Register
Results 1 to 10 of 10
  1. #1
    Sinshroud's Avatar
    Posts
    2,681
    Reputation
    260
    Tagged in
    1060 Posts
    Add to this user's reputation

    [Account Security] Protip: Never receive scam or spam email again

    I think one of the biggest frustrations in today’s modern world when it comes to the use of email – whether you use it for corporate business or to keep in touch with friends and family – is any sort of spam email, scamming email or otherwise fake and malicious email.

    World of Warcraft players are especially targeted when it comes to this sort of thing, mainly by spoofing emails to try and impersonate Blizzard. Account security has become so big that using a Blizzard Authenticator to generate a second password for your account is becoming the norm (and in some cases requirement with Blizzard giving the option to Guild Leaders to make it compulsory to have an Authenticator if you want to get promoted to certain guild rank).


    You always hear people going on about, don’t open the email until you have virus scanned it, don’t follow any direct links from that email, don’t believe anything it says straight away etc. But why go through all of that hassle each time when you could completely avoid it?

    • Step 1: Go to gmail or yahoo or which ever is your favorite free email provider – make sure it is well known and secure however.

    • Step 2: Create a NEW account and name it something simple, identifiable but also not predictable. I usually include the word “wow” in my username so that I can identify that this email account is used for my wow account (if you like me and use 4-6 different email accounts daily).

    • Step 3: Change your Battle.net email address to the one you just created in step 2.

    • Step 4: NEVER enter this email address in anywhere other than Battle.net, Gmail.com (or your email host) and World of Warcraft game client.


    This way it is pretty much impossible for you to EVER be sent an unwanted email unless you have a keylogger installed on your computer. And if that’s the case it’s already far too late for you to be worrying about trivial spam.
    I know that when my Windows Mail tells me that I have a mail message in my World of Warcraft email account, that it IS actually from Blizzard.

    Don’t get me wrong, I would still recommend never following direct links from emails, always scan your incoming email first, check for spoofed links, as well as making use of a Blizzard Authenticator.
    If someone makes a helpful post or useful thread, be sure to let them know by giving +reputation. Spread the love!

    If you are new to gold making, or want to expand your markets for greater profits, then consider becoming an Ethereal Contributor to gain access to additional guidance on gold making, as well as our private dedicated help and support forum.

    >> WoW Account Maximum Security Guide <<

    "If you spend too much time thinking about a thing, you'll never get it done." - Bruce Lee

  2. #2
    Mugsley's Avatar
    Posts
    649
    Reputation
    13
    Tagged in
    29 Posts
    Add to this user's reputation
    I did this about 6 months ago. It is probably the single best thing I did for account security. That account is only ever used for WoW and nothing else, and - yes - it never receives spam! (Gmail account btw)
    Co-host of Auction House Junkies! (podcast retired)
    Follow me on Twitter! @msherretz

  3. #3
    I too, did this last time I got hacked since they required me to change my email, but then again I also bought an Authenticator back then. I've felt safe ever since.
    Every friday I post some statistics on what/how much I've sold the last week; MySales Weekly Statistics
    Are you prepared to supply those pets in 4.1.0? Check out my full list of sellable pets, and their rarity
    If you wonder how you can optimize your goldmaking with addons, look no further!

  4. #4
    Faid's Avatar
    Posts
    290
    Reputation
    70
    Tagged in
    179 Posts
    Add to this user's reputation
    I never received spam e-mails before, but I did create a "WoW only" e-mail when I started blogging; I didn't want the same e-mail address on my B.net account to be the one I used to register for my blog as that was just asking for trouble, so I chose a brand new username I'd never used anywhere else and am feeling a lot more secure. =D

  5. #5
    Cold's Avatar
    Posts
    156
    Reputation
    16
    Tagged in
    9 Posts
    Add to this user's reputation
    One thing I've always wondered is this.

    I always click "Mark as Phishing Scam" (hotmail lingo) when I get these fake blizzard emails. Now they always go to my junk folder instead of my inbox, but does reporting these phishing emails actually do any good?

  6. #6
    Sinshroud's Avatar
    Posts
    2,681
    Reputation
    260
    Tagged in
    1060 Posts
    Add to this user's reputation
    Quote Originally Posted by Cold View Post
    One thing I've always wondered is this.

    I always click "Mark as Phishing Scam" (hotmail lingo) when I get these fake blizzard emails. Now they always go to my junk folder instead of my inbox, but does reporting these phishing emails actually do any good?
    It's normally extremely hard to crack down on phishing and scam email senders. A lot of the time the senders use something called a Botnet which is the mass control of hacked/compromised computers to do dirty work.

