How To Void Getting Hacked in World of Warcraft

How does a  account become compromised?

Hackers will prey on your trust, naivety and innocence to discover your log-in credentials. Accounts become compromised when somebody discovers your log-in details (username & password) to the account.

Account Sharing

You share your account details with somebody you ""trust"". It's against Blizzard's Terms of Use to share your account details because it's so risky. Your friend could pass your log-in details to one of his friends, and so forth. Before you know it, everyone knows your account details. There is also no way of knowing if your friend has a secure computer; his computer might be infected by a Trojan/keylogger which means your account is then exposed. You might also fall out with your friend one day and he could decide to ""get even"" with you by stealing your gold and transferring to another realm.

Power Leveling Services

You buy a power level handing over your username & password to a complete stranger. Power leveling services are usually bought, with real money, through a website, which is just another scam to get your log-in details and hard earned cash. Once you hand over your payment, and divulge your log-in details, your account will be stripped of all valuables and the gold will be ""laundered"" through other hacked accounts (this gold is usually sold onto gold buyers). Finally, they will delete your characters, so they know when you have the account back, to do it all over again.

Account Buying, Selling and Trading

You buy, sell or trade your account. ""I will give you mine if you give me yours"", so to speak. Once you hand over your account details the account will most likely become compromised. The guy offering the trade might appear be really friendly and honest but you should not be drawn in by it. Remember, they prey on your innocence and trust. You may even buy a stolen account and it is likely the original owner will one day claim it back leaving you with nothing.

Fake Websites

You click a link to a fake website directing you to a website that resembles an official Blizzard/World of Warcraft site. Thinking it's real, you log into the page using your account details, which is when your username and password are emailed to a 3rd party. A typical fake website would be where you receive a whisper in-game saying you have won a free Blizzard mount but you need to visit an obscure site to get the code for it.

Infected Files

You download a file that contains a Trojan/keylogger. This means whenever you press a key on your keyboard, the keystrokes are automatically recorded and transmitted to a 3rd party.

""No problem. I will just retrieve my password!"", I hear you say. I'm afraid it's not that simple; If you are keylogged then you should expect the scammer has the ability to also log into to your email accounts (since he knows all usernames and passwords entered since the computer became infected). All he has to do is log into the World of Warcraft Account Management page, change the registered email on the account, and finally log into your email account to verify the email change. Now your account has a new registered email which you have no access to, rendering Password Retrievel useless.

Malicious Links

You see a weblink, usually posted on a forum, and you click it. The link sends you to a web page which has some kind of invisible script designed to infect your computer with a keylogger. This can be a real problem on popular forums, including the official World of Warcraft forums. Fortunately, the World of Warcraft forum moderation team are quick to remove malicious links. Beware of clicking links!

How Do I Secure My  Account?

Follow these simple steps and you can log into your  of Warcraft account with confidence.

Passwords - Common Sense

Use a strong, unique password for your  account. Make sure the password is different to any other passwords you might be using for your Facebook, Email, MSN accounts etc. Don't use simple words like ""dog"" and NEVER use your account name as a password!

Good password: &e5PSW:QtdH%#

Bad Password: hello

If you ever forget your password or need to change it you can do so by using the Password Retrieval service on the official WoW website. A new random password will be sent to the registered email on the account.

Blizzard Authenticator

The Blizzard Authenticator is a great way to secure your  account. It's a little device which you attach to your account through Account Management. Once attached, whenever you log into your  of Warcraft account, you will be asked for your username, password and a digitally generated code which you get by pressing the little button on the Blizzard Authenticator. Without that code you cannot log into your account. The cost of the Authenticator is $6.50/A�6.00 and you can buy it from the online Blizzard Store.

Update:

There is a free  Mobile Authenticator available for your iPhone.

Anti-Virus Software

You should have good anti-virus software installed on your computer. Anti-virus software protects against infected files that might contain a Trojan or keylogger. I personally use ESET NOD32 which has always done a good job but there are many good alternatives on the market. If you don't have the cash to invest in anti-virus software have a look at AVG Anti-Virus Free.

Once you have installed your new anti-virus software, and updated the virus definitions, go ahead and run a full system scan. You should also set the software to automatically run at least one full system scan per week (I prefer nightly), preferably when you know you will not be using your computer. Most anti-virus software have options to automate system scans; I have mine setup to run a full system scan every night at 04:00am.

Firefox and NoScript

I highly recommend switching from Microsoft Internet Explorer to Mozilla Firefox with the NoScript plugin. NoScript is a really cool plug-in that cuts the risk of being infected by a keylogger.

You may have been on a forum and seen someone posting a link to something that sounds really cool. You click the link and get keylogged instantly without actually knowing it. This is because hackers sometimes use hidden code, on web sites you visit, to infect your computer. NoScript is an extension, or add-on, for Fox which automatically blocks Javascript and Java from running. If you trust a website, you click the NoScript button and tell it to allow scripts either temporarily or permanently for that specific site. It's great.

Flashblock

Flashblock is another add-on for Firefox which blocks all Flash content until you specifically allow the content to be viewed. This is useful for avoiding potential risks with infected Flash content.

Malware

Anti-virus software is NOT enough. You also need to download and install good anti-malware software because even the best anti-virus can sometimes have problems detecting and removing threats. I highly recommend Malwarebytes' Anti-Malware and SUPERAntiSpyware. Both are free and do a very good job.

Security Checklist

Buy the Blizzard Authenticator.

Install anti-virus software and keep it updated - scan regularly.

Choose a complex password.

Install Firefox and NoScript.

Pick good password - complex and unique.

Don't Share your account with anyone.

Don't buy power levelling services.

Don't buy, sell or trade your account.

Check your browser status bar for masked links.

Use Windows Update regularly.

Install Flashblock for Firefox.

Install anti-malware software.

Don't click links right away. Think before you click.

Treat every Blizzard email, which requests personal information, as fake.

Double check you're on an official Blizzard website before entering any log-in details.

Make sure the log-in page is secure (https as opposed to http).