Account Security and You (Yes, You)
Some players are dedicated to collecting sets of epic gear while others prefer to make a few quick coins in the auction house. No matter what style of play you prefer, we want to equip you with the tools and knowledge you need to protect yourself against account compromise. To help get you started, below you’ll find a series of tips and suggestions aimed at improving your account and computer security.
Since we’ve been encouraging account security awareness for quite a while now, you might have already run across some of this information on our Account Security Awareness page, in one of our support articles, or posted by your fellow players here on these forums. We want to make sure that as many players as possible have secure accounts, though, so we encourage you to take some time to read over this refresher, make sure your account is secure, and share these tips and resources with your friends and guildmates, too.
Security BasicsThere are a few cardinal "rules" for maintaining a secure Battle.net account. They're simple and straightforward, but they can help ensure that your account information doesn't get into the wrong hands.
- Never give out your account information.
Sharing account information with a family member, friend, guildmate or, worse, a stranger who's promising you a chance to "beta test a new mount" is an easy way to lose control of your account security and experience the tragedy of account compromise. Even if your goal is just to be helpful, allowing someone else to access your account can definitely put it at risk because you can’t control how that person will make use of your account information, or how secure their own system might be. - Be mindful of phishing scams.
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of emails or in-game messages that appear to be sent by Blizzard employees. Sometimes these messages encourage you to visit a malicious website, which might contain a web form, or even software that can steal your login information. In other cases, you may be asked to reply with your account name and password. While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.
Learn more about how to identify these kinds of scams here. - Don't use gold selling or power-leveling services.
Supporting these types of illicit services is not only against the Terms of Use, but it promotes botting, spamming, and other forms of exploitation -- as well as account theft. While the promise of gold stockpiles and effortless level-85s may be tempting, you could end up paying more than just cash for sharing your account information with these companies. (Also, that gold you're interested in buying? We've found that it is most commonly stolen from compromised accounts and turned around to be sold back to other players. Not cool.)
Going The Extra Mile
In addition to following the security basics, you'll also want to make sure your computer is protected against malicious programs known as "keyloggers." Keyloggers are pretty serious, and capable of gleaning information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your Clipboard.
The advice listed below will help you combat this type of security risk and maximize your computer's security.
- Grab an Authenticator. The Battle.net Authenticator and Mobile Authenticator are easy ways to add an additional level of security to your account. They work by providing a secure authentication code on command that's unique to your Battle.net account. After an Authenticator is associated with your Battle.net account, the authentication code will be necessary for each client and Account Management login, increasing your protection against account compromising attacks. (They also will provide your characters with an adorable Core Hound Pup companion.)
- Install antivirus and anti-spyware software. There are a number of programs that can help you identify and remove any viruses, Trojans, and/or keyloggers that may sneak onto your computer. If you're unsure of what software might be best for you, check out our support site for a list of recommendations.
Keep in mind that most antivirus and anti-spyware programs will periodically issue software updates to ensure that they're able to identify the latest malware threats, so be sure to install those updates before beginning any new system scans. - Keep your operating system up-to-date. If you're using Windows, you can check for the most current updates at any time by visiting the Microsoft Windows Update page, or by clicking Windows Update in the Start menu. If you're a Mac user, you can check for software updates at Apple.com; Apple security updates are also available here.
- Keep your browser and browser plug-ins up-to-date. As with your anti-malware software and computer operating system, you'll want to keep your web browser as up-to-date as possible. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter (detailed further below).
Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. A lot of plug-ins and applications will prompt you to update automatically, but it's still a good idea to check the distributor websites on occasion to make sure you're running the latest versions. - Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely.
Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the Tools menu. Additional information about popular phishing filters can also be found here:
What If...
While these steps will go a long way to keeping your account secure, if you are unfortunately affected by an account compromise, don't panic. Our in-game, billing, and technical support representatives will work with you to get your account and all associated data safely restored to you. Our Help! I got Hacked! guide goes into all the details, but rest assured that we've got your back (and your lewtz) should you need us.
