Hacks and How To Avoid Them, Part TwoApr 17th, 2009 at 11:14 AM by Tamat

Whichever MMO you play, you'll eventually see players complaining they have been hacked. It happens more often than you might think. Keep reading for advice to prevent this from happening to you.

In the first part of this article, I described how players' accounts can be stolen through the use of keyloggers, phishing scams or by simply asking for passwords in-game. In the second and final part, I'll be taking a look at three more ways that MMO accounts are stolen: through insecure passwords, buying gold or being taken by a friend.

Insecure Passwords
If you have a poor password, you put yourself at risk of someone guessing it or being a victim of a "brute force" attack, where an automated system attempts to guess your account's password. However, even strong passwords can put you at risk if you use them in more than one place. Corrupt forum administrators have been known to try their users login details in MMOs in the past, stealing their accounts if the login details match up. Some websites that require you to set up accounts with them could also be subject to a similar attack. However, it's not just your game account that's at risk from this type of hack - email accounts can also be stolen if they're web-based (i.e. with Hotmail, Google or a similar provider). This can be even more dangerous than your game account being stolen, as once someone gets into your email, they have access to all the information stored in your inbox and your "sent messages" folder. In other words, they could be able to see what type of accounts you have (and not just game accounts, but online banking accounts too) and use your stolen email address in order to reset or change their passwords. If this happens, you've not just lost one account - you stand a chance of losing EVERY account you have access to online.


Game accounts aren't the only things at risk of being hacked.

The first method you can use to avoid such attacks is to have a strong password, containing lower-case letters, upper-case letters and numbers. These passwords are the most difficult to guess, so are safer than using simpler passwords. Also, don't choose a password that someone who knows you may be able to guess, or some of the more commonly used passwords out there. These include names of sports teams, people's names and number sequences (e.g. "123456"), as well as "letmein", "password", "qwerty" and "monkey". If you're using a password like this, I'd recommend changing it straight away. Secondly, never use the same password in more than one place. It may be a pain having to remember multiple passwords, but doing so will help keep your accounts secure or at least minimise the damage if one of them is stolen.

Buying Gold
Before I get into this subject properly, I'd recommend that everyone reads Guild Wars' policy on gold sellers, as the information contained there is good and applicable to most MMOs. The fact of the matter is that gold sellers' gold doesn't just come from using bots, it also comes from stolen game accounts. Keyloggers and phishing attacks often come from the gold sellers themselves, or if not directly from them, then from their suppliers. However, this isn't the focus of what I'll be talking about here: the fact of the matter is that if you buy from a gold seller, you set yourself up to have your account stolen by them at a later date.

Many gold sellers want high-value accounts to steal from, and if you've purchased from them in the past there's a good chance there's still a large amount of money - or items that can be SOLD for large amounts of money - on your account. The gold sellers will then be able to target your account for a hacking attempt, either by sending phishing emails to your email address or by knowing your character name and/or login details. If you've previously given a gold seller your password and haven't changed it since they transferred the money onto your account, you might as well be asking them to steal from you. Gold sellers can get away with targeting their old customers because it's not always obvious to players WHO has stolen their accounts. As a result, some people may fall into the trap of buying back their own stolen gold , in order to replace what was taken by the gold sellers.


Spamming isn't the only thing that gold sellers are responsible for...

The way to avoid being targeted by gold sellers in this way is simple: DON'T BUY GOLD. If you have bought gold in the past, you're at risk of them coming after your account. I'm loathe to give advice to people who've bought gold online (as I know where much of it comes from), but I have to accept that many won't have known its true source. First, if you've previously given a gold seller your password, change it immediately. You should also change the password on ANY OTHER accounts you have that use the same one. This includes your accounts on other games, as well as your email address and any other online accounts that the gold sellers may be able to identify as yours. Second, remain on the alert for phishing emails or messages directing you to sites containing keyloggers (see Part 1 of this article) or other infected files. The gold sellers will probably have your email address on file, so they'll be able to go after you time after time with this type of scam. Finally, consider changing the email address listed on your game account. You should be able to avoid some of the attacks on your previous email address by doing this and discard any emails about MMOs sent to them as being from hackers.

