Hacks and How To Avoid Them, Part One

Whichever MMO you play, you'll eventually see players complaining they have been hacked. It happens more often than you might think. Keep reading for advice to prevent this from happening to you.

Whichever MMO you play, you'll eventually see players on the forums or in-game complaining they have been hacked. It happens more often than you might think, and to players who think they're being careful with their account details. However, there are only a few main ways that MMO accounts' security can be compromised. I will detail these methods in this pair of articles, as well as give advice on how to stop it happening to you.

First though, I want to clear up a misconception: "hacked" isn't the right word to describe these accounts. Accounts are usually stolen through other means, without resorting to the difficult process of hacking. They're usually compromised through much simpler means, as I'll describe below. Also, it's generally not the developer's or publisher's fault if an account gets stolen - their servers are so well protected that it's not viable for hackers to try to gain access to them. Instead, they go after the weak link in the security chain: the players. I realise this isn't going to win me any popularity contests, but if someone's account is stolen, they usually have to accept at least some of the blame, with exceptions to this rule being few and far between. This is not something that victims of account theft are going to want to hear, but it's the unfortunate truth. One of the clearest examples of this is the first "hacking" method:

The In-Game Password Request
Sometimes, getting someone's login details is as easy as asking for them. This generally doesn't work on older players, but younger players (usually those below the game's recommended minimum age) can sometimes fall for it. Anyone trying to get hold of accounts in this way only needs a small percentage of players to fall for the scam in order to profit from it. Those trying to trick people into giving out their passwords will generally offer something in return. This can range from duping a player's items, to adding money to their account or even offering to flag an account for an expansion it doesn't yet have. Sometimes the scammer will impersonate a GM in order to do this. Either way, once they have your password they'll ask you to log out of your account for a few minutes so they make the changes they promised. Of course, what they're actually doing is changing your password, which, depending on the game, may require you to be logged out in order for it to be changed.


People aren't always who they claim to be.

This trick can be avoided by not giving your login details to anyone, no matter who they are. If someone claiming to be a GM asks you for your password, they're a fake and should be reported to the real GMs immediately. Unfortunately, this may not have too much of an effect in the long-term as most people attempting this scam will be using trial accounts - once one account's banned, they'll move onto another. However, reporting the scammer WILL be a pain in the butt for them, and the longer they spend creating new accounts means less time for them to try to steal other people's.

Password Phishing

"Phishing" is attempting to steal players' account details by pretending to be from the company operating the game. Many phishing attempts happen outside of the game and can take the form of emails, message board posts or even YouTube videos. Regardless of the method used, the aim's always the same: to get your username and password. Some of the more common scams are:

  • An email saying that due to a security issue, your account will be shut down unless you respond with your login details
  • Offering access to a beta test in exchange for your login and password
  • Offering in-game items or even a service to access or hack ANOTHER player's account, by giving your login and password
  • Sending you to a fake version of the game's website and asking you to enter your login details there

Some account phishers will also ask for personal details, such as your name, address and date of birth. This is in case you try to get your account back by contacting the GMs - if the hacker can provide the same details as you, it makes it harder for the GMs to be sure they're talking to the account's real owner.


Scams can take place on YouTube, as well as on other video sites.

If you should see a message board post, YouTube video or email asking you for your login details, always check to see where it's asking you to send them. The start of the email address will usually look official, but the second half (after the "@") will be from a free email provider or simply be made to SEEM official until you take a closer look (something like "blizard.com", for example). Most publishers will NEVER ask you to send them your password via email, as it's less secure than entering it through their website. If you receive a message asking you for your password in exchange for something, assume it's a scam and don't reply. Finally, never click on links provided in email, in forums or given in YouTube videos in order to log into your account. Some of the fake websites used to steal players' account details are very convincing - they look exactly like the real ones and the URLs are made to look similar as well. If you receive a message about something that requires you to log into the official website, always go there manually and navigate to the page yourself - DON'T click the link provided in the message. If you can't find the beta signup page (or whatever is being offered) by going to the website manually, it's probably a phishing scam.

Keyloggers
These are the closest method to real hacking that's used to steal players' account details. Keyloggers are virus-like programs that keep track of everything that's entered via your keyboard and transmit the details to the hacker. In other words, if your PC becomes infected with a keylogger you could not only lose access to your game account, but also to your email address and any other accounts you have online. In a worst-case scenario, you could also have your credit card details stolen. The problem with keyloggers is that they can come from almost anywhere. However, the most common ways for people to get them are by visiting infected websites (usually by following a link on a forum), opening infected files or running files masquerading as add-ons.


If you can't log in and haven't told anyone your password, it may be a keylogger at work.