Account security is incredibly important to us, and we hope that it’s important to you, too. If you have any additional security recommendations to add to this list, please feel free to share them in the comments!
Comments (18)
Grim Batol
Lightbringer
Silvermoon
Blade's Edge
Earthen Ring
* Quit posting videos and other art content as .EXE files in the official website. This teaches people to download and run .EXEs without thinking. Use sensible image and video formats.
* Remove the tooltip that says "You can download free programs to scan your PC" from the game. Random "free programs" are more likely than not to be malware. Consider endorsing certain security software providers.
* Teach people the difference between WoW addons (which work in a secure environment within WoW and cannot harm your computer) and other third-party programs such as addon installers/maintainers, log parsers, etc. The former cannot be malware. The latter... maybe.
* Advertise the official website locations: eu.battle.net or blizzard.com on the game login screen, and stick to these domains.
Genjuros
Nordrassil
Now if your talking about the authenticator: This is a option for people who want to walk that extra mile to keep the account safe, its not neccecary, but it works. Of corse it costs money for the authenticator, it costs money to make it and ship it, doesn't it? It also comes free to any smartphone.
You don't have to spend additional money to keep your account safe, just be carefull about what you click. Its simple as that! So please dont complain about spending money on this game, that you already had to spend in the first place when you bought a computer.
-Worship, Nordrassil EU
Genjuros
Terenas
Other than that, Anti-virus program's like Northon or such as, are very overated imo. I have seen countless computers passing by with updated Anti-virusses and still these computers contain a lot of virusses. How free of virusses you'r computer is also depents on how you use internet, if you know what to click, or what to download it can help a butload as well.
I for instance never had a anti-virus on my PC, I do check regurarly for malware and or virusses but never even found one.
But that is because I know that a mp3 download wich is 500kb in size, contains a virus 9 out of 10 times, because a mp3 can never be only 500kb large.
Ghostlands
Many seem to forget, if you have a keylogger or a virus then WoW is not the only thing they might have acces to. Think about who else might be using the computer you play on or on which websites you logged in lately. Those who gave you the keylogger might got every of those passwords.
The next thing you should think about is: are you in a network with other computers? Did you trade any data with others while infected? Because they could get a virus too if you traded anything.
So first thing you should do, after you found out your WoW account is comromised is, take you computer off the internet. Take out your cabel or disable your w-lan. Why? Because the first thing you would do is log on your e-mail to get your account back and you dont want those guys to have your e-mail password too, do you?
So, first thing out of the internet. This way they cant get any new passwords.
Then clean your computer and then you can start and change every password for everything they might have got. And dont forget that you might have logged into online banking or something too and to inform everyone that might have logged into something from your computer too.
After you cleaned everything and changed your passwords, then you can start the procces to inform blizz and get your account back. Any moment too soon might give them new chances to get your passwords again.
My mother got a phishing mail one time and clicked the link and got a virus and because this e-mail was from e-bay and said she bought some very expansive stuff she wanted to log into online banking and in that very moment my father did kick her out of the internrt because those passwords were what those guys wanted. Because this happened, dont log into anything til your computer is clean again. Those guys know what you would do next to get your account back and then they get many other passwords.
Last thing, you might notice some errors and thats because english isnt my first languarge.^^ So every mistake you find you can keep.^^
Vashj
Keeping your computer 100% patched, together with an also updated Anti-Virus program and a Firewall is the best way to keep your system free of virusses/malware.
[quote]The Secunia PSI is aFREE security tool designed to detectvulnerable andout-dated programs and plug-ins which expose your PC to attacks.[/quote]
http://secunia.com/vulnerability_scanning/personal/
Terenas
Chamber of Aspects
Frostwhisper
Frostwhisper
Emeriss
i always get "cannot ship to this address" (Romania). i;ve asked other romanian friends, they cannot buy it either.
Silvermoon
http://mobile.blizzard.com/shared/blizzard_download.php
Bronze Dragonflight
Hey,
try to find it in Amazon or E-bay. i got mmine from there.