Friday, July 8, 2011

Don't Help the Gold Farmers

About 2 weeks ago, I posted that I thought my account was hacked. This happened after Blizzard publicly changed their security policy to no longer request the PIN on authenticators when they see people consistently logging in from a similar location.

Today, I'd like to point out a legitimate hack. Skimming through my top secret warlock email, (yeah, we all get those) I received a notification that my Blizz account info has been changed. Nefarious deeds definitely at work here. I bet it was those Mages; mad that we got sparkly soul harvest.
hello!

This is an automated notification regarding your Battle.net account. Some or all of your contact information was recently modified through the Account Management website. If you made recent account changes, please disregard this automatic notification.

If you did NOT make any changes to your account, we recommend you log in to Account Management review your account settings.Log in link below, fill in your account information and other relevant information.
http://us.battle(dot)account-riso(dot)net/blah/blah/blah

If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for further assistance. (snip)

I followed the URL to investigate and was presented with a Battle.Net website. The site has all the links buttons and wording that I am familiar with on the Blizzard sponsored page. Looks good. Well, sort of. When I look down at the localization for the site, down in the lower-right corner, I see that the localization says "International". Interesting. I like to think of myself as worldly, but International?

Let's investigate. How about the hover-over? Being a little curious at this time, I hover-over some of the links that are embedded in the site. When I put my mouse over the link for "Forgot Password", I am presented with a URL that matches my International side, but considering I am accessing the site from California, most wouldn't consider it exotic. I went to a "US.Battle" website, but I am redirected to an EU.battle.net resource for changing my password. Definitely fishy.

As a final straw, I open the site using the URL that I know and love. http://us.battle.net Once there, I see one more thing; the hacker did a really good job, but they missed the favicon. The site is using a blank page icon, where the official site has used the battle.net logo.


My point? Trust no-one. Don't click on links in emails, go to the website by hand. Look twice before you enter personal information into any website, including ones that look official. If you simply copy and paste the URL from the email, READ IT carefully. Looking closely at the URL, it references a non-Blizzard site. This website, very likely will not ask for a PIN, but by then they have your Real-ID username and account password. How long til they find a way to actually get your authenticator removed. Finally use an email solution with a good spam filter. This warlock uses GMail, it does a wonderful job of filtering out the sludge. (Also is a blogger's best friend as a free provider)

It's not news. Google claims to "Don't Be Evil", but still manages to get into a lot of trouble. Warlocks everywhere, protect yourself from those more practiced in shadow magic than yourself. You can ninja-loot from those mages and priests in-game, just don't let them return the favor outside the game. 

Armory Glitch today granted me
a title for a profession I don't have.


2 comments:

  1. But... but... why would you follow the links in those emails in the first place? It's obvious they're fakes.

    ReplyDelete
  2. As an email administrator by trade, I've seen a variant of everything. There is a reason these types of emails (and the hundreds of spam we get each day) are even sent, because they work on someone, sometime. It's more financially viable to send the spam/hack, than to not.

    Spammers and hackers play the numbers game; sending out millions of these email messages. For them a 1% success rate, is still 1,000s of people's account information. Hopefully a majority of these people have authenticators, but then again Blizzard's not putting them in every box of the game, so you know it's not 100% coverage.

    ReplyDelete

May Update (Kara's End, Questing and Mythic + dungeons).

We've completed Karazhan, multiple times over now. Last week, we managed to work on killing the 40 spiders for Clearing out the Cobwe...