    Quote Originally Posted by Wikipedia
    A botnet is a collection of infected computers or bots that have been taken over by hackers (also known as bot herders) and are used to perform malicious tasks or functions.
    While the term "botnet" can be used to refer to any group of bots, such as IRC bots, this word is generally used to refer to a collection of compromised computers (called zombie computers) running software, usually installed via drive-by downloads exploiting web browser vulnerabilities, worms, Trojan horses, or backdoors, under a common command-and-control infrastructure.
    A botnet's originator (aka "bot herder" or "bot master") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.
    Types of attacks:

    Quote Originally Posted by Wikipedia
    • Denial-of-service attacks where multiple systems autonomously access a single Internet system or service in a way that appears legitimate, but much more frequently than normal use and cause the system to become busy.
    • Adware exists to advertise some commercial entity actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another content provider.
    • Spyware is software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market. Compromised machines that are located within a corporate network can be worth more to the bot herder, as they can often gain access to confidential information held within that company. There have been several targeted attacks on large corporations with the aim of stealing sensitive information, one such example is the Aurora botnet.[14]
    • E-mail spam are e-mail messages disguised as messages from people, but are either advertising, annoying, or malicious in nature.
    • Click fraud is the user's computer visiting websites without the user's awareness to create false web traffic for the purpose of personal or commercial gain.
    • Access number replacements are where the botnet operator replaces the access numbers of a group of dial-up bots to that of a victim's phone number. Given enough bots partake in this attack, the victim is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers (land line, cell phone, etc.).
    • Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

    @Faid, BTW I have quite a good post lined up for you guys about Blog Security and some of the simple vulnerabilities that most don't know about.
    If someone makes a helpful post or useful thread, be sure to let them know by giving +reputation. Spread the love!

    If you are new to gold making, or want to expand your markets for greater profits, then consider becoming an Ethereal Contributor to gain access to additional guidance on gold making, as well as our private dedicated help and support forum.

    >> WoW Account Maximum Security Guide <<

    "If you spend too much time thinking about a thing, you'll never get it done." - Bruce Lee

  7. #7
    I used to believe this method worked.

    I maintain 2 Battlenet accounts, one attached to a pre-existing e-mail, the other attached to an e-mail created specifically for that purpose (and never used for anything else.)

    For a few months, only the first one recieved phishing spam. But at this point in time, both recieve about the same amount of it.

    It led me to conclude that at some point in time, Blizz or Activision or some subsiduary has chosen to share user data with some third party partner who in turn wound up selling the list to those with nafarious purposes.

    (adjusts tinfoil hat)
    Author of "T'was the Night Before Glyphmas" Yes...~I~ came up with the name "Glyphmas".
    http://stormspire.net/off-topic/1876...tml#post165195

    2k-02/2009 Goldcap-06/2009 1000k-Dec 22, 2009

  8. #8
    Sinshroud's Avatar
    Posts
    2,681
    Reputation
    260
    Tagged in
    1060 Posts
    Add to this user's reputation
    I highly highly highly doubt Blizzard or Activision ever sold or leaked email addresses. There are other companies out there who are continuously looking for this kind of flaw in other companies so that they can announce it and gain competitive advantages.

    I can think of many different ways that you could still have gotten your email published whether you liked it or not.
    • RealID - more people you have on realID, the more people who actually know your email address. Those friends might add your RealID as a mail recipient contact in their email program, therefore if they are compromised your details can be too.
    • Keylogging
    • Malicious web content. It can be as simple as you visiting a site which has been compromised and has a malicious advert inserted on it. It then infects your browser and the next time that you login to battlenet on the web, your details are exposed as well. Keep in mind most of these malicious browser injections aren't targeted towards wow players, they just harvest email accounts hence why your wow account itself was presumably never hacked.
    • General viruses and spyware.


    I could go on and on and on. As you can see it's rather simple how many ways there are that your information can still be exposed. Hell it could be as simple as someone using one of the hundreds of Remote PC Spy Software out there.

    People cruise through neighborhoods scanning for wireless networks, just so they can hack it (for example with software like Wireshark) so that they can harvest personal details to sell online.
    If someone makes a helpful post or useful thread, be sure to let them know by giving +reputation. Spread the love!

    If you are new to gold making, or want to expand your markets for greater profits, then consider becoming an Ethereal Contributor to gain access to additional guidance on gold making, as well as our private dedicated help and support forum.

    >> WoW Account Maximum Security Guide <<

    "If you spend too much time thinking about a thing, you'll never get it done." - Bruce Lee

  9. #9
    And if you use gmail, you can format your address with periods "."

    Normal e-mail: username@gmail.com
    Example: user.name@gmail.com
    Example 2: us.er.na.me@gmail.com
    Example 3: u.s.e.r.n.a.m.e@gmail.com

    It's not quite the same as having a completely separate mail account, but if you're too lazy, this will work.

  10. #10
    Namssob's Avatar
    Posts
    1,485
    Reputation
    123
    Blog Entries
    1
    Tagged in
    454 Posts
    Add to this user's reputation
    Great tip! Believe it or not, I haven't even opened the email account I use for wow in over a year - who knows what's in it. For kicks I should check, but yes, this is a fantastic way to avoid spam and phishing emails!
    How To: Create And Sell Profession Kits ---- MoP Shuffle Flowchart ---- Article: A Case For Dual Gathering
    "Never underestimate the sheer amount of derp the majority of WOW's playerbase possesses." -- Belrandir
    "They could have offered me free ERPing in Goldshire with real women over Skype for the next year and I would have passed." -- Zerohour
    "Scissors are OP. Rock is fine." --Paper

 

 

Similar Threads

  1. Blogging Security Risk Awareness
    By Sinshroud in forum News
    Replies: 0
    Last Post: April 18th, 2011, 07:47 AM
  2. Spam macro help needed
    By Ahdude in forum Archive (Auction House)
    Replies: 4
    Last Post: December 3rd, 2010, 03:08 AM

Tags for this Thread