Teneral
01-02-2008, 02:41 AM
Seeing as how the guild's been affected by scams and account compromises recently, I figured I'd post some info on keeping your account secure.
Blizzard released an entire website section devoted to account security with info on how to keep secure, types of theft, why/how they occur, what to do if you're compromised, etc.
Link: Battle.net Account Security (http://us.battle.net/security/)
1. Get a Blizzard Authenticator
The Blizzard Authenticator (http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24986) is a security device you attach to your WoW account. When you then try to log into your account, you're asked for a random 6-digit code in addition to your regular username/password. You use the device to give you the code to enter. More information's available on the FAQ (http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660). You can also see a nice blog entry I found on the entire process of setting up (http://thestoppableforce.net/2009/04/03/the-blizzard-authenticator-a-journey-in-pictures/) an authenticator on your account.
You can buy the physical keychain authenticator via the Blizzard Store (http://www.blizzard.com/store/search.xml?q=authenticator) and costs $6.50. Folks with an iPhone or iTouch can download the Mobile Authenticator (https://us.battle.net/account/support/mobile-auth-download.xml) for free. TONS of other phones also have them available for $0.99.
I cannot stress this enough, guildies: Using an authenticator is bar none the single best thing you can do to keep your account secure.
2. Use a Unique Password
While you should change your account password occasionally, it's most important to make sure you aren't using the same account name/password for anything else; it should be a unique password for WoW itself. After all, if the worst does happen and your WoW account gets compromised, you don't want that person to also have access to your bank accounts and such.
3. Keep your computer secure
This means having up-to-date anti-virus and spyware software installed. Not only does it need to be installed, but it needs to be run regularly. Most good security packages will allow you to set the programs to be run as scheduled tasks. DO THAT. Set them to run at a minimum of once a week. Oh, and be sure you set them to always check for new versions/definitions so your software stays current, too.
Quality Free Security Software:
Firewall: Zonealarm (http://www.zonealarm.com/security/en-us/free-upgrade-security-suite-zonealarm-firewall.htm)
Anti-Virus: Avira Anti-Virus (http://www.free-av.de/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html)
Anti-Malware: Ad-Aware (http://www.lavasoft.com/single/trialpay.php), Spybot Search & Destroy (http://www.safer-networking.org/en/index.html)
4. Don't Share Your Account Access Information
Just don't. Don't share it with a guildie. Don't share it with your best friend. Don't share it with your little brother. Yeah, they may be totally trustworthy, but do you know everyone else who has access to their computer? Do you know where they may have written that access info down? Do you 100% trust that every computer they use to access your account is secure? Nope, didn't think so.
5. Don't Access Your Account From Unsecure Computers
That campus computer lab? Your local internet cafe? Your neighbor's unsecured WiFi connection you're pirating? Yeah, all possible ways to get your account access info stolen. "Communal" type computers are certainly the most likely to have keyloggers/trojans/whatever on them, but any computer where you haven't scanned and set up the security yourself is a possible compromise point.
6. Don't Run Mods/Addons From Executables
Generally speaking, there's nothing wrong with and nothing to worry about regarding running "mods/addons" with your WoW. The problem is installing those mods from an executable. When you do so, you never know if it's also installing a keylogger/trojan/etc. A while back, Wowace.com (a well-respected addon site) had a couple of their executable-based addons get versions with keyloggers embedded uploaded to their site, which were subsequently downloaded by many users. So, it can happen even with big, well-known sites. Likewise, I personally advise against using things like the Curse program to install your addons. And installing the addons by hand is really easy anyway.
7. Don't Visit Shady Gold-Seller Sites
Those sites will almost 100% try and install keyloggers or spyware on your computer when you visit them. Especially don't visit using Internet Explorer. And, seriously, gold is so easy to get now with daily quests and such that you shouldn't even need to buy gold. You can make a super-easy 60+ gold a day just doing maybe 5 daily quests that take all of half an hour or so to complete. That should cover even a tank's repair bill for most nights! *grin*
Speaking of gold-selling sites... where do you think the gold you buy comes from? Think it still comes from hunters out botting in Azshara? 'Fraid not. These days, that gold comes from them compromising your accounts, stripping the characters of gold and mats, and then selling it back to you. So when you buy gold, you just support that.
