MMOwned.com Scam Prevention

[Hellgawd]

Scam Prevention Article
Written and Compiled by Hellgawd + JD of the MMOwned News Team

Welcome to the MMOwned.com Scam Prevention article! This article has six key pages that are crucial to your online - and offline - safety regarding scamming. If you have something you would like to add to the article, feel free to post it below. Please remember that MMOwned does not condone scamming, only the prevention and negation of scamming. Thank you, and keep reading!

1. Online Phishing
2. Social Engineering
3. Offline Phishing
4. Keyloggers
5. In-Game Scamming
6. MMOwned and Scamming




[BREAK=Online Phishing]

1. Online Phishing
Online phishing is the most common form of phishing. Thankfully, it is also the easiest to prevent, as long as you know what to look for.
Most often, phishers are spread via falsified emails. Expert phishers have ways of making the emails virtually undetectable, but even if you click on a phishing link - you are still safe, as you will see.
Some quick tips to filter out phishing emails:
-Windows Live Mail picks up many phishing emails. Trust it.
-If you see unformatted or 'piecemeal' HTML code, it's fake.
-If you see a URL link that actually leads to a different URL (by hovering), it's fake.

These are just basic, common sense steps you can use to prevent yourself being phished.

Now, even if you were tricked into going to a phishing page, not all is lost! First off, take a look at the URL at the top of your screen.
If it says something suspicious, incorrect, utilizes a free-web hosting service, or is mis-spelled - you are looking at a phishing page! Sometimes, even the best of us miss these ques, and if this happens, you are still fine. Read on!

Blizzard uses SSL security on all of their account management pages. This includes Beta Opt-in pages.
If you are sent to a page that gets you to enter any personal information, keys, gametime codes, account information, ect - always check to see if the URL starts with 'https' and that the SSL certificate says 'Blizzard Entertainment' or 'WorldofWarcraft.com'. If it doesn't - you've met a phisher!

As well, look at the phisher content in general. Blizzard will never have a page on their website giving you 50000 free gold - so don't believe it! If it's too good to be true, it ISNT TRUE.

All of these basic, basic tips will make you practically immune to phishing.

[BREAK=Social Engineering]

2. Social Engineering
Alright, now we will be going into detail about social engineering, and how it is used to scam YOU out of your precious world of warcraft swag.

Originally Posted by wikipedia
Social engineering is the act of manipulating people into performing actions or divulging confidential information.

This should give quite a nice description of what social engineering is and you can probably imagine how people who are good at it are able to talk people in to doing or saying anything they want. This is also one of the more advanced techniques of scamming and for the most, more experienced, scammers it's prefered over phishers or keyloggers. Some famous social engineers are Kevin Mitnick and the Badir Brothers. Quoting Kevin Mitnick's famous words; "It's easier to get someone to tell you their password than to take hours to hack in to their system".

Social Engineering in WoW Scams

You probably realize that Social Engineering is one of the best ways of scamming someone without using any tools. I'm not here to talk about how to scam someone tho, I'm here to tell you how to not get scammed. So here we go.

Not getting scammed

1. When selling you WoW account always make sure you're not the one giving your account info before your buyer pays.

2. When trading using in game gold always make sure you don't go under the price you chose when you're selling something and don't go over the price if you're buying something.

3. When someone is trying to get your account info saying he's a GM or if he's saying he needs your info for something just don't give it. He's not a GM and he won't need it.

4. Don't trust anyone you don't know.

[BREAK=Offline Phishing]

3. Offline Phishing (AKA Application Phishing)
Application Phishers are one of the most frustrating phishers to run into. Not only can they spread common computer viruses, such as keyloggers which can then compromise your security and other people that trust you's security, but they often look just as 'legit' as real programs - cause they are real programs, just with false functions.
The most common form of Application Phisher is seen as a 'Cataclysm Alpha/Beta Downloader' or a 'Gamecard Generator'. Both of these get you to submit personal information and/or gamecards that will eventually be used without your consent.
Most of these phishers can be thwarted out using some common sense. If it looks fake, it most likely is!
If its going to get you into the Cataclysm Beta, or give you 50000 billion months of gametime - think again! Things like these do NOT exist.

As well, always check the origin of these applications. Often, they will be missing specific information in the application properties, that official Blizzard applications won't. Always check the digital signatures portion of applications, as well as the details. If it says something like 'Default' or '1337 Hackers Group' - delete the application immediately.
More advanced applications might have already infiltrated common uses of your computer, such as browsing the internet. If this is the case, and you suspect something like this, you are at risk whenever you visit a proper-website, like worldofwarcraft.com. Always do frequent anti-virus scans and ensure you have the most up to date software updates installed.

[BREAK=Keyloggers]

4. Keyloggers

For this part of the article I'm going to tell you guys something about keyloggers and how not to get scammed by people using them.

