Posts with tag scams

With another expansion looming on the horizon, there's another round of phishing scams and emails designed to trick you into giving up your account information. With this kind of scam, you get an email or visit a website that's so much like Blizzard's that you wind up typing in your login information, which the scammers then use to pick your account clean. Though you may think this is the sort of thing people only fall pray to when they aren't paying attention, phishing scams get more sophisticated -- and harder to recognize -- every day, so you need to keep your guard up.

Take this Warlords of Draenor phishing scam reported by Malwarebytes as an example. It starts off with an email that's formatted like a message from Blizzard saying you've won a free copy of Warlords -- which is really where you should get suspicious. Once you click on the link in the email, you're sent to a perfect copy of the Battle.net login screen where you're asked to enter your login information as well as your secret question and answer before you can redeem your free copy... but of course the scammers just run off with your info without giving you a thing.

To avoid being had, always check the header to see where an email has come from -- Blizzard emails will only come from an @blizzard.com address -- and if an offer sounds too good to be true, contact Blizzard directly to ask about it. For more tips on avoiding phishing, check out the support page on phishing scams.

---

Every Monday, Scott Andrews contributes Officers' Quarters, a column about the ins and outs of guild leadership. He is the author of The Guild Leader's Handbook.

We've all been there. You invite new people to your guild. They seem like they'll be a great addition to the roster. They ask for help and you gladly offer it. They ask for more and you give more. Then they promptly ride off into the sunset. This week, an officer wants to know how to avoid being the victim of these players.

Hi Scott

We're a friendly, mainly social guild with helpful officers and roster. We occassionaly meet some seemingly cool, nice people that I or the officers warm up to immediately, chatting in vent, etc. They might jump right in to be active in guild chat, and otherwise give every indication that they are mature, responsible and ethical. Every now and then I guess I'm too trusting, and extend help to some of these people in the form of time, guild bank items, and even gold, and then I log in and see they've left the guild without so much as a thank you. Mind you, some of these people have accepted some rather expensive help from us. So I've decided that no matter how nice you seem, or how much any of us may like you or know you, you will have to have been in the guild a certain amount of time before getting any bank items or money, etc. say, over a certain value maybe. I'm just not sure what the specifics on this rule should be, or what else we should do to protect ourselves from these kinds of people. Any advice would be appreciated.

Thanks,
pj

Welcome back to The Queue, the daily Q&A column in which the WoW Insider team answers your questions about the World of Warcraft. Alex Ziebart will be your host today.

Today is a very special treat. We have your standard-length Queue, plus I answer a very exciting bonus trivia question that has nothing at all to do with World of Warcraft! But you will love it, my gamer pals. You will.

Camero asked:

In the past week, I've recieved four emails from "Blizzard" all asking me to do something in order to get a Winged Guardian License. I just wanted to confirm that's not true.

For a while now, account thieves have been putting authenticators on their stolen accounts to buy more time for their scumbaggery. Blizzard has recently made that more difficult by requiring email confirmation when an authenticator is added to a Battle.net account. Rather than just logging in and putting in the appropriate information, you now have to follow the steps in a confirmation email sent to the address registered in your Battle.net account.

Note: Changing the email address on the account requires not only your password (which the account thieves already have at this point) but also the answer to your security question. So make sure the answer to your security question is not guessable or obtainable by any phishing information. As I have suggested before, if you use a password for your security answer rather than an actual answer, you are adding a very thick level of security. Make it a separate password you use just for security questions, like p45sw0rd (don't use that one).

We don't know how long ago Blizzard added email confirmation The email confirmation has been active since July 27 and we believe it will reduce the workload of Blizzard's customer service. More importantly, this will make getting your account back less painful.

Of course, the best way to prevent someone from stealing your account and then adding an authenticator to it is to put an authenticator on it yourself. There are keyfob and mobile versions available.

[Thanks for the tip, Joel!]

Recently, Polar over at Securing WoW wrote about the latest phishing email being sent out by scammers. Account thieves are using the 2010 Arena Tournament as a way to lure you to their site to steal your login info. (Registration for the tournament ended on the 27th continues until June 7.) This is typical behavior by these crooks. Every time a Blizzard event is announced or even rumored, from the Cataclysm alpha to the StarCraft II beta, scammers take advantage it with legitimate looking emails. With the Cataclysm beta almost upon us, the expansion related phishing is going to get even worse.

