Kirkman Enterprises

I'll admit I play World of Warcraft in my spare time.  For a few years now, there have been a lot of attempts by hackers to break into player's accounts.  The folks at Sunbelt software published in their Internet security blog about another recent attempt at phishing for player's account information.  The hackers attempt to convince players to visit websites either under the guise of being an official game site run by Blizzard to log into their account (the Sunbelt blog demonstrates this method) or to access a site to buy in game gold for real world cash.  

Either way, if the player provides their e-mail address and game password they hackers can gain control of the player's account.  Once they do this, they will often sell off all of the possessions for each character for in game gold.  That gold is transferred to other accounts which is sold off for real world money.  These compromised accounts will also be used to send spam in game through chat channels, in game mail, and private "whispers" to convince people to go to a website, owned by the hackers.  (From there go back to step 1.)

The websites run by the hackers can also attempt to install keyloggers that will record whatever you type into your computer, including your passwords.  Keyloggers are sometimes the most difficult malware to detect, but anti-virus and anti-malware software is getting better at it.  Hackers are getting smart to this and will write their keyloggers such that they will only be active when you have the World of Warcraft client running.  In other words, if you just scan your computer no keylogger will be found.  To detect these special keyloggers, you should run the WoW client while scanning your computer.

So what is the motivation behind all this?  There are people who play the game but don't want to spend the time and effort to gain in game gold legitimately.  For whatever their personal reasons are, they will utilize the services of a gold seller.  I think the going rate at the moment is about $4 USD for 1,000 gold in game.  It may not seem like a lot, but Blizzard claims over 11 million people play the game.  If just one half of one percent of the players were to buy 1k of gold, it would be earnings of $220,000 for the hackers.  I don't know what they are actually earning or how many players are buying gold, but it is easy to see why someone might want to sell the gold.  Through hacking and obtaining gold quickly from compromised accounts, a ready supply of in game gold is available.  

How does one prevent their WoW account from being compromised?  Much the same way you prevent any account (bank, e-mail, facebook, etc) from being compromised.  Don't click on links in e-mail.  Don't go to websites you are not familiar with and enter your information.  Use different passwords for different accounts.  And for WoW, get an authenticator; once added to your WoW account in order to log into the game you have to provide an authentication code provided by a keyfob or smart phone application.  Only you have access to this code which is randomly generated at that point in time.  It provides a great layer of security for your Warcraft account.  

Now if only more banks in the US would offer this extra layer of security.....