM
I always thought the whole gold selling industry was built on the fact that a decent percentage of the playerbase must buy gold. No matter how many hacked accounts exist, they're still not making money unless people are buying their product. Considering how many results you get when you type wow gold into google, and even taking into account that many of the results are probably the same company with multiple fronts, I think it's obvious a LOT of players must buy gold in order to keep these guys in business.
I've yet to see a good analysis of how rampant this is with the playerbase, and I suspect we never will as it would break that unspoken taboo of putting responsibility on the players rather than some evil chinese peasants somewhere over "there".
In 2009, I did a very rudimentary test. I bought $5 of gold using an email account created via gmail expressly for this purpose. This same email account I made into a battle.net account. Not only does this email account, to this day, receive a stupid amount of gold selling spam in gmail's spam box, several months after creating the battle.net account with this email, it was hacked. A month later, the email itself was hacked (easily recovered via google's customer support). In this particular case, gmail allows you to see the ip address of whoever accesses your account. There were 5 during the time it was hacked that looked to originate in korea. The stupidest move of this hacker, of course, was changing the password. A non-aware user wouldn't have even been aware their email address had been hacked unless they were paying attention to the ip addresses that gmail makes available.
My real WoW account has never received a gold selling email, or pretend to be from Blizzard email. It's also never been input into some gold-selling website. Now, I realize this is basically only one data point, but considering I've owned 5 real accounts (and the one "fake" one) over the last 5+ years, it just seems real coincidental. Again, hard to extrapolate, since pretty much no one will admit to buying gold (so asking people who get their accounts hacked whether or not they had ever bought gold isn't going to get you anywhere); yet even a basic rudimentary grasp of math should show it must be rampant.
So here's a security tip for all the closet gold-buyers. Don't ever use the email address associated with your battle.net account when buying gold. Considering battle.net uses an email address as the login name, they've already got half of what they need to login to your account by simply using their email lists for everyone who's bought gold from them.
In many ways, battle.net is less secure than when we had actual wow accounts with a non-email login. But that's a whole other essay. :p
(cutaia) Jul 13th 2010 1:39PM
Here's a non-scientific poll from wow.com way back in 2005. The results were a little scary, and I hope people have learned a little since then:
http://www.wow.com/2005/12/28/poll-results-do-you-buy-gold-/
zdave Jul 13th 2010 1:53PM
oh yeah, a blind poll. i'm sure that shit is accurate.
Sinfulle Jul 13th 2010 1:55PM
I thought I had found a nice guild. Warm, friendly, cozy, like an old log cabin, complete with rocking chair to sit in and read books while the snow fell outside the window. They were all family, it was as if the Waltons had subscribed to WoW. I felt I had found paradise.
Then little "Johnny" started to complain about his gear, and how it was taking forever to level up. Then I saw those words from Uncle "Lewis".
"You need to buy some gold to help you along."
In my mind I could hear the sound of a police siren, handcuffs being locked, and a jail cell door being slammed.
My heart skipped a beat, my brow filled with sweat, my breathing became heavy. I felt dizzy and nauseous as my finger reached to click the mouse, oh can I just reach it?!
*leave guild*
Beautiful paradise, turned into perdition, all for lust of items with +7 STR instead of +3 STR. I choked and sobbed as I imagined the garden of Eden wither and die, to be replaced by crabgrass, burrs and picky thistles.
Ostego Jul 13th 2010 2:40PM
interesting theory;
I can say from direct observation of my own account (that was hacked) that I never click links in mails, I've never bought gold, and I've never given my personal information to anyone who asked, key loggers are not likely considering the amount of security programs I use.
New theory: hackers can use addons (either made by them or a corrupted one) to hijack accounts, or possibly use addons that share information with other members to infect multiple subjects (ie gatherer).
I agree that the majority problem is that there is a consumer base for these hackers and it mirrors real world issues: Sudan, a slave goes for around $50 U.S. dollars and slavery is very prevalent in the area. Ironically multiple "humanitarian" groups will buy slaves and set them free... of course they are supporting the slavery system and creating more of a market for slave raiders to use. If there is no market for it then there won't be any slave raiding, if there is no market for gold then there won't be any account raiding regardless of possible hijacking techniques used.