The first thing you should do to avoid keyloggers is to make sure you have a virus scanner installed and that it's up to date. A virus scanner that hasn't been updated for a year is next to useless, as new viruses and keyloggers are being created all the time. If your virus scanner's license has expired, replace it with a free scanner such as AVG or Avast. However, virus scanners won't protect your PC from everything, so make sure you also have some anti-spyware scanners installed as well. Spybot: Search & Destroy and AdAware are good choices, as is Malwarebytes Anti-Malware. Keep these up to date as well, by checking for updates at least once a week. Run virus and spyware scans often, to make sure that nothing has slipped through the net.

Avoid clicking links on forums that haven't been provided by the publishers themselves. Hackers target both official and unofficial forums, spreading their infected links across them. These could be advertised as anything from funny videos, to details on upcoming patches, or even cheats and hacks. If you're going to click links on forums, make sure that you have your Status Bar turned on in your internet browser. This bar appears at the bottom of the screen and - if you you're your mouse over a link - will tell you exactly where the link will direct you to. Some scammers will forge their links to make them look like they go to the game's official website, rather than to their own. For an example, click the following link and see what happens: http://www.worldofwarcraft.com/

In the past, some websites have accidentally published infected add-ons. When downloading add-ons, make sure you do so from a reputable source and never run an ".exe" file claiming to be an add-on, as it could contain a keylogger. Also, be especially wary of message board posts which claim to link to working versions of add-ons that were broken in a recent patch. Programs that automatically update players' addons have also been tricked into downloading malicious files, so as convenient as these may be, they're best avoided. If you're going to use addons, it's easier to be vigilant when downloading files manually than it is when automatically downloading and installing updates.

Finally, don't download or install patches from unofficial sources. While most of these will be legitimate and provided by helpful players, hackers can see patches as a way to get hold of more accounts. Fake or infected patch files could easily contain a keylogger, so as tempting as it might be to get a patch early or faster from an unofficial source, it's safer to let the game patch itself.

In the second part of this article, I'll look at how accounts can be compromised by buying gold or having a poor password, as well as what can happen if accounts are shared between friends.

Sam "azerian" Maxted
Editor
ZAM.com

Comments

Post Comment
On clicking links
# Apr 14 2009 at 1:09 PM Rating: Decent
In many browsers, when you mouse over a link, somewhere at the bottom of the screen it will show you the address the link is pointing to. For example, when I moused over the link in the article, the status bar at the bottom of Safari showed: "Open "http:\\www.zam.com\" in a new window", so I knew I wasn't going to blizzard.

It's a good idea to use the mouse-over strategy to see where you are gonna go. Be sure to carefully read the url, as the destination can be faux as well (such as blizard.com)
On clicking links
# Apr 14 2009 at 3:13 PM Rating: Decent
unfortunately that only works if the phisher is really bad at it, you can make the text in the status bar say anything it's part of the link tag, it just defaults to the actual adress the link points to if it's not defined in the tag. if you right click on the link and select properties it will show you the actual link.
emails
# Apr 14 2009 at 6:51 AM Rating: Decent
a good way to avoid phishing emails is to have multiple accounts, one that you register your game account with, and another that you register access to any other forums/websites. also don't have your game accout registered with any email account that may be found through a public directory, i've seen that recieved one of the recent phishing emails in my school email, easy target mass send to schools and the probabliliy of catching some phish is high. create an email account to link with your game account with a large free web email provider, sure checkng your email isn't as easy, but it's easy to keep your email off of the directory service.
Hacked
# Apr 14 2009 at 4:18 AM Rating: Default
24 posts
As someone that has been hacked , i can tell you straight up , i didnt have the same password on everything , i refused to use add-ons from any site at all.
So how did i get hacked ..... i logged in on a friends computer to show him some gear etc and where to go on quests he was on via in game maps ..... i logged off so he could move his toon , which took all of maybe 10-15 mins ... tried to log back on my guy and found my password had been changed , 3 weeks later after all the official blizzard rigmarol , i got 90% of my stuff back. So plz dont put all the onus on us " players " as being at fault . and to reply to tangobaldy , he had loaded a multitude of add-ons from all over the place. moral of this is dont use any one else's computer.
Hacked
# Apr 14 2009 at 6:43 AM Rating: Good
*
132 posts
Quote:
So plz dont put all the onus on us " players " as being at fault .


Wait, let's take a look just a little bit back in your post....


Quote:
So how did i get hacked ..... i logged in on a friends computer to show him some gear etc


You didn't get hacked. You logged in on a machine that wasn't 100% secure. Yes, it's on you. Never log into any machine that might be suspect. The only machines I will log my account on outside of my home are ones that I know are maintained by people with knowledge of system security.

Edited, Apr 14th 2009 10:47am by Yngvie
Hacked
# Apr 14 2009 at 5:06 AM Rating: Decent
jjaxal wrote:
So plz dont put all the onus on us " players " as being at fault .


After reading the article I don't believe that the author was putting all of the onus on players merely stating that in the vast majority of cases the 'hacking' could have been prevented by taking some basic precautions.