But there are also the tried and true emails that are being sent out daily, regardless of upcoming events. They spoof their email so that it looks like it is coming from Blizzard and fill the email with legitimate links, making their info-stealing site link look real. Also, the links have misspellings which are hard to catch at a quick glance, (like "starcratf2" or "worldotwarcraft") and lead to sites that look very much like the official ones.

Blizzard has an excellent resource for protecting yourself from phishing attacks. In general, if you get an email that looks legitimate, type battle.net in your browser's address bar (spell it correctly). This will take you to the correct site for your region and there you can see the status of your account yourself. Some examples of phishing emails are after the break.

One of our readers, Bill, sent us a tip about a WoW account issue on The Consumerist. It seems that the ownership of Anonymous's friend's account is under dispute and Blizzard won't let him use it in the meantime. The ownership became disputed after the account was allegedly hacked, even though there was allegedly a mobile authenticator on the account. His friend has given up on the account, complete with Val'anyr, and has created a new one.

We can't confirm any of the facts in this case. I am willing to believe that Anonymous is truly upset and believes the story he tells to be true, even though he is posting anonymously. There are some serious red flags, however, that seem to point to Anonymous not having all of the facts:

A guildie got the above whisper Tuesday night. (I have blocked out the website so as not to promote this phishing attempt.) We have reports of this happening to a lot of people in-game right now as yet another attempt to get you to go to a site, so they can steal your login info and defile your characters.

Let's dissect the above whisper:

• It's one whisper made to look like two. This will work if your chat settings match the scammer's chat settings, but if you've fiddled with your font or chat window, then the formatting will be off and the scam will be more obvious.
• The whisper is from a garbage name. All "players" I've seen with random characters have been scammers or gold selling barkers. So anything after such a name should be considered highly suspect.
• It says [Game Master]GM. The scammers aren't even trying here. Blizzard GMs have names and have <GM> before their names.
• It sends you to a non-Blizzard site. Don't go to any website you get in tells or in-game mail as a general rule. If you have received a ban of any kind, you will receive an email to the account you have on file with your subscription info.

There are so many scams going around like the Catclysm Alpha invite and the WoW Armory phishing site, that people's accounts are getting stolen more than ever. With all of the work that Blizzard has to do to keep up with the problem, it's no wonder they are offering the fast solution of care packages. We've talked about how to avoid scams as well as how to protect yourself. Here is a guide as to what to do if your account gets stolen.

Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.

First things first: the correct address for the WoW Armory is wowarmory.com. Bookmark it. Memorize it. But don't ever, ever search for it again. We've talked before about how misspelling searches can get you into trouble. But even if you spell WoW Armory correctly when Googling, the first sponsored site that shows up is a phishing site -- and it's a really good one.

Update 1:10pm: Google seems to have removed the site from their sponsored listing in the short time since I wrote this post. Kudos! Nonetheless, there are and will be more sites using the same technique, so the warning remains valid.

Do not go to the following site: armory-worldofwarcnaft.com/wowarmory/, it is evil. Notice the n in warcnaft? You may not when you are clicking on it in your search page or when it shows up in your address bar. And that's what they are counting on. Because the rest of the site looks authentic. When you type in what you want to search for, you get asked for your Battle.net info. Then, no matter what you type in, it gives you a password error. (I typed in profanity. It was fun.) They have stolen all of the elements of the actual Blizzard pages, so that if you want your login page in other languages, just a click of the button will get you there. But don't. It's evil.

In the wake of yesterday's rumor that the Cataclysm Friends and Family alpha will be starting this Tuesday, January 12, we should expect an increase in scammers trying to get your account details by offering phony alpha invites. We saw a lot of these for both Burning Crusade and Wrath of the Lich King as well, and some of them were very well crafted.

At this phase of Cataclysm's development, though, it will be comparatively easy to keep yourself safe. Since this is a friends and family alpha, if you don't have friends or family that work at Blizzard, you will not get an invite. Therefore, anyone offering you one is trying to pull a scam. Basically, everyone who's going to be getting legitimate access to the alpha should know who they are already. Everyone else, sit tight and stay tuned to WoW.com for the latest on WoW's next chapter.

---

World of Warcraft: Cataclysm will destroy Azeroth as we know it. Nothing will be the same. In WoW.com's Guide to Cataclysm you can find out everything you need to know about WoW's third expansion. From Goblins and Worgens to Mastery and Guild changes, it's all there for your cataclysmic enjoyment.