Personal responsibility is easy to teach to an individual compared to teaching the masses.
Lee Weaver Jul 13th 2010 2:50PM
the add-on API does not allow for account compromising information gathering. There just isn't a way to do it. Do not spread this fear, as it is a technical impossibility.
Typical Jul 13th 2010 1:21PM
I don't understand why Blizzard doesn't aggressively prosecute these individuals. Obviously there are logs for everything that happens in the game. I understand this may be time consuming, and require an entire department dedicated to such actions, but with an important matter such as this, it should happen.
Another thing I'm bothered by is the websites that actively try to log your information. There have been fake battle.net websites littered on the internet, some very old and still around. Why has there been no action by Blizzard to seize these domains?
david_maurice Jul 13th 2010 1:23PM
Gostcrawlerblizz promised me a pony.
The pony was a lie.
Halgrimur Jul 13th 2010 1:24PM
its been going on EU realms for a long time now...
I like to screw with them by replying something like "Yeah, I logged in on your website, sent you my secret question and answer for my Battle.Net account, but STILL NO HORSE!"
Dire Jul 13th 2010 1:24PM
Hacking is such a poor profession rly...but, well, ppl will make money out of everything...and why? because it's profitable and it gets even more profitable the more ppl make the mistake af actually getting hacked.
Don't misunderstand me here. I've been hacked myself (still don't know why...probably a keylogger my father got himself installed maybe on a different rig in a different town), but now I have an authenticator (it's not THAT expensive, makes ur account so much more secure and even gives u this adorable drooling corehound puppy ^^) and everything's fine, apart from wrecking my fingers whenever the login servers decide to be "down"...and I'm furiously checking back every minute and have to type in the authenticator number each time...but at least I'm safe.
I guess it's a bit more difficult to actually determine whether an email is correct or not if you're from the us, but it's not that difficult to type in the address manually you usually use when logging into ur account page.
Europe, however, must have insanely stupid scammers. I get emails all day telling me that my account has bee compromised, etc. I can deliberately ignore them...they get sent to my spam account and they have a US-Tag...I'm from Germany duuuh...
The same with ingame messages...cmon by now every1 should know what a GM looks like and especially HOW they are going to introduce themselves...They won't whisper you with...hey man you've just won a pony...and their names won't be rshjgsdltman or sth like that lol...and best of all...they are whispering me in ENGLISH on a GERMAN server...hilarious...I can regularly laugh my ass off when they try to pull that trick on me...about once a week ^^
Typical Jul 13th 2010 1:28PM
"The same with ingame messages...cmon by now every1 should know what a GM looks like and especially HOW they are going to introduce themselves..."
You're assuming everyone has been playing the game for a long time. It's not the veterans they are capitalizing on, it's the new players who don't know what a blizzard employee looks like.
Gimmlette Jul 13th 2010 1:32PM
There's the current scam that many of my guild members received over the last 5 days. It looks very convincing. You have just transferred a character to another realm but there's a problem with the transfer. You're given an order number and told to go to a web site to fix the problem. The guild members who reported the scam to me hadn't done any transfers so were a bit confused.
One guild member wondered why they try this. There are a lot of character transfers so they figure enough people won't carefully look at the email and figure there is a problem with the account so will check the links given.
I tell all my guild members repeatedly, if you don't know if it's legit, go to your account page and send them an email and ask. You should have an authenticator but, for awhile just recently, they were out of stock.
And then do what several of my guild members have taken to doing. When they get whispered, they have a sales pitch for a variety of household items and Viagra. They find it hugely amusing to be put on a gold spammer's "Ignore" list.
Hairfish Jul 13th 2010 3:06PM
"When they get whispered, they have a sales pitch for a variety of household items..."
I prefer spamming sexually explicit invitations, myself. I'm still waiting for one of them to report me.
Munky Jul 13th 2010 1:34PM
I got one of those scams the other day. However, it wasn't for the steed. It was for entry into the beta. I'm quite surprised that anyone falls for these though. But obviously a bunch of people do seeing that these scammers are still at it.