Banned? Economy Exploitation? Missing and naked toons? Uh oh.
If you get banned or suspended for something you know you didn't do, if you are accused of "economy exploitation," if your toons are suddenly naked or no longer on your server... chances are that your account has been compromised. Very often, malicious people use your stolen account to buy & sell gold, to phish other people, or do other behaviours disallowed by Blizzard and get you banned.
How it Happens
There are two primary means by which your account may have been compromised: phishing and keylogging. You're on your own handling vindictive real life people you shared your account info with.
Phishing is the oldest scam in the book. Someone asks for your account information, and you just give it to them. No hacking required. The reason even smart people sometimes fall for this is that phishers are very good at impersonating Blizzard employees or mocking up their websites to look identical to the real Blizzard login pages. You hear warnings everywhere, but don't forget them just because you're more savvy on the computer: don't give your password out, even to people claiming to work for Blizzard, don't follow links in emails, even if they sound legitimate. It is very easy to make a URL-named link on a website or email that actually leads to a totally different place, so always check the URL in your web browser to make sure it's the real deal, type it in manually, or go through your existing bookmark. Be paranoid about emails inviting you to beta tests, offering you loot for winning a contest, and even emails warning your account has been compromised. If in doubt, email Blizzard and ASK.
Keyloggers are a type of malware that secretly runs on your computer and records your keystrokes. Through this method, a hacker can steal your WoW login & password and even your email account info and other private information. They will use this info to access your account information through the website and change everything to their desire, using your stolen email account to verify and accept the changes.
You can get keyloggers in a number of ways. Don't visit sketchy websites or download software you aren't familiar with. Don't follow links in spam emails or instant messages. Make sure your browser blocks executables from running automatically. Keyloggers have, on very rare occasion, managed to infiltrate otherwise reliable websites through advertisements, faux-addons and other means. Additionally, if you share your computer with anyone else or ever log in on public computers (internet cafes), you are at risk through the behaviour of others. Don't fall into the trap of thinking that because you are cautious in your web browsing habits that you can't get a keylogger. Hackers are smart and they've been doing this for years, and they are always one step ahead of the systems used to fight them, so no one is immune.
Cleaning Up The Mess
If you realised a bit too late that the spectral tiger website might have been a scam, or that maybe the addon you downloaded wasn't really an addon, time to start cleaning it up.
Unless you know for a fact you've been phished, assume malware and start scrubbing your computer clean. Changing your account data now won't do any good if the malware is still there lurking to collect the new information, so don't do it yet. Do not skip this step because you think you're a smart internet user, seriously. It's a few extra minutes and it won't hurt anything to be safe.
• Run spyware, malware and virus scans. Run SEVERAL programs, because very often times one won't catch what another will, even if it's fully updated. I like Malware Bytes and MS Security Essentials and highly recommend those. I use HijackThis! utility to clear out suspicious processes.
(note: If you're blocked from running or updating this software, or you can't delete any infections or malware it finds, you may need your computer geek friend to help you out with this part. Many crafty viruses are smart enough to block efforts at their removal)
• Make sure your operating system and internet browser are up to date. Even if you haven't seen any warnings or popups about available updates, go direct to their website to see if there are any new security updates you haven't gotten, and get them if there are. I recommend using script blocking plugins for your browser like NoScript, which is available for both Chrome and Firefox.
• For added assurance, clean our your internet cache/temp files, clear your cookies and your history. Your security scans may have already done this, but I like to check to be safe. The last thing you want to do is put all that effort into cleaning up your computer only do accidentally go to the dangerous site again because it was sitting in your browser history sandwiched between two legitimate sites.
Change Your Info!
If you still have access to your account, now is the time to change all your information. To start, change the password to both your email and your WoW account before either gets hijacked. You also want to change what email it is associated with your WoW account (make an entirely new gmail account just for WoW if necessary). Remember, keyloggers gain information everything you type, not just WoW, so be very cautious when modifying your account information. You do not want to use an email address that could have been compromised by the same hack, or you'll have to start all over again.
If you've already lost access to your account already and cannot access it, you will need to contact Blizzard to get it back into your possession. Do this as early as possible (but after you've done your own personal computer and email cleanup), both because it makes recovery of your character and items possible but also because it will limit the amount of damage the hacker can do. If you wait too long, your account may be beyond repair or Blizzard may not longer have the ability to restore your stuff.
Contact Billing and Account Services ASAP:
By Phone (Mon-Fri, 8am to 8pm PST)
1 (800) 592-5499 • 1 (800) 59-BLIZZARD
• Players in Australia should call 1-800-041-378
• Players in Singapore should call 800-2549-9273
• Players in Chile should call 1230-020-5554
• Players in Mexico should call 001-888-578-7628
• Players in Argentina should call 0800-333-0778
• All other international players should call: (949) 955-0283
Their phones are very busy, so expect to be on hold for a long time, especially on Mondays.
If you know the information, make a list of all the things you've noticed wrong with your account; if characters have been deleted or transferred, who is missing gear, etc. Make sure you have all your information handy that they might need, including your secret question and answer.
Blizzard's Account and Billing will give you all the information you need so you can prove you are the owner of the account and have it returned to you. They will also do as much as possible to recover your characters, gear and other items as fast as possible, provided you call immediately after you notice the hack. Except to have to send in a copy of your identification and other information.
Once they recover your account for you, you will need to open an in-game ticket letting Blizzard know that you just got your account back from a hacking attempt and need your gear restored. List, in as much detail as you can, all the gear and items you lost. Save the ticket and wait for Blizzard to address it. You do not need to be online for this, as long as the ticket is not closed or canceled.
Key your OS and browser updated. Use a special email address just for WoW that you don't give out to anyone. Don't borrow someone else's WiFi or leave your own unlocked. Use firewalls. Stay away from scary websites. Be cautious sharing files with strangers over the internet. Don't give anyone your account information, even if you trust them (they may be trustworthy, but what if they share their computer with someone who is not, or what if THEY are hacked). If you don't share a computer, save your account name in your browser and WoW software to reduce the frequency that you need to type it out. Don't use obvious passwords and change them often.
If you can get an authenticator, do it. They are available in keyfob form for $6 including shipping, or for free on almost any smart phone platform.
The authenticator is not just some ploy by Blizzard to make money: it truly, truly works. This is the exact same technology that banks use. The minor inconvenience of having to punch in a number each login is worth the security, especially if you are high risk because you share a computer or have been hacked in the past.
An authenticator will eliminate the possibility for your account to be hijacked by both phishers and hackers, because even knowing your login and password is useless without the authentication key, and that key changes every 30 seconds and is unique to YOUR particular authenticator. The only way to circumvent this is if the person has the physical authenticator in their possession and call Blizzard with the serial number to have it removed from the account.
Customer Service Forums: http://forums.worldofwarcraft.com/board ... 1112&sid=1
Account Protection Stickies:
http://forums.worldofwarcraft.com/threa ... 8509&sid=1
http://forums.worldofwarcraft.com/threa ... 9866&sid=1
Collection of Anti-virus and anti-spyware:
All things World of Warcraft
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest