World of Warcraft isn't just a game, it's a money-making empire for both Blizzard and an army of criminals that would love nothing more than to make real money from your virtual gold. You might think you're safe, but the techniques they use to get their hands on it go far beyond guessing your .
The basic rules are obvious. Don't give anyone access to your . Don't use a dictionary word as your . Use numbers and symbols as well as letters to make your harder to guess. Don't reuse s across s and services. If your is '', slap yourself now. Blizzard staff will never ask you for your . Never follow a link in an e-mail to a website that looks like a Blizzard site and enter your information - always go there directly by typing the address into your browser.
Unfortunately, it's not that easy to ensure your security, which is where the Blizzard Authenticator comes in. You can buy a dedicated unit from the Blizzard store , but if you have an iPhone or Android phone, or a handful of others - you'll find a full compatibility list here - it's easier and cheaper to just the free app. It's just as secure, and much more convenient, especially if you play the game on more than one PC.
Even if you're a casual player, we recommend getting or ing one of these. , your Battle.net isn't just World of Warcraft, it's Starcraft II and will eventually be Diablo 3. If you're not using an Authenticator and your gets hacked, one of the first things the scammers will do is add one to your , locking you out. This slows down your ability to get your back, forcing you to prove your identity to Blizzard, and prevents you from even changing your while you wait.
Setting it up couldn't be easier. Once you've ed it, you simply enter a code given to you by the website, and run the game like normal. The only difference is that as well as your name and , Blizzard games and websites will also ask you to enter the code displayed on your screen before they give you access. This changes every 30 seconds, giving you a one-time code unique to your Authenticator and your time. You can remove an Authenticator from your at any time, but be careful - if you lose or reset it, you'll have to Customer to get back into both your games and information.
In an ideal world, you'd now be safe. In practice, an Authenticator on your is the minimum level of security you require. A guild for instance is only as strong as its weakest link, which is why most now require proof that everyone with access to the Guild Bank has an Authenticator on their . When you add one, Blizzard gives you a special pet, the Core Hound Pup , which is removed if you disconnect the Authenticator from your . Summoning this pet demonstrates that your is, at least in theory, secure.
The problem is that even with an Authenticator, you're at risk from malware. This can infect your machine in a number of ways, and rarely because you've done something as silly as running a dodgy app from your mail inbox. You're clearly at risk if you hack programs or other morally dubious apps to help your play, but assuming you don't do that, the problem is most likely to come from a dodgy banner advert or similar drive-by attack from an infested website. If this happens, don't expect the malware to announce its presence.
Instead, it's likely to pull off what's called a Man In The Middle attack. You think you're logging into Blizzard's servers, but really your name, and authenticator code are being sent to the scammers, who promptly to your instead. Once in, they'll strip your character of anything sellable, empty out any guild banks you have access to, or make your character part of a transaction - for instance, copying across a stack of gold from another character to sell to someone else. This not only risks your equipment, but your itself - especially if you don't report it. This is especially true if you to find that one of your characters is suddenly incredibly rich and decide to try and keep the gold.
To keep your system clean of malware, you need dedicated antivirus software running. You can get a free one, such as AVG Free Edition (EDIT: Dissent in the ranks over that one. If you have a preferred free AV tool, let us know underneath) , or commercial packages from McAfee, Norton, Sunbelt and many others, and most of them should be fine. The key is to actually keep it running. If you end up switching off your antivirus protection on a regular basis because it slows down your gaming, look for one with better resource management, like Sunbelt's VIPRE . A few have dedicated Gaming Modes, but this shouldn't be needed for WoW.
Once you've done all this, you're as secure as you can reasonably hope to be. It goes without saying that you should keep away from the dodgy players, and never under any circumstances do anything as silly as paying someone to to your and level up characters for you. You'll also want to follow sites like this one to keep track of any new attacks as they emerge, because the one guarantee we can give you is that the criminals won't stop attacking until the game isn't popular enough to justify their time. Don't hold your breath, especially with Cataclysm and a whole new surge of players on the way.
Finally, if you do find yourself a victim of the scammers, the quicker you can report it, the better. Log out immediately, run a full antivirus sweep on your PC, change your (just to be on the safe side) and if you're not using one already, add an Authenticator to your phone, even if only until the official one arrives. At the very least, you'll be able to say with hand on heart that you did your best.