Keystroke logging (often called keylogging) is the practice of noting (or logging) the keys struck on a keyboard

You can probably imagine how keyloggers are used for scamming WoW accounts and other information. Someone sends you a program saying that it's a GM account creator and you don't have to fill in your account information! That's great if it were true but unfortunately the creator added a keylogger to the program. It tells you to login to your WoW account which you do. You fill in your account name and password and that information gets sent to the creator's email address. He can then log in to your account and do what ever he wants with it.

Not getting scammed

1. Install a good virus scanner
2. Never accept any software that looks to good to be true.
3. Run software using SandBoxie

More Information

[BREAK=In-Game Phishing]

5. In-Game Phishing

This part of the article is all about In Game Scams and how not to get scammed by people using them.

In game scams are scams done inside the World of Warcraft

In game scams are mostly based on social engineering, telling people that their GM's faking a trade.

Example!

A conversation between Bob's character and a Scammer;

Bob in /2: Want to buy 20 eternal fire!
Scammer in /w: I have 20 but I have to go quickly, I'll COD them to you
Bob: Okay, sure how much?
Scammer: 200G
Bob: Fine, thanks
Scamer: No problem, later

The scammer logs off and, an hour later, Bob gets his eternal fires... The mail says "eternal fire (20)" so Bob opens it, pays the 200G but only recieves 1 eternal fire! He got scammed and is a sad, sad panda...

What happend? The scammer put one eternal fire in and changed the title from (1) to (20). Bob thought he got his 20 etenal fires but only got one!

How not to get scammed

1. Don't trust anyone you don't know.
2. Don't give out any private information
3. Make sure your trades are always exactly what you thought it was.

[BREAK=MMOwned and Scamming]

6. MMOwned and Scamming

MMOwned does not support illegal scamming methods. Things like in-game 'pranks' they might be called, where you get items for a few gold-digits cheaper (The Backspace Scam) or other such scams are still allowed. The Scamming Section of MMOwned has recently gotten a new ruleset put into place, giving it the purpose it was originally intended to have - how to PREVENT being scammed. MMOwned's Scamming Section is a perfect area to read up on other anti-scamming tips and information bulletins. You can also report suspected phishers in that section as well, so other people can give you the verdict if they are VALID or PHISHER.
Thank you for reading,
MMOwned News Team [Hellgawd + JD]

[JD]

Great job 2 u Hellgawd

[Hellgawd]

And to you too, JD

[Cooldude]

GJ guys, knew everything here, but sandboxie is new, ill have to try it out.

[Baneh]

I don't mean to complain or rant or anything...

but what exactly is the point of a scam prevention forum?

What I'm basically trying to say is... There are only so many threads that can be made about preventing scamming. In fact, I'd say scam prevention is 5 threads at the most, and the person would just edit their posts as soon as new ones came out.

MOST (96%) of WoW scams that are / were in existence have come out of MMOwned. Without a "scam section" that 96% will die out and be forgotten, leaving the 4% and a lot less people that go into the area. That also means the number of people running into scams will decrease, so there will be no need to have scam prevention in due time.

The new section will be obsolete pretty soon. All the posts that have been there so far are "reposts" already. They all say the same thing... "Don't give your password out," "Make sure you ask for full info," etc.

I'm not sure if this is the best decision...

-Baneh

PS: I like the marketplace idea. :P

[s0rs]

I highly recommend obtaining this program, it can trick most keyloggers by scrambling keys inputted and then descrambling them for only the program you are typing into, the Professional version works for WoW and other games and the Premium version works with pretty much every Windows program (even Windows logon).

Code:

http://www.qfxsoftware.com/index.html

Obviously nothing is better than a bit of common sense, but if you think you need a little bit more protection then this is a great program

[Xel]

Thank you, I really enjoyed reading this.

[Cypher]

I wouldn't trust Sandboxie. I'm almost certain that I could write software that could "break out" of the sandbox. If I get bored I might do it sometime later this week (depends how good Aion is).

A full-blown VM is much safer. But obviously you need multiple VMs classified into security levels and for them to be automatically wiped and reimaged on every restart.

EDIT: Lol, it doesn't even support x64. They could've at least provided an implementation using a KPP bypass. Sigh, fail. Not gonna bother then, x86 is fail.

[~OddBall~]

However, your every day keylogger isn't written by a Cypher, not to mention the majority would not be written with Sandboxie in mind...

[Sel3n]

I lol'd at : "50000 free golds".

How an sane human brain can true this!?

[Krigoth]

Nice job in doing this, maybe we'll have less people on the forums now trying to scam ourselves. =P

On a more serious note, does this mean things like scamming templates are going?

[JD]

yes Kri, it does mean that.

[SillyBE]

So Video scam and phishing site are not more tolerated but we can still post in-game scam?

[KuRIoS]

So Video scam and phishing site are not more tolerated but we can still post in-game scam?

as long as you provide the method of not falling for it

[Dmxsbb]

Mmowned DOES support scamming, they just dont wanna be held accountable so cut the bullshit