This site makes extensive use of JavaScript.
Please enable JavaScript in your browser.
Classic Theme
Thottbot Theme
Brazen Account Hack Attempts
Post Reply
Return to board index
Post by
lonewarrior
The attempts to lure people into giving up account info is getting extremely precarious. The latest incident has been my guild getting in-game mail allegedly from a member to go to a website,,that is actually an execute file. This member hasn't logged on for a month..but keeps in touch through friends on vent and has assured us the spam did not come from him. I have been posting warnings at our website along with message of the day. This goes along with the daily attempts from in game whispers for free mounts and bogus emails from blizz about account legitimacy..it unfortunately has lured some of my guilds youngest members to give up passwords and have their accounts hacked. My attempt to communicate this problem to a GM has only resulted in being told to go to Blizz's suggestion box...meh.
Well here is my suggestion. Do away with the ten day free trial that gives access to actual realms. The bulk of spammers must be using this to avoid leaving a trail and having free continues access. Let legitimate potential customers enter a public test realm where they can still get a feel for the game.
create a second level of security that a player can activate that denies log on access from IP address not from a U.S. location.(or what ever location that doesn't match your server location.) So even if someone was able to gain access to your password.. a foreign IP address would halt the attempt to enter and change anything.
This might not work against U.S, based hackers..but it would make prosecution easier.
Well their are my 2 cents. If any one has a better idea or has experienced the same problem..chime in.
Post by
319429
This post was from a user who has deleted their account.
Post by
yawgmoth
If you lose your account to a keylogger or a phishing attempt, it is your fault. End of story.
Post by
142329
This post was from a user who has deleted their account.
Post by
138584
This post was from a user who has deleted their account.
Post by
136555
This post was from a user who has deleted their account.
Post by
334295
This post was from a user who has deleted their account.
Post by
187668
This post was from a user who has deleted their account.
Post by
73830
This post was from a user who has deleted their account.
Post by
122668
This post was from a user who has deleted their account.
Post by
73830
This post was from a user who has deleted their account.
Post by
327630
This post was from a user who has deleted their account.
Post by
71095
This post was from a user who has deleted their account.
Post by
Crimor
I have a mobile auth on my iphone, works wonders.
Post by
lonewarrior
My brother is in the military, has a WoW account and is a paying customer like you and me. Now is it fair to keep him from playing when he goes on deployment for 6-10months at a time to places like Singapore , Korea , Various places in Europe ? He pays his $15 a month just like everyone else so why should he not be allowed access to his account while he is overseas
create a second level of security that a player can activate
As I said in my original post.. a player could activate..in other words your brother wouldn't have to activate his firewall like option..but some one who doesn't plan on leaving this country could.
If you lose your account to a keylogger or a phishing attempt, it is your fault. End of story.
it's not the end of the story..my guild bank tab was robbed of 40 flasks as well. Does the whole guild have to bear the brunt of a single persons mistake.
I am familiar with the authenticator..why not package it along with software.
Why doesn't Blizz allow members choose if they wish to be a part of an in game security program..that would pass along information to blizz for immediate investigation..the same way our firewall/spyware programs ask us if we want to pass along any spyware/virus information to a central location.
Post by
142329
This post was from a user who has deleted their account.
Post by
Crimor
it's not the end of the story..my guild bank tab was robbed of 40 flasks as well. Does the whole guild have to bear the brunt of a single persons mistake.
If your MT can't hold agro in a raid the whole raid bears the brunt of a single persons mistake.
One of our guild founders got hacked, I believe the loss was around 30-40k before blizz restored most of it after reports were filed and her account restored. She knows the mistake she made that got her hacked, it's not one she's going to repeat. Most of the guild has the ever so slightly paranoid way of looking at things now that keeps our accs safe. (I know nothing is 100%, but being careful helps a lot).
If the person who got hacked did what they should and reported it properly with what was stolen I believe Blizz would of restored their account and what was stolen. In an old guild we got everything back, and believe me the hacker took a LOT!
It comes down to it's not really blizz's responsibility to stop people falling for scams. I've been on their forums and seen sticky's about scams and fake emails. If people bother to look there is information about what to avoid.
The blizz auth thingy (Either the key ring one or the iphone one) makes your account almost 100% unhackable, since people never bruteforce WoW accounts, and you have a bigger chance of hacking the pentagon locally and getting away with it than bruteforcing the blizz auth, since it changes every 15-20 sec.
Post by
312741
This post was from a user who has deleted their account.
Post by
142329
This post was from a user who has deleted their account.
Post by
alexhoover
dont use the bnet merger.. trust me. security risk... just becareful and smart.
I would strongly advise against this. If your account is compromised and is not merged with a b.net account, it could potentially be merged with another individual's b.net account, which makes the process of account recovery much more strenuous.
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.