10 Tips To Keep Your WoW Account Secure

[Ammanna]

Introduction

Ever since WoW was released, there have been those who would wish to steal your account information, allowing them to log into your account and steal your virtual currency and/or items. Indeed, this threat has existed long before WoW existed and was targeted at other online games. This form of cyber crime is becoming more common as online MMO games such as WoW become more successful.
How do you keep your account safe? What methods do these tricksters use to steal your information? I hope to list some things to look out for, and best practices? to follow to help answer these questions.

Tip #10: Check that URL!

Only ever log into an official Blizzard website with your WoW/Battle.net account. Other illegitimate sites may try to steal your account information. Always look at how the domain part of the web address ends. (The bit just before the .com or. co.uk etc) Also be careful of any cleaver letter substitutions, like 0s instead of Os or similar.

A few examples of Blizzard websites include:

• -Blizzard.com
• -Diablo3.com
• -Worldofwarcraft.com
• -Wow-europe.com

Tip #9: Is this e-mail for real?

A common way of fraudsters getting your account information is to send you a legit looking e-mail that attempts to get you to visit a website that will then ask you for account information in order to show you then content of the site. This might be an Offer of a new service, a beta invite, a preview of something, a fee in game item/pet/whatever. Most of the time, these sorts of e-mails will be fakes. The account info you enter is recorded for the website administrator to steal your account, or to sell to someone else to do the same.
Real or Fake?




If Blizzard begins a beta, they will announce it on their own site and possibly on the WoW launcher. Blizzard would also announce any previews or free items etc. Always check the Blizzard/WoW website first to see if this is something Blizzard are doing. Then also check the website the e-mail takes you to; to make sure it?s owned by Blizzard. If possible, type the address your self rather than using any links provided in the e-mail, that way you know the address is not a forgery.

Tip #8: Who owns this website?

I?ve talked in the tips so far about checking if a website is the real thing. Well, what if you?re looking at the web address but your not sure? Well help is at hand. All websites are required to submit information to the registrar about who the person/company is who will own the website. This information can be hidden from the public, but Blizzard chooses not to. You can use a tool called WhoIs and it can be found at whois.domaintools.com. You type the address of the website you want to check, and it displays contact information about the owner of the site.


Tip #7: Keep your PC clear of key loggers

A key logger is a form of malware that is designed to record your login information (or any other sort of info) and send this back to its creator. This means that if your computer is infected with a key logger, your account information could be stolen, just by logging into WoW.
If you suspect your PC could be infected with a key logger, or you would like to check anyway, there are a number of tools available to help you. A list of common free tools include:

Name	Website
Malware Bytes	malwarebytes.org
Spybot Search & Destroy	safer-networking.org
Ad-aware	lavasoft.com
Trend Micro Housecall	housecall.trendmicro.com
Symantec security check	security.symantec.com
Sophos Threat Detection	sophos.com/products/free-tools
NOD32 ESET Online scanner	eset.com/onlinescan

Note: The above is a list of malware removal tools or online scans. None of these are a replacement for a fully-fledged antivirus and/or firewall product.

Tip #6: Extra browser security software

There are many Warcraft related websites, most of them perfectly legit. But due to the nature of the Internet, it?s inevitable that some sites are going to pop up that are out to steal your login details. It could take the form of a WoW database like website similar to Wowhead, a WoW news site, a WoW movie/machinema site or something else. It?s possible that a malicious website of this sort may attempt to use unfixed bugs in your browser or operating system to get some kind of malware such as a key logger onto your computer to steal your account information. This method means that the website could show you when you are expecting to see, while silently installing something like a key logger in the background.

So how do you prevent a website from exploiting faults in your browser when you may not even be aware they exist yet? Well the answer is that you can?t ever be 100% safe, but you can help to minimize the risk. Internet explorer and Firefox both have the ability to use browser add-ons. This is something that provides extra functionality to the browser. Add-ons you are likely already familiar with include Adobe flash player or Java. Add-ons also exist that can help provide extra security to your browsing.

Two of the most popular are add-ons for Firefox called Noscript and AdBlockPlus
Noscript is an add-on that places a small symbol in the bottom right of your Firefox window. When you visit a website, anything that uses any kind of script or cross-site content (e.g. if your visiting example.com some advert on the site may come from adverts.com) is blocked. Clicking on the Noscript symbol in the bottom right lets you choose both if you wish to allow scripts from the site you are visiting and also if you want content from other sites to be displayed. The reason this add-on is so useful from a security stand point is that a lot of exploits involve JavaScript and/or injecting code that comes from another place, other than the site you are visiting. With this add-on, you can see these actions before they happen, so you can choose if it gets allowed or not.
AdBlockPlus is an add-on for Firefox that does what it says on the tin ? blocks ads. It doesn?t break the webpage, and is cleaver to create blank spaces where the ads would have been, encase the layout of the webpage in question depends on their presence. The end result is you see the same page but just with the ads missing. Now, this add-on isn?t really designed for security reasons, it just happens to be a side effect.
How this helps you, is in no way as big an effect as Noscript. In fact users of Noscript will probably find they are already protects against anything this helps against. The only possible security it provides is that because it blocks ads, if an ad happens to be a malicious ad, designed to exploit a browser flaw, it gets blocked along with everything else.

