I just wanted to do a little public service announcement.
I’ve been seeing a huge rise in the amount of email phishing for my World of Warcraft account lately. I figure it is because of the renewed interest in the game because of Cataclysm. With thousands, dare I say millions, of new players and many old players resubscribing it must be like phish in a barrel season for the email scammers.
The scary thing is that a lot of these emails are getting very sophisticated and seem to be the real thing. They tell you someone has accessed your account (plausible), and use link anchor text to disguise the real destination of the link so that it looks like Blizzard is sending the email. Hover over the link however, and you’ll see the real destination in the status bar. This is usually some long combination of words like blizzard-account-security-something-something.net (or the like) that will take you to a website that will install a keylogger on your system to steal your password.
As always there are a few things you can do.
- Never click on links in an email. This is the biggie and most important tip. Not doing this will prevent most security breaches. If you’re a World of Warcraft subscriber you already know the address, just type it in to the address bar on your browser.
- Get the authenticator. That adds another layer of security to the login process, and it’s a layer that cannot be intercepted by a keylogger for any useful purpose.
- Use a secure browser. That means, DO NOT use Internet Explorer. At least don’t use any version prior to and including version 8. I’ve heard version 9 is a complete revamp and addresses security better, so it may be okay. I use Firefox mostly, but am moving more and more towards Google’s Chrome browser as it has some decent site malware detection built in. I’ve been warned off a few sites by Chrome now. Very good.
- Never give your password to anyone. That way anyone can not give your password to anyone else. I’ve heard a few stories where guy gives little brother access to WoW and a few days later finds the account cleared after little brother gave the password to a guildie. It’s in Blizzard’s terms of service too.
Just a final note.
The funny thing about this latest influx of phishing emails is the email address to which they are directed. For a long long time it was easy to discount an email because it was directed at my Stropp’ s World email address, and that is not the address I use for the account. The username I used to use for my WoW account was odd too and wasn’t guessable from any ingame characters. But since Blizzard has forced all WoW subscribers to use Battle.net and the username for that is my email address, I’ve been getting phishing emails to that account.
Anyway, just follow the tips and you should be okay.