In your case it may have been as a result of using an unsecured computer. Yeah you should be able to trust that your friends take the same precautions you do. But unfortunately this isn't always the case.
Hacked
# Apr 14 2009 at 12:51 PM Rating: Decent
24 posts
that's what i thought also , considering the friend i refer to is my brother in law
thanks!
# Apr 07 2009 at 4:59 PM Rating: Good
Thanks for taking the time to write out that post. Most of it is common sense to me, but as an ex-helpline staff, I know just how easy it is to make simple mistakes, and with that said it's STILL a good refresher for me as well.

Looking forward to the next installment. It's a refreshing break from the usual arm-long item update list. =)
­
# Apr 07 2009 at 1:47 PM Rating: Excellent
On the topic of clicking on bad links, don't click on tinyurl links. They could go to anywhere.

Edited, Apr 7th 2009 3:49pm by LadyOfHolyDarkness
tinyurl?
# Apr 14 2009 at 8:44 AM Rating: Decent
***
2,602 posts
what are cannotlinkto links. i havent heard of that before
Excellent piece
# Apr 07 2009 at 11:28 AM Rating: Excellent
*
132 posts
We just had a new phishing scam last week. A friend came into my store all concerned because he had received an e-mail from a "donotreply" address, stating that they had information leading them to believe that his WoW account was up for sale, and this violated the TOS, and he needed to reply to this "donotreply" e-mail with his account information They didn't ask for his password, but they did ask for his CD key, and other info that would make it look like they were the actual owner of the account. I told him it was probably a scam, and he should contact customer service immediately.

One other possible method was missed in the article, though, and that is the infected banner ad. I do believe a few years ago, Allakhazam was hit with said infected banner.

And as Pwyff said - if you're going to use add-ons, get them from Curse. AND STILL VIRUS SCAN THEM AFTER DOWNLOADING.
BOGGLE
# Apr 07 2009 at 10:28 AM Rating: Excellent
One fairly intelligent and dangerous (for players, not the phishers) method of getting passwords is making a website with some kind of forum or method of registration. Players often use the same password and email for everything, so when they register for the phisher's website, they typically input the email they used to register for their game account. After that, if the website owner is savvy enough (and if he went through the effort, he probably is), he can just follow that email and password back to your account.

Typically you can avoid this by having two to three passwords. Make one password the 'high security' one that you only use for things you really don't want to lose (IE; Game Accounts, Paypal Accounts, email accounts, etc) and one or two 'lesser' passwords that you can use for things like logging into forums or wiki editing websites.

Also, as a general rule of thumb, never download anything unless it's from a mainstream website (ie Curse.com) and never type your password if you're not sure why you're putting your password in.

If you have a keylogger (or you think you do), for a temp fix, type out the entire alphabet into a notepad, and then copy + paste together the letters that form up your password. Then copy and paste that password into the password box. In this way, the only logs being transmitted back are CTRL + C and the alphabet. This is a very sketchy temp fix though, like if you can't wait for your scanner to be done or something silly like that.

And finally, the most successful hacker/phisher/scammer is really the GIRL - the Guy In Real Life who's totally playing that Night Elf named Innocentqt.

Just saying.
BOGGLE
# Apr 13 2009 at 8:09 PM Rating: Excellent
Spankatorium Administratix
*****
1oooo posts
Pwyff the Handsome. wrote:
One fairly intelligent and dangerous (for players, not the phishers) method of getting passwords is making a website with some kind of forum or method of registration. Players often use the same password and email for everything, so when they register for the phisher's website, they typically input the email they used to register for their game account. After that, if the website owner is savvy enough (and if he went through the effort, he probably is), he can just follow that email and password back to your account.

Typically you can avoid this by having two to three passwords. Make one password the 'high security' one that you only use for things you really don't want to lose (IE; Game Accounts, Paypal Accounts, email accounts, etc) and one or two 'lesser' passwords that you can use for things like logging into forums or wiki editing websites.

Also, as a general rule of thumb, never download anything unless it's from a mainstream website (ie Curse.com) and never type your password if you're not sure why you're putting your password in.

If you have a keylogger (or you think you do), for a temp fix, type out the entire alphabet into a notepad, and then copy + paste together the letters that form up your password. Then copy and paste that password into the password box. In this way, the only logs being transmitted back are CTRL + C and the alphabet. This is a very sketchy temp fix though, like if you can't wait for your scanner to be done or something silly like that.

And finally, the most successful hacker/phisher/scammer is really the GIRL - the Guy In Real Life who's totally playing that Night Elf named Innocentqt.

Just saying.


That just happens to be one site I won't download from...
____________________________

BOGGLE
# Apr 15 2009 at 7:04 AM Rating: Good
*
132 posts
Quote:
That just happens to be one site I won't download from...


Please explain.
BOGGLE
# Apr 14 2009 at 12:41 AM Rating: Default
13000+ posts and you dont even give a reason? I have never in 4 years found any problems with the site. :) Inform us plz
Post Comment

Free account required to post

You must log in or create an account to post messages.