---

Every Monday Scott Andrews contributes Officers' Quarters, a column about the ins and outs of guild leadership.

Last week, I addressed a situation where a married couple who leads a guild were using the old double-rolling scam to get extra loot for each other. Normally I don't like to address the same topic two weeks in a row, but based on some of the comments from that post and the following e-mail that I received, some people still don't get why this is a problem.

So here we go again!

I read your article and while I understand it I disagree in principle. Myself (holy priest) and one of our other guild officers(Lock) routinely run in pugs for 25 Naxx, we have on several occasions rolled for gear that neither of us need. Why? Long story short, we do not need the gear but we also try to make sure than one of our less geared guildies in cloth is along for the ride, and now that we can trade the stuff to them we can use three rolls per item to help them gear up faster. We are not selling the stuff to them merely giving it to them so they can gear up faster. If I do not need gear from the raid and niether does the lock, there is a reason we are there, I don't have a problem with it and would not have any problem with anyone else doing the same thing, in fact I would commend them on the efforts on their behalf to help their guildmates.

The only time I have an issue with loot distribution is when it is a straight ninja job, player looses a roll and still gets an item or there is no roll at all and Lootmaster gives it to someone anyhow.

We have a lot of reports of scams coming in to our tip line and many of us are receiving the same phishing emails you are. Even Scott Kurtz from PvPOnline was tweeting about getting one the other day. These scams can be initiated via email to any one of your email addresses. Or they may start in game. Regardless of where they attack you, most of the scams require some form of social engineering to get your info and therefore access to your in-game valuables.

What is social engineering? Social engineering is manipulating victims to volunteer personal information about themselves in order to perpetrate a con, scam, fraud, etc. If you have seen the movie Groundhog Day, then you have seen a very good example of it. Phil, a television weatherman, is living the same day over and over. One iteration of his morning, he asks an attractive woman her name, where she went to highschool and her English teacher. The next iteration of his morning, he "accidentally" runs into her and pretends to know her from highschool, resulting in her going to bed with him.

Our podcast was so much fun last Saturday that we went even longer than usual -- this week instead of the usual hour, you get nearly an hour and ten minutes for your download (and all for the same low, low price of free!). Robin Torres and Lesley Smith joined Turpster and me to talk about what I did at E3 last week (meeting Michele Boyd was definitely a highlight), the new Druid forms and how they look, what's new in the game with 3.1.3, and some recent player achievements, including Ensidia's big win, and the no-deaths character. Plus, we talked with Robin about her recent scam experience, and how you can avoid having something like that happen to you in the future. One quick note: during the show, we guessed that Blizzard would never ask you for your Authenticator passcode, but that's not true: they do require you to give it to them when you sign in on their site. But our other tips are valid: if you make sure that you're the one typing the URL in to "blizzard.com" or "WorldofWarcraft.com," then you'll never have to worry about any sneaky sites grabbing your name and password.

And of course we answered your emails as usual -- if you have any movie posters to send in to us this week, you can send them along to theshow@wow.com. Enjoy the show, we'll see you next weekend.

Get the podcast:
[iTunes] Subscribe to the WoW Insider Show directly in iTunes.
[RSS] Add the WoW Insider Show to your RSS aggregator.
[MP3] Download the MP3 directly.

Listen here on the page:

I would hope that most of you have learned this lesson by now, but for those who came in late: there is currently no Wrath of the Lich King beta test going on. We've been getting a steady stream of tips about various scam sites, or questions along the lines of "is this invite I just got real?" No, that beta invite you got from "bl1zzard@yahoo.co.uk" is not real. Wrath is in alpha, company-internally, maybe. Trust me, I want in at least as bad as you do, but any invite you get to a Wrath beta right now, unless you work at Blizzard, is fake.

When the beta does start (as it surely will eventually), and if you're lucky enough to get a real invite, it will point to a site at blizzard.com, worldofwarcraft.com, or (for our European chums) wow-europe.com. It will not, for instance, point to therealblizzard.net. The scammers have gotten pretty good at building convincing-looking sites (as pictured), but check the URL and don't be fooled. Do not enter your WoW account name and/or password anywhere other than the log-in screen of the game, blizzard.com, worldofwarcraft.com, or wow-europe.com. Oh, and use Firefox.