Now, AdBlockPlus is a double-edged sword, because you may want to block all ads anyway, regardless of security concerns, but website owners may loose ad related income because of it. I would only suggest that you bear this in mind, and if you use a site regularly and it?s a non profit hobby based site that you know you can trust security wise, with a reputable ad serving partner, that you consider permitting it?s ad content via the AdBlockPlus options.

Tip #5: Know what?s running on your computer

How do you know if your computer is doing something you don?t want it to? You may suspect something is amiss, but how do you attempt to confirm it? To help you with this, I would recommend that you familiarize your self with what is shown in your windows task manager.
Open your task manager now by pressing Ctrl+ALT+Del together (then choose ?start task manager? on Vista/Win7) and you will see something like the picture below.

Now, don?t worry too much about what each of the things in the list means, but instead attempt to familiarize yourself with what is currently on the list, while your PC is in working order. (Write or note them down if you like) Make sure to look on both the Processors and Services list (XP users need to go to START > RUN > ?Services.msc? > OK, to see the services list) The idea being, if you later suspect problems, you can look again at the list and being more familiar with what is supposed to be there will help you spot suspected problems.
If you don?t know what something is, you can always perform a Google search for it to help you find out. If you search for something and get lots of search results for virus and spy-ware problems, then you have probably found such an item for example.


Tip #4: Your Usernames and Passwords

So, you have a username and password to log into your PC at work/college/university/school, you have a username and password to log into some programs you use at one of the above places, you have a house alarm code maybe, you have multiple usernames and passwords for instant, messaging services like MSN/windows Live, for all the different online forums you have an account on, for all the online games you play, and for online gaming platforms like steam or similar. Got an account on Amazon or at your favorite computer eTailer? You can see the the number of usernames and passwords people have to remember can be very large.

How do you remember all those usernames and passwords?
After a quick mental count, I probably have about 30 username password combinations for things I regularly use. The temptation arises in cases like this, to use the same username/password for multiple things. If you are not careful, this can compromise your Battlenet/WoW account.
Clearly, the most obvious example is to visit buymygolds.com or whatever and to be required to sign up then go and do something stupid like using the same combination as your wow account. You wouldn?t be that stupid right? Maybe not, but it could happen in other ways. Is someone looking over your shoulder while at work? Name of a favorite pet everyone at the office knows about? Brother/sister use the same PC as you and you forgot to log out of something that could show a password? Lots of different reasons why a username or password you use could be discovered, and the best thing you can do is to make sure every user/password you use is unique. This is a tip that is as much about minimizing damage as preventing it.

?But, I can?t remember them all then!? Well 2 ways of dealing with this problem, or perhaps you could call it 3. The first one is to use something to remember usernames and passwords for you. Several pieces of software exist to do this.

Internet explorer from Microsoft can remember them, but only for web pages that you visit. And it only extends to the one PC. (You can import this sort of thing from one PC to another, but that is beyond the scope of this article) If you use a copy of the recent Norton range of products from Symantec, they have a component called ?Identity Safe? that will do this. Mac OS X has a feature called ?Keychain?, that can be stored on a removable device like a memory stick for safekeeping.

Tip #3: Browser Add-ons

Many methords cyber criminals use to get malware onto your computer don't actualy involve exploiting flaws in your browser it's self, but rather, in addons that are commonly used with them. Heard of Adobe Flash player? That's a browser add-on. Adobe Reader, while being a seperate program that is run outside a browser, also includes a browser add-on. The previously mentioned NoScript add-on for firefox actualy blocks flash content from being loaded unless specificly allowed.

Consider if you really need a browser add-on, and even if you do, consider disabling it while you dont need it. To disable a browser add-on:

Internet Explorer:
Tools > Manage Add-ons >Enable or Disable browser addons

Firefox:
Tools > Add-ons

Tip #2: Virtualisation

This is a more advanced concept, but is one of the best methords of security you can use. The idea, is that you use a sort of virtual machine, or emulator, to run a 2nd operating system on your computer. You can read more about virtualisation in general on Wikipedia here


There are paid for tools for doing this, but a free one, called Virtual Box, is available from Sun Microsystems website here:

http://www.virtualbox.org/

Once you have downloaded and installed it, you have to create a new virtual machine, then specify a virtual hard disk (really just a file on your computer) an dfinaly specify a operating system and the CD or drive where the instalation is located to install it. There is a built in wizard in the software for doing all this. You dont need to go a buy a 2nd copy of windows to install, infact that's probably a bad idea. To take advantage of this as a extra layer of security, a virtual machine running a popular linux discrubution such as Ubuntu is ideal, as it's immune to all the windows based malware that exists.

Once you have your new virtual machine up and running, you can use it's browser and visit pages, and be sure that you cannot be infacted by any windows malware, making it ideal for doing things like logging into your WoW account management pages or similar sensertive sites.

Tip #1: Buy a Blizzard Authenticator!

Really, they are dirty cheap, and last time I checked were offered with free shipping.

They work by making you enter a 2nd password-like code, that only works once, whenever you log into your account. The code is generated by the authenticator, and you even get a free in game pet for associating one with your account!