Oh, and last but certainly not least, think of this: when you buy gold, you're giving your credit card information to an unknown, shady (almost-certainly) foreign company. Do you really think they'll only use your card information to charge you for the gold purchase?!
8. Don't Fall for Phishing Attempts
Receive an email from "Account Admin" saying you're trying to sell your account and you need to verify all the infomation (including password!!) or you'll be banned? Yeah, it's fake. Get a whisper from some shady-looking character in-game saying they're from Blizzard and you've been chosen to participate in a "trial" for a new mount? Don't go to that website and give the scammers all your info.
If you hear about something that seems a little fishy (or phishy...) or you've never heard of before, don't jump right in. Search for some info on it on Google or similar to see if anyone else is talking about it. Use common sense. Blizzard doesn't do things like "secret betas" or such where they whisper you in game; they post info on their website and you opt-in for a chance. If you get some offer that you're just not sure about and can't find info, ask me or ask Aquagoddess/Waric - we'll almost certainly be able to tell you if it's something legit.
Oh, and I know you read it on the loading screen tips, but it's worth repeating because it's true: A Blizzard employee will NEVER ask you for your password. I mean, why would they need to since they can access your account info without it...
9. Enable the WoW Launcher
On your WoW login screen, make sure that you have the "Show Launcher" checkbox checked. The Launcher program for WoW does some basic security checks when you start the game up, so it's a good idea to have it enabled.
10. Don't Use Internet Explorer
While Internet Explorer has certainly gotten much, much better than it used to be, it's still the most targetted browser out there for exploit attacks. Instead, I recommend that you use Firefox (http://www.mozilla.com/en-US/firefox/) as your browser.
Once you have Firefox installed, I'd recommend also installing the following addons for it:
Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) - Stop ads from displaying while you browse. Ads on websites are actually a common way to try and infect your computer.
Flashblock (https://addons.mozilla.org/en-US/firefox/addon/433) - With this on, flash apps (including Flash ads) will not automatically load when you visit a page. If you want to use the Flash item, simply click on it and you can use it normally.
Blizzard released an entire website section devoted to account security with info on how to keep secure, types of theft, why/how they occur, what to do if you're compromised, etc.
Link: Battle.net Account Security (http://us.battle.net/security/)
1. Get a Blizzard Authenticator
The Blizzard Authenticator (http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24986) is a security device you attach to your WoW account. When you then try to log into your account, you're asked for a random 6-digit code in addition to your regular username/password. You use the device to give you the code to enter. More information's available on the FAQ (http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660). You can also see a nice blog entry I found on the entire process of setting up (http://thestoppableforce.net/2009/04/03/the-blizzard-authenticator-a-journey-in-pictures/) an authenticator on your account.
You can buy the physical keychain authenticator via the Blizzard Store (http://www.blizzard.com/store/search.xml?q=authenticator) and costs $6.50. Folks with an iPhone or iTouch can download the Mobile Authenticator (https://us.battle.net/account/support/mobile-auth-download.xml) for free. TONS of other phones also have them available for $0.99.
I cannot stress this enough, guildies: Using an authenticator is bar none the single best thing you can do to keep your account secure.
2. Use a Unique Password
While you should change your account password occasionally, it's most important to make sure you aren't using the same account name/password for anything else; it should be a unique password for WoW itself. After all, if the worst does happen and your WoW account gets compromised, you don't want that person to also have access to your bank accounts and such.
3. Keep your computer secure
This means having up-to-date anti-virus and spyware software installed. Not only does it need to be installed, but it needs to be run regularly. Most good security packages will allow you to set the programs to be run as scheduled tasks. DO THAT. Set them to run at a minimum of once a week. Oh, and be sure you set them to always check for new versions/definitions so your software stays current, too.