Stolen by a "Friend"
It's common practice in some guilds for members to know each other's passwords. This is more common in high-end guilds, where highly-geared characters may be needed in order to complete instances or participate in other types of raid. However, giving your password to someone else so they can use your character is a bad idea. Someone may be your friend now, but there's no guarantee that they'll remain that way forever. One day, a member of the guild could decide to log into your account and strip it of anything of value, either maliciously deleting everything or transferring the contents to their own account. It's not just online friends that this can happen to though - people you know in real life may do the same thing. Real-life friendships and relationships can also go sour and things can get ugly when they do. As tempting as it may be to let your friends, family or boy/girlfriend play on your account, what happens if the relationship goes bad? It's not uncommon for people to take revenge should something like this happen, and sometimes that revenge means destroying the MMO characters someone's worked so hard to build up. Having your account stripped down or stolen isn't the only problem you could face though - password sharing could result in your account being sold on an online auction site. After all, how is the buyer going to know they're not purchasing it from the original owner?


Stealing someone's account is a criminal offence.

The way to stop any of this from happening is simple - never give your password to anyone you know, no matter how close they are to you. It's better to mildly annoy someone at how careful you are than it is to lose years of progress across all your characters. Also, don't assume that this couldn't happen to you, as that's what everyone else thought before it happened to them. If you've ever given your login details to someone, change your password now, before someone else does it for you.

General Tips
I'd like to finish by giving some general account security tips which don't fit under any of the headings above, or in the first part of this article:

  • Don't log in from insecure PCs. Your PC at home may be well-protected from keyloggers and the like, but what about those belonging to your friends and family? Similarly, PCs in LAN centres and internet cafes may not be as well protected as your own, so if you have to log into your email address or anything else from them, be sure to change your password once you get home.
  • Don't save game account details in your email account. If someone gains access to your email address, the less information they have access to the better.
  • Read the forums for warnings phishing scam warnings. Official forums often contain warnings from the game's publishers about ongoing scams, to help protect their users.
  • Check for game-specific security tips. Official websites and forums often give advice on how to make sure your account remains secure. Make sure to read and act on this advice, as it could prove useful.
  • Hold onto your game boxes and serial codes. If your account is stolen, some publishers will ask you for the serial code entered when first signing up for the account. This is done so that they can be sure they're talking to the account's real owner. If you've bought a boxed copy of the game, this is something the hacker should not have access to. Providing this code to the GMs should help you get your account back.
  • If you get hacked, check the official forums for advice. Most MMO companies have "stickied" threads on their forums giving details on what to do if your account gets hacked. You'll need to follow these to the letter if you want to get your account back quickly and with a minimum of fuss.
  • Find out how to identify GMs in-game. Members of staff usually have something special to identify them in MMOs, such as a "GM" tag in front of their names or their messages looking different to other players'. Finding out how to recognise a GM should help you avoid being tricked by an impersonator.

That's about it from me, but if anyone else has tips on how avoid being hacked, please feel free to add them below. The more information we have to protect ourselves against hackers, the better.

SAM "azerian" Maxted
Editor
ZAM.com

Tags: Editorial, EverQuest, EverQuestII, WarhammerOnline, WorldofWarcraft

Comments

Post Comment
Buying Gold
QuoteReply
# Apr 19 2009 at 10:24 PM Rating: Decent
__DEL__1592341333323
2 posts
with the amount of high end accounts which are hacked, most gold probably does come from high end players but I would venture not voluntarily. My account was hacked, through sales & gold in guild bank etc the gold seller netted close to 20,ooo - this was after my husband mitigated our damage by removing as much as poss from the gb prior to being gkicked. In addition my character name was changed & used to sell gold. After a few days my characters were transferred to different realms where they were sold - again netting a considerable amount of real money.

I also think there is one security risk which you have left out & that is employees of the company themselves. The email address which was used on my wow account was set up specifically for that purpose and had never been used at any other website. My computer was tested and shown to be free of keyloggers. I have no friends who play wow and therefore have not shared my account information with anyone other than my husband who has a memory like a sieve for passwords etc & was sat in the same room as me while I was being hacked. I had no emails in my email account to indicate I subscribed to wow. It seems pretty far fetched to me that someone randomly chose that email address and hoped I had an account with wow!
▲ Page top
Rationalizing wrong doing
QuoteReply
# Apr 18 2009 at 4:11 AM Rating: Decent
__DEL__1592778171117
34 posts
I agree with Tamat and Azerian. I find it pretty hard to believe that most gold comes from end game players selling it to them. Why would they risk getting caught and banned if they are such established players? For most this is probably their "life" and I can't see them risking that, but nyeh, who knows. I wonder if some of the people who defend gold sellers or suggest "legalizing" gold selling are just the gold buyers justifying their actions. Gold buying would give wealthy people an unfair advantage in the game and that is not something that Blizzard is going to take on or want to defend. There may be some wealthy people out there that feel entitled to this option since so much of the world caters to that kind of thing, but this is a privately owned game and the owners have already set the rules. In order to play you must agree to the user agreement which clearly states that buying and selling gold is not allowed. Anyone who is, is breaking the user agreement and should lose the privilege to play the game. It's simple really. Blizzards' game - they make the rules - if you don't follow them - you don't play. The only time it gets complicated with when people try to create an unfair advantage and want to break the rules. I have a hard time seeing how they can defend their points of view once they drop their attitudes of entitlement and face the fact that they are breaking a legally binding agreement they have made. Stop buying gold! And if there are players out there selling it to the gold buyers, please stop.
▲ Page top
Rationalizing wrong doing
QuoteReply
# Apr 18 2009 at 5:04 PM Rating: Good
__DEL__1595780842228
Sage
*
52 posts
Quote:
I agree with Tamat and Azerian.

