Filed under: Account Security

One of our readers, Bill, sent us a tip about a WoW account issue on The Consumerist. It seems that the ownership of Anonymous's friend's account is under dispute and Blizzard won't let him use it in the meantime. The ownership became disputed after the account was allegedly hacked, even though there was allegedly a mobile authenticator on the account. His friend has given up on the account, complete with Val'anyr, and has created a new one.

We can't confirm any of the facts in this case. I am willing to believe that Anonymous is truly upset and believes the story he tells to be true, even though he is posting anonymously. There are some serious red flags, however, that seem to point to Anonymous not having all of the facts:

A guildie got the above whisper Tuesday night. (I have blocked out the website so as not to promote this phishing attempt.) We have reports of this happening to a lot of people in-game right now as yet another attempt to get you to go to a site, so they can steal your login info and defile your characters.

Let's dissect the above whisper:

• It's one whisper made to look like two. This will work if your chat settings match the scammer's chat settings, but if you've fiddled with your font or chat window, then the formatting will be off and the scam will be more obvious.
• The whisper is from a garbage name. All "players" I've seen with random characters have been scammers or gold selling barkers. So anything after such a name should be considered highly suspect.
• It says [Game Master]GM. The scammers aren't even trying here. Blizzard GMs have names and have <GM> before their names.
• It sends you to a non-Blizzard site. Don't go to any website you get in tells or in-game mail as a general rule. If you have received a ban of any kind, you will receive an email to the account you have on file with your subscription info.

At least judging by the number of emails we've been getting about them, WoW scams have never been more popular than they are now. So I'm very happy to see that Blizzard has launched a new Account Security section on their Battle.net site, featuring tips on how to keep your Battle.net account safe.

A lot of it is common sense - things like using an authenticator (which also gets you a nifty Corehound pet), not giving your account name/password to anyone (even if they say they're a Blizzard employee), and keeping up-to-date browser software and anti-virus on your computer. It never hurts to reiterate these things, though; many accounts get compromised every day through not observing these rules.

There are so many scams going around like the Catclysm Alpha invite and the WoW Armory phishing site, that people's accounts are getting stolen more than ever. With all of the work that Blizzard has to do to keep up with the problem, it's no wonder they are offering the fast solution of care packages. We've talked about how to avoid scams as well as how to protect yourself. Here is a guide as to what to do if your account gets stolen.

Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.

Welcome back to The Queue, WoW.com's daily Q&A column where the WoW.com team answers your questions about the World of Warcraft. Alex Ziebart will be your host today.

Why yes, that is the most disgusting whale you've ever seen. Unless, of course, you've witnessed local authorities taking dynamite to a beached whale to get it out of the way since they couldn't move it just by pushing the thing. That is disgusting. Whale guts landing on cars a mile away? No thanks. I'll take the guy pictured above over that.

Moonkinmaniac asked...

"On the WoW calendar there's an undead whale picture. What the heck is it? Is it a rejected project for the current expansion or possibly one for Cataclysm?"

While it is certainly nothing new, it seems that you can't spit without hitting someone who has, or has had, a compromised account. These WoW account predators are getting more clever by the day, with using everything from keyloggers, sham contests, betas and security checks, to even grabbing an account and immediately attaching an authenticator to it.
Now, any moderately-savvy internet user would just scoff, and say that they take all necessary precautions -- what's there to worry about? Fair enough, but what about those who, well, don't?
Blizzard has said time and time again about safe-guarding your account information, yet people still jump onto those fake Cataclysm betas and fancy new mount prizes. Make something idiot-proof, and they'll build a better idiot, eh?
That being said, what are you doing to protect your prized polygons? Do you have a good anti-virus installed? A malware scanner? If you don't have an authenticator, how come? It's only about the price of a grande Starbucks drink, and will provide a longer-lasting effect of happiness and joy to your life.

Discuss amongst yourselves!

First things first: the correct address for the WoW Armory is wowarmory.com. Bookmark it. Memorize it. But don't ever, ever search for it again. We've talked before about how misspelling searches can get you into trouble. But even if you spell WoW Armory correctly when Googling, the first sponsored site that shows up is a phishing site -- and it's a really good one.

Update 1:10pm: Google seems to have removed the site from their sponsored listing in the short time since I wrote this post. Kudos! Nonetheless, there are and will be more sites using the same technique, so the warning remains valid.

Do not go to the following site: armory-worldofwarcnaft.com/wowarmory/, it is evil. Notice the n in warcnaft? You may not when you are clicking on it in your search page or when it shows up in your address bar. And that's what they are counting on. Because the rest of the site looks authentic. When you type in what you want to search for, you get asked for your Battle.net info. Then, no matter what you type in, it gives you a password error. (I typed in profanity. It was fun.) They have stolen all of the elements of the actual Blizzard pages, so that if you want your login page in other languages, just a click of the button will get you there. But don't. It's evil.