Quality Free Security Software:
Firewall: Zonealarm (http://www.zonealarm.com/security/en-us/free-upgrade-security-suite-zonealarm-firewall.htm)
Anti-Virus: Avira Anti-Virus (http://www.free-av.de/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html)
Anti-Malware: Ad-Aware (http://www.lavasoft.com/single/trialpay.php), Spybot Search & Destroy (http://www.safer-networking.org/en/index.html)
4. Don't Share Your Account Access Information
Just don't. Don't share it with a guildie. Don't share it with your best friend. Don't share it with your little brother. Yeah, they may be totally trustworthy, but do you know everyone else who has access to their computer? Do you know where they may have written that access info down? Do you 100% trust that every computer they use to access your account is secure? Nope, didn't think so.
5. Don't Access Your Account From Unsecure Computers
That campus computer lab? Your local internet cafe? Your neighbor's unsecured WiFi connection you're pirating? Yeah, all possible ways to get your account access info stolen. "Communal" type computers are certainly the most likely to have keyloggers/trojans/whatever on them, but any computer where you haven't scanned and set up the security yourself is a possible compromise point.
6. Don't Run Mods/Addons From Executables
Generally speaking, there's nothing wrong with and nothing to worry about regarding running "mods/addons" with your WoW. The problem is installing those mods from an executable. When you do so, you never know if it's also installing a keylogger/trojan/etc. A while back, Wowace.com (a well-respected addon site) had a couple of their executable-based addons get versions with keyloggers embedded uploaded to their site, which were subsequently downloaded by many users. So, it can happen even with big, well-known sites. Likewise, I personally advise against using things like the Curse program to install your addons. And installing the addons by hand is really easy anyway.
7. Don't Visit Shady Gold-Seller Sites
Those sites will almost 100% try and install keyloggers or spyware on your computer when you visit them. Especially don't visit using Internet Explorer. And, seriously, gold is so easy to get now with daily quests and such that you shouldn't even need to buy gold. You can make a super-easy 60+ gold a day just doing maybe 5 daily quests that take all of half an hour or so to complete. That should cover even a tank's repair bill for most nights! *grin*
Speaking of gold-selling sites... where do you think the gold you buy comes from? Think it still comes from hunters out botting in Azshara? 'Fraid not. These days, that gold comes from them compromising your accounts, stripping the characters of gold and mats, and then selling it back to you. So when you buy gold, you just support that.
Oh, and last but certainly not least, think of this: when you buy gold, you're giving your credit card information to an unknown, shady (almost-certainly) foreign company. Do you really think they'll only use your card information to charge you for the gold purchase?!
8. Don't Fall for Phishing Attempts
Receive an email from "Account Admin" saying you're trying to sell your account and you need to verify all the infomation (including password!!) or you'll be banned? Yeah, it's fake. Get a whisper from some shady-looking character in-game saying they're from Blizzard and you've been chosen to participate in a "trial" for a new mount? Don't go to that website and give the scammers all your info.
If you hear about something that seems a little fishy (or phishy...) or you've never heard of before, don't jump right in. Search for some info on it on Google or similar to see if anyone else is talking about it. Use common sense. Blizzard doesn't do things like "secret betas" or such where they whisper you in game; they post info on their website and you opt-in for a chance. If you get some offer that you're just not sure about and can't find info, ask me or ask Aquagoddess/Waric - we'll almost certainly be able to tell you if it's something legit.
Oh, and I know you read it on the loading screen tips, but it's worth repeating because it's true: A Blizzard employee will NEVER ask you for your password. I mean, why would they need to since they can access your account info without it...
9. Enable the WoW Launcher
On your WoW login screen, make sure that you have the "Show Launcher" checkbox checked. The Launcher program for WoW does some basic security checks when you start the game up, so it's a good idea to have it enabled.
10. Don't Use Internet Explorer
While Internet Explorer has certainly gotten much, much better than it used to be, it's still the most targetted browser out there for exploit attacks. Instead, I recommend that you use Firefox (http://www.mozilla.com/en-US/firefox/) as your browser.
Once you have Firefox installed, I'd recommend also installing the following addons for it:
Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) - Stop ads from displaying while you browse. Ads on websites are actually a common way to try and infect your computer.
Flashblock (https://addons.mozilla.org/en-US/firefox/addon/433) - With this on, flash apps (including Flash ads) will not automatically load when you visit a page. If you want to use the Flash item, simply click on it and you can use it normally.