I wrote the article - Tamat just posted it for me :)
▲ Page top
Gold sellers are the problem?
QuoteReply
# Apr 17 2009 at 1:08 PM Rating: Decent
__DEL__1591956877221
4 posts
/agree with Pwyff, Gold Sellers often Do buy their gold from the End content players who rack in massive amounts of gold with Maxed Proffessions and Dailies. And they do often do quintboxing and farm ridiculous ammounts of special items that they end up hocking cheap.

All Bliz can do is Either 'Legalize' Gold selling and regulate it themselves, or just suck it up.

nut I do agree with Pwyff, Gold Sellers are hardly the Reasoning for Hacking. Often it's revenge, or just to ninja Guilds or ***** up someones standing on the guild. its a personal reason, not a company with a more than ample supply of willing gold selling Players.

THough I do like the Little Tut here. Its just like Ingame Ninjaing of raids: If your not a complete naive Idiot, Its not gonna happen to you... there are preventative measures for it.
▲ Page top
Gold
QuoteReply
# Apr 17 2009 at 12:25 PM Rating: Excellent
__DEL__1661127503627
View User Forum
Guru
*
108 posts
These days Gold sellers meet up with the individual to do face to face trades - or if necessary, they'll risk sending it in the mail (although it is certainly riskier). The thing is, the Gold industry makes a lot of their Gold from BUYING it from other players, or farming it themselves. While phishing for accounts does contribute, as people get more internet savvy, the gold generated from stealing accounts is probably going down.

First, there are the incredibly successful players who sell gold for cash - this is especially true in games like World of Warcraft and Final Fantasy XI, where players who have high levels can reliably earn millions of gold that they ultimately have no use for. In the end, they sell this excess of gold to other players, or they sell in bulk to gold selling websites for a discounted price. The websites then resell that gold to other players for an inflated price.

Second, gold selling websites will also often employ bots and employees to farm up the big name items to sell on the market. Games like Final Fantasy XI have combatted this by making the rare items bind on pickup, but Gold sellers have circumvented this with Fishing bots and forming 5-man farming teams that slaughter monsters for items.

This is the real problem with gold sellers - if an ordinary person can spare a few hours a day to make some money, a team of dedicated gold sellers can duplicate this exponentially. In a real world situation, people can argue that third world clothing is 'inferior' to more expensive clothing made in Canada or the USA. In a cyber-world, however, goods have no real 'grade,' they are simply goods. As well, gold is gold, and as a result, anybody can earn it, and their gold is as good as anyone elses.

Welcome to the theory of cheap labour.
▲ Page top
buying gold
QuoteReply
# Apr 17 2009 at 11:31 AM Rating: Decent
__DEL__1594572389657
10 posts
Quote:
I'm loathe to give advice to people who've bought gold online (as I know where much of it comes from), but I have to accept that many won't have known its true source.



So, where does it come from? Not that I've bought platinum, but with the amount of spammers in game, (and as broke as I am with the price of augment distillers), I've certainly been tempted.


▲ Page top
buying gold
QuoteReply
# Apr 17 2009 at 1:37 PM Rating: Good
__DEL__1595780842228
Sage
*
52 posts
Quote:
So, where does it come from?

It comes from a variety of sources, the most damaging of which is stolen game accounts. I'm not sure I agree with Pwyff's opinion that the problem may be getting better, as around a year ago (give or take) the waiting time to get hacked European WoW accounts investigated was up to six weeks.

I understand the queue's back to normal now, but given that Blizzard mentioned an increase in spoof emails just four days ago, I don't think the issue will be going away any time soon.
▲ Page top
Post Comment

Free account required to post

You must log in or create an account to post messages.
© 2024 Fanbyte LLC