According to The Associated Press, 23 year old Christopher H. Bouffard accepted $760 in 2008 from at least two people in exchange for WoW accounts. Bouffard then failed to turn over the agreed upon accounts, leading to a police investigation. He has now been charged with two counts of grand theft and one count of scheming to defraud. Bouffard is currently being held in jail until he is able to post a $20,000 bail.

While defrauding people and taking their money isn't anything new, getting busted over it while selling WoW accounts is. From what we understand, the arrest is not for the actual trading and selling of accounts, but for the fraud that went on in the process. The fraud in this case is a criminal matter with very real implications for Mr. Bouffard, whereas the buying and selling of WoW accounts is against the agreed upon Terms of Service, but not against any criminal code.

We've been hearing a lot about misbehaving WoWers lately, from the cougar who ran off with a fifteen year old boy, to Blizzard helping international authorities track fugitives online. This appears to be just the latest in a string of cases for Jack "Hang 'em High" McCoy to lay some law and order down on.

If you read WoW.com with any regularity, you probably saw and read our pieces on Friday discussing some rather curious policies Blizzard has recently instituted. There are two in particular that I'd like to discuss further: The care package for hacked accounts and the possibility of mandatory authenticators.

First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.

Reader comments -- ahh, yes, the juicy goodness following a meaty post. [1.Local] ducks past the swinging doors to see what readers have been chatting about in the back room over the past week.

Is it just us, or does it seem a little warm in here? The news was popping here at WoW.com at the tail end of the week, and the reactions in [1.Local] were explosive. In what turned out to be a freaky Friday indeed, WoW.com posted not one but three articles peering behind the scenes at account security concerns. Those of you who like to know how the movie ends before you even take your seat can cut right to the final scene -- but for those who prefer to savor the whole, winding saga over a bucketful of popcorn (with plenty of butter and salt), let's take it from the top.

In the wake of yesterday's rumor that the Cataclysm Friends and Family alpha will be starting this Tuesday, January 12, we should expect an increase in scammers trying to get your account details by offering phony alpha invites. We saw a lot of these for both Burning Crusade and Wrath of the Lich King as well, and some of them were very well crafted.

At this phase of Cataclysm's development, though, it will be comparatively easy to keep yourself safe. Since this is a friends and family alpha, if you don't have friends or family that work at Blizzard, you will not get an invite. Therefore, anyone offering you one is trying to pull a scam. Basically, everyone who's going to be getting legitimate access to the alpha should know who they are already. Everyone else, sit tight and stay tuned to WoW.com for the latest on WoW's next chapter.

---

World of Warcraft: Cataclysm will destroy Azeroth as we know it. Nothing will be the same. In WoW.com's Guide to Cataclysm you can find out everything you need to know about WoW's third expansion. From Goblins and Worgens to Mastery and Guild changes, it's all there for your cataclysmic enjoyment.

---

In our continuing series on account security issues present within Blizzard's offices, we bring you news that lax training in Blizzard's billing department is being exploited by those attempting to game the system and illegitimately acquire more gold and high value in-game items.

The critical flaw in Blizzard's system is that billing support personnel are currently given the ability to "roll back" characters to previous versions more or less on the spot, with the customer on the phone. Because of this, there is a high degree of flexibility and personal accountability on the part of the billing representative. The flexibility extended here is vitally important to customer service, however the training that comes with the flexibility, we are told by multiple sources, is inadequate and leads to this exploit being practiced by a growing number of individuals.

The exploit involves human interaction (aka social engineering), which in security systems is the notoriously weak point. The exploit is often referred to internally as "onioning," which involves the player repeatedly claiming the account was compromised to the Blizzard billing support representatives. There are obviously more details to doing this, but we don't want to provide a how-to. Blizzard is aware of how this is done, and they are currently not implementing checks to combat this.

In a stunning revelation from a veteran account administrator at Blizzard, WoW.com has learned that account administrators are being encouraged by Blizzard managers not to restore people's characters and items after their account has been ransacked by gold sellers and keyloggers. Instead, account administrators are being told to give people a "care package" and get them to accept the package in lieu of total account restoration.

If the player does not accept this care package, they are then forced to go into a character restoration queue that is consistently several days to weeks long. According to sources familiar with the situation, this "care package policy" has been implemented in order to lighten the work load of those Blizzard employees who perform account restorations. Similar policies have existed at other times account compromises have been high, such as during the transition from Vanilla WoW to The Burning Crusade.

This care package being offered consists of the following:

WoW.com has learned through trusted sources close to the situation that Blizzard is giving serious consideration to making authenticators mandatory on all accounts. According to our sources, while this policy has not been implemented yet and the details are not finalized, it is a virtually forgone conclusion that it will happen.

This response is a direct effort to stop the massive number of compromised accounts by gold sellers and keyloggers. The seriousness of the situation with compromised accounts has reached such a level that wait times for item and character restoration are entirely unacceptable, even to Blizzard executives. Blizzard has taken other internal measures to deal with long wait times of people in account restoration queues, and we'll be covering those measures tomorrow.

However, with the inclusion of mandatory authenticators, this should solve a major problem for Blizzard's support and account administration teams.