In many browsers, when you mouse over a link, somewhere at the bottom of the screen it will show you the address the link is pointing to. For example, when I moused over the link in the article, the status bar at the bottom of Safari showed: "Open "http:\\www.zam.com\" in a new window", so I knew I wasn't going to blizzard.
It's a good idea to use the mouse-over strategy to see where you are gonna go. Be sure to carefully read the url, as the destination can be faux as well (such as blizard.com)
Hacks and How To Avoid Them, Part One
Whichever MMO you play, you'll eventually see players complaining they have been hacked. It happens more often than you might think. Keep reading for advice to prevent this from happening to you.
Whichever MMO you play, you'll eventually see players on the forums or in-game complaining they have been hacked. It happens more often than you might think, and to players who think they're being careful with their account details. However, there are only a few main ways that MMO accounts' security can be compromised. I will detail these methods in this pair of articles, as well as give advice on how to stop it happening to you.
First though, I want to clear up a misconception: "hacked" isn't the right word to describe these accounts. Accounts are usually stolen through other means, without resorting to the difficult process of hacking. They're usually compromised through much simpler means, as I'll describe below. Also, it's generally not the developer's or publisher's fault if an account gets stolen - their servers are so well protected that it's not viable for hackers to try to gain access to them. Instead, they go after the weak link in the security chain: the players. I realise this isn't going to win me any popularity contests, but if someone's account is stolen, they usually have to accept at least some of the blame, with exceptions to this rule being few and far between. This is not something that victims of account theft are going to want to hear, but it's the unfortunate truth. One of the clearest examples of this is the first "hacking" method:
The In-Game Password Request
Sometimes, getting someone's login details is as easy as asking for them. This generally doesn't work on older players, but younger players (usually those below the game's recommended minimum age) can sometimes fall for it. Anyone trying to get hold of accounts in this way only needs a small percentage of players to fall for the scam in order to profit from it. Those trying to trick people into giving out their passwords will generally offer something in return. This can range from duping a player's items, to adding money to their account or even offering to flag an account for an expansion it doesn't yet have. Sometimes the scammer will impersonate a GM in order to do this. Either way, once they have your password they'll ask you to log out of your account for a few minutes so they make the changes they promised. Of course, what they're actually doing is changing your password, which, depending on the game, may require you to be logged out in order for it to be changed.
People aren't always who they claim to be.
This trick can be avoided by not giving your login details to anyone, no matter who they are. If someone claiming to be a GM asks you for your password, they're a fake and should be reported to the real GMs immediately. Unfortunately, this may not have too much of an effect in the long-term as most people attempting this scam will be using trial accounts - once one account's banned, they'll move onto another. However, reporting the scammer WILL be a pain in the butt for them, and the longer they spend creating new accounts means less time for them to try to steal other people's.
Password Phishing
"Phishing" is attempting to steal players' account details by pretending to be from the company operating the game. Many phishing attempts happen outside of the game and can take the form of emails, message board posts or even YouTube videos. Regardless of the method used, the aim's always the same: to get your username and password. Some of the more common scams are:
- An email saying that due to a security issue, your account will be shut down unless you respond with your login details
- Offering access to a beta test in exchange for your login and password
- Offering in-game items or even a service to access or hack ANOTHER player's account, by giving your login and password
- Sending you to a fake version of the game's website and asking you to enter your login details there
Some account phishers will also ask for personal details, such as your name, address and date of birth. This is in case you try to get your account back by contacting the GMs - if the hacker can provide the same details as you, it makes it harder for the GMs to be sure they're talking to the account's real owner.
Scams can take place on YouTube, as well as on other video sites.
If you should see a message board post, YouTube video or email asking you for your login details, always check to see where it's asking you to send them. The start of the email address will usually look official, but the second half (after the "@") will be from a free email provider or simply be made to SEEM official until you take a closer look (something like "blizard.com", for example). Most publishers will NEVER ask you to send them your password via email, as it's less secure than entering it through their website. If you receive a message asking you for your password in exchange for something, assume it's a scam and don't reply. Finally, never click on links provided in email, in forums or given in YouTube videos in order to log into your account. Some of the fake websites used to steal players' account details are very convincing - they look exactly like the real ones and the URLs are made to look similar as well. If you receive a message about something that requires you to log into the official website, always go there manually and navigate to the page yourself - DON'T click the link provided in the message. If you can't find the beta signup page (or whatever is being offered) by going to the website manually, it's probably a phishing scam.
Keyloggers
These are the closest method to real hacking that's used to steal players' account details. Keyloggers are virus-like programs that keep track of everything that's entered via your keyboard and transmit the details to the hacker. In other words, if your PC becomes infected with a keylogger you could not only lose access to your game account, but also to your email address and any other accounts you have online. In a worst-case scenario, you could also have your credit card details stolen. The problem with keyloggers is that they can come from almost anywhere. However, the most common ways for people to get them are by visiting infected websites (usually by following a link on a forum), opening infected files or running files masquerading as add-ons.
If you can't log in and haven't told anyone your password, it may be a keylogger at work.
The first thing you should do to avoid keyloggers is to make sure you have a virus scanner installed and that it's up to date. A virus scanner that hasn't been updated for a year is next to useless, as new viruses and keyloggers are being created all the time. If your virus scanner's license has expired, replace it with a free scanner such as AVG or Avast. However, virus scanners won't protect your PC from everything, so make sure you also have some anti-spyware scanners installed as well. Spybot: Search & Destroy and AdAware are good choices, as is Malwarebytes Anti-Malware. Keep these up to date as well, by checking for updates at least once a week. Run virus and spyware scans often, to make sure that nothing has slipped through the net.
Avoid clicking links on forums that haven't been provided by the publishers themselves. Hackers target both official and unofficial forums, spreading their infected links across them. These could be advertised as anything from funny videos, to details on upcoming patches, or even cheats and hacks. If you're going to click links on forums, make sure that you have your Status Bar turned on in your internet browser. This bar appears at the bottom of the screen and - if you you're your mouse over a link - will tell you exactly where the link will direct you to. Some scammers will forge their links to make them look like they go to the game's official website, rather than to their own. For an example, click the following link and see what happens: http://www.worldofwarcraft.com/
In the past, some websites have accidentally published infected add-ons. When downloading add-ons, make sure you do so from a reputable source and never run an ".exe" file claiming to be an add-on, as it could contain a keylogger. Also, be especially wary of message board posts which claim to link to working versions of add-ons that were broken in a recent patch. Programs that automatically update players' addons have also been tricked into downloading malicious files, so as convenient as these may be, they're best avoided. If you're going to use addons, it's easier to be vigilant when downloading files manually than it is when automatically downloading and installing updates.
Finally, don't download or install patches from unofficial sources. While most of these will be legitimate and provided by helpful players, hackers can see patches as a way to get hold of more accounts. Fake or infected patch files could easily contain a keylogger, so as tempting as it might be to get a patch early or faster from an unofficial source, it's safer to let the game patch itself.
In the second part of this article, I'll look at how accounts can be compromised by buying gold or having a poor password, as well as what can happen if accounts are shared between friends.
Sam "azerian" Maxted
Editor
ZAM.com