Saturday, January 9, 2010

Please give us your WoW account

This week I found this in my mailbox:

At first glance it looks like a genuine e-mail from Blizzard, it even passed Hotmails spam filter. But I quickly remembered that I didn't get this kind of e-mail when someone changed my password and actually hacked my account two months ago.

Giving this message a closer look quickly gives more hints to show us that it's a fake:
  • "you Login verify your password" - Bad English in an automatically generated mail? No professional company would send this mail let alone one based in the United States;
  • "If you are unable to successfully verify your password . using the automated system" - That's not even a proper sentence.
  • As every WoW player should know, Blizzard will never ask you to enter your password.
  • Any login site should have the https protocol.
  • The e-mails source code shows that the e-mail comes from the IP This links to, not to like their authentic e-mails do.
After seeing all this it's clear that this mail is an obvious forgery. But in the name of investigation I clicked on it anyway and both FIrefox and Internet Explorer tag it as a phishing website. Ignoring the phishing message and continuing to the site shows the regular WoW login website. Of course with the difference that your user name and password will also be forwarded to someone else...

Luckily this phishing attempt was poorly done. But I can imagine that quite a few people could be fooled by a more professionally looking e-mail. If one in a thousand falls into this trap and you send a million mails then you've got quite a few accounts. Add to this brute force dictionary attacks or keyloggers and I'm sure every WoW player knows someone who has seen his account hacked.

It's no wonder that Blizzard is considering to make their authenticator mandatory. Once everyone has one the amount of hacked accounts should be greatly diminished. The main reason to do this is probably to reduce operating costs. Having to hire dozens of people that do nothing all day but restoring accounts isn't a fun way to spend your money. And being in the news with "Thousands of WoW accounts hacked" won't really improve your company's image either.

Blizzard also reduced my major problem with the authenticator: the costs. Two months ago they asked €8 posting costs for an item they sold at €6. Nowadays they're asking $6.650 or €6.99. Yes, we Europeans are still being ripped of as we'll pay half more than our American fellow gamers. But it's a move in the right direction. I even wonder if it wouldn't be cheaper for Blizzard to just give everyone an authenticator for free. Wouldn't it be cheaper then having to deal with thousands of hacked accounts?

So the next step I predict will be to give free authenticators with Cataclysm or Starcraft 2. At which point it will probably be mandatory for all these games. Sad that we need one but it seems to be a necessary evil.

No comments:

Post a Comment