A big deal lately with the security of wow accounts seems to be phishing. Fake whispers in-game are stating to show up nearly as much as gold advertising.
With the admitted leak of email addresses on the WarcraftRealms website earlier in December due to a security hole, you need to be more cautious as ever, as phishing email is now back on the rise. The email read:
These people will stop at nothing to get your wow details, here is a perfect example of a classic phishing email:
At first glance, this looks extremely authentic. Note that even the email originates from "blizzard.com" which goes against the in-game loading screen "tip" of trusting emails with such extensions. Infact the only give away that this is a phishing email is when you hover over the link, you can see it forwards to a non-blizzard website, an attempt to steal your account details.
I see people frequently say things like "My computer is secure". That may be fine and dandy, but did you ever stop to think about the security of websites out of your control? The truth is, you just can't guarantee this security. So here's a few tips:
- Keep your wow password unique, do NOT use the same password anywhere else.
- Double, even triple think about entering your login details anywhere.
- Buy an authenticator, you won't regret it. The peace of mind it will bring you far outweighs any downsides. Also, I know you want that cute pet.
不会,哪里有下载地址?
draoi,
addons are only active AFTER you logged in, and they can't keep running after you log out so its impossible to make an addon to steal your login information.
That said, try to avoid addons that require you to run an executable file to install them. Executable files (exe, com, bat) shouldn't be present in the addon folder unless its stated in the documentation for the addon. (I use Vuhdo which contains a .bat file to reset the settings if I mess things up).
Short story: if you installed via the curse client and don't run anything else you should be safe.
@draoi, Sorry for the delay in responding.
We do extensive checks on all files uploaded to us as well as generated on our servers. We flag any potentially dangerous files for further screening. We've had a few incidents over the past year and a half were we had a short lived issue, but there are no current issues to my knowledge.
We're in this for the long haul as it were, and it's in our best interest to protect our consumers from any and all harm we can. I personally feel safe downloading and using the dozens of addons I do, both form WowAce, CurseForge, and WowInterface.
How confident can we be in the addons we download from WoWAce and Curse that they don't have a keylogger embedded in them?
I recently had my account hacked and I am attempting to find out how that happened. I ran a virus scan that found one infected file (A0011202.exe) and now I am reloading WoW after deleting the old folder. I want to put the addons I had in the past that I got from here and WoWInterface but now I am wondering what caused my hack.
Thanks.
I can tell you I have had many different ones over the past weeks. Most of them you can tell right off because of what they are asking for. The last few however seems to show they are getting better at it. Regardless I forward all of mine to blizzard and they in turn reply back to me on them. You also may find the emails are not sent to your actual game account to. I had one with supposed problems with a game account I don't and never have had. So it is not just WoW that is being targeted. Be wary and check them out safely. Easy to get a key logger by clicking on links.
domaintools.com
Check any website asking for your wow username and password.
is it blizzard owned ?
is it asking you to login in at a battle.net address using https ?
The security of websites *could* be verfified by an SSL-certificate. Firefox verifies the certificate and shows the owner and signer in the adressbar, right before the URL.
Just today I saw 3 phishing attempts in my inbox. Saw 1 yesterday. Not sure if my email was in the WarcraftRealms database. Actually I think it was.
When you see a phishing email make sure to report it. I use spamcop.net to report everything.
Wow, good catch... i got about 8 emails to an email that isnt even linked to my account at all and i almost missed them due to the fact they went straight to "SPAM" folder. Not being a retard, aka not clicking the links provided in the emails, i went to the WoW site directly to check it out and nothing out of the ordinary. i didn't even notice the link was different when ya hover over it <http:/ /www. worldofwacrcreft .com/> yeah craft and creft is a dead give away but VERY hard to notice even for someone like me who is very cautious. i split the link up to keep it from showing as a clickable link and some retard click it
Also if your using a web based email service, there is usual an option somewhere to report an email as a phishing attempt. PLEASE do this, it can sometimes help.
Also blocking everything from hotmail.com helps too, as all the ones ive got have come from their system.
I get these kind of email, nearly every day now. On my normal emai account and in spam.
There are other emails as well, they are about disputes, attempts to sell the account, etc.; they all ask for large sums of information.
Blizzard employees personally sign all documents with a rather RP (Ghostcrawler is the least RP of the Blizz names) character name and profession, so you'll see the email signed something like GM Fenatyl or Character Specialist Vexinka (both madeup names, but they show the style)