A buddy of mine had an unfortunate bit of trouble recently. A guy started trolling him in game threating to hack him, throwing insults and so on. The guy was all fired up and pissed off about something and really laid into my buddy with some crappy language. Basically a douchebag, right? The buddy didn’t pay much attention and just hit /ignore. The problem, however, really started when he got an email about an hour later saying his World of Warcraft account had been tampered with. See what’s coming?
It was a set up. Big time. The guy in game threatens to hack his account. He then gets an email a while later from “Battle.net” stating that his account has been tampered with and to log in to change the password and so on. The buddy thinks, “Hey! It’s probably that guy who was trolling me in game messing with my account!” So, he goes in through the email and changes his password. And that’s where it hit the fan.
The email was, obviously, from the hacker and not Battle.net. Once the buddy logged in via that email the hacker had access to his account as he had his login and password. He’s not sure how the guy got his login email to begin with (anyone know?) but he got it somehow. So the buddy comes home a day or two later and logs in to find all of his toons are naked and broke. His bank has been wiped out – all the gold, all the gear, all the mats, pretty much anything of value. All his gear (except the BoA stuff) was stripped. Several level 80+ toons stripped bare. Sucks.
Now this buddy is a sharp dude and knew something might be weird here but everything looked dead to nuts legit. The worst part was it made sense…perfect setup. The email looked good, the sites looked good and all of that. But it was the emotional aspect that probably clouded the judgement. See, he thought it was a notification from Blizz/Battle.net of the punk kid messing with his account. And that’s exactly what this hacker kid was counting on.
Now, it’s not really much of a big deal beyond the hassle aspect. WoW will fix everything and he’ll get all his junk back but it’s a pain in the ass.
No matter what emails you get about anything in WoW: if you are asked to login don’t go via the email. Close the email out and go directly to Battle.net to login. If there is anything of importance on your account you’ll be able to see it there.
If someone threatens to hack you in game then /report them. At least this way, if you do encounter something like the above, maybe you’ll have something to use to get the guy. There will be some sort of record. Probably not but maybe.
If you get an email that is even a shade odd forward it on to Blizz asking if it’s legit or not. Here is the white paper on suspicious or phishing emails right from Blizz Support: How to Identify Fake or Phishing World of Warcraft Emails
Just because it looks like is from a legit email address (like firstname.lastname@example.org) does not mean that it’s real. Suspect everything is a phishing attack.
Here is a list of pages that were included in the actual “Sorry your account got hacked” email from Blizz the buddy got covering security, theft, hackers and such:
- Security Checklist:
- Types of Account Thefts:
- Account and Computer Security:
- What to do if the Account has been compromised:
- Account Security and Recovery FAQ:
- Email Address Security:
Go with your gut when it comes to this stuff!