How does a account become compromised?
Hackers will prey on your trust, naivety and innocence to discover your log-in credentials. Accounts become compromised when somebody discovers your log-in details (username & password) to the account.
Power Leveling Services
You buy a power level handing over your username & password to a complete stranger. Power leveling services are usually bought, with real money, through a website, which is just another scam to get your log-in details and hard earned cash. Once you hand over your payment, and divulge your log-in details, your account will be stripped of all valuables and the gold will be "laundered" through other hacked accounts (this gold is usually sold onto gold buyers). Finally, they will delete your characters, so they know when you have the account back, to do it all over again.
Account Buying, Selling and Trading
You buy, sell or trade your account. "I will give you mine if you give me yours", so to speak. Once you hand over your account details the account will most likely become compromised. The guy offering the trade might appear be really friendly and honest but you should not be drawn in by it. Remember, they prey on your innocence and trust. You may even buy a stolen account and it is likely the original owner will one day claim it back leaving you with nothing.
You click a link to a fake website directing you to a website that resembles an official Blizzard/World of Warcraft site. Thinking it's real, you log into the page using your account details, which is when your username and password are emailed to a 3rd party. A typical fake website would be where you receive a whisper in-game saying you have won a free Blizzard mount but you need to visit an obscure site to get the code for it.
You download a file that contains a Trojan/keylogger. This means whenever you press a key on your keyboard, the keystrokes are automatically recorded and transmitted to a 3rd party.
"No problem. I will just retrieve my password!", I hear you say. I'm afraid it's not that simple; If you are keylogged then you should expect the scammer has the ability to also log into to your email accounts (since he knows all usernames and passwords entered since the computer became infected). All he has to do is log into the World of Warcraft Account Management page, change the registered email on the account, and finally log into your email account to verify the email change. Now your account has a new registered email which you have no access to, rendering Password Retrievel useless.
You see a weblink, usually posted on a forum, and you click it. The link sends you to a web page which has some kind of invisible script designed to infect your computer with a keylogger. This can be a real problem on popular forums, including the official World of Warcraft forums. Fortunately, the World of Warcraft forum moderation team are quick to remove malicious links. Beware of clicking links!
How Do I Secure My Account?
Follow these simple steps and you can log into your of Warcraft account with confidence.
Passwords - Common Sense
Use a strong, unique password for your account. Make sure the password is different to any other passwords you might be using for your Facebook, Email, MSN accounts etc. Don't use simple words like "dog" and NEVER use your account name as a password!
Good password: &e5PSW:QtdH%#
Bad Password: hello
If you ever forget your password or need to change it you can do so by using the Password Retrieval service on the official WoW website. A new random password will be sent to the registered email on the account.
The Blizzard Authenticator is a great way to secure your account. It's a little device which you attach to your account through Account Management. Once attached, whenever you log into your of Warcraft account, you will be asked for your username, password and a digitally generated code which you get by pressing the little button on the Blizzard Authenticator. Without that code you cannot log into your account. The cost of the Authenticator is $6.50/Aï¿½6.00 and you can buy it from the online Blizzard Store.
There is a free Mobile Authenticator available for your iPhone.
You should have good anti-virus software installed on your computer. Anti-virus software protects against infected files that might contain a Trojan or keylogger. I personally use ESET NOD32 which has always done a good job but there are many good alternatives on the market. If you don't have the cash to invest in anti-virus software have a look at AVG Anti-Virus Free.
Once you have installed your new anti-virus software, and updated the virus definitions, go ahead and run a full system scan. You should also set the software to automatically run at least one full system scan per week (I prefer nightly), preferably when you know you will not be using your computer. Most anti-virus software have options to automate system scans; I have mine setup to run a full system scan every night at 04:00am.
Firefox and NoScript
I highly recommend switching from Microsoft Internet Explorer to Mozilla Firefox with the NoScript plugin. NoScript is a really cool plug-in that cuts the risk of being infected by a keylogger.
Flashblock is another add-on for Firefox which blocks all Flash content until you specifically allow the content to be viewed. This is useful for avoiding potential risks with infected Flash content.
Anti-virus software is NOT enough. You also need to download and install good anti-malware software because even the best anti-virus can sometimes have problems detecting and removing threats. I highly recommend Malwarebytes' Anti-Malware and SUPERAntiSpyware. Both are free and do a very good job.
Buy the Blizzard Authenticator.Install anti-virus software and keep it updated - scan regularly.Choose a complex password.Install Firefox and NoScript.Pick good password - complex and unique.Don't Share your account with anyone.Don't buy power levelling services.Don't buy, sell or trade your account.Check your browser status bar for masked links.Use Windows Update regularly.Install Flashblock for Firefox.Install anti-malware software.Don't click links right away. Think before you click.Treat every Blizzard email, which requests personal information, as fake.Double check you're on an official Blizzard website before entering any log-in details.Make sure the log-in page is secure (https as opposed to http).