WoW Hacking Techniques and How to Avoid Them

Whether for selling your gold, advertising or simply griefing, hacking in World of Warcraft has been an issue ever since its release. The amount of security Blizzard puts in place is directly proportional with the effort hackers make in order to gain access to players’ accounts, so it’s safe to say your account’s safety shouldn’t be taken for granted.

In this post, I’ll try to cover the most dangerous WoW hacking attempts, as well as the ways you can prevent it from happening to you and your account.

Phishing

Phishing is one of the most dangerous and efficient ways for hackers to steal your identity, and it’s been used in pretty much every single online thing, and unfortunately, WoW isn’t an exception.

In WoW, phishing takes place by basically getting a fake e-mail that lets you know your account is either compromised (the irony, right?) or that you’ve won something (pet, mount, free gametime).

Verifying that the mail ends in battle.net or blizzard.com is not always enough, as there are plenty ways to spoof mails. The best way to spot a phishing attempt is to mouseover the “promotional button” or whatever other links they share there, such as “Redeem Your Code Now”. If the link still isn’t clear enough, right click on it, press on “Copy link address” and paste it in a notepad, then examine it to see if it’s legitimate.

Phishing mails don’t infect you upon clicking (I’ll talk about watering hole attacks later), but simply rely on you inputting your username/mail/password while thinking you’re logging into an official website, only for them to get ahold of it.

Another very well-known phishing way can be found in game, and I’m sure some of you guys know what I’m talking about. Every now and then, out of nowhere, some weird ASCII named character trying to impersonate Blizzard GMs will whisper you, telling you that your account has been compromised, and linking you to a website to “secure it”.

Bruteforcing Easy Passwords

While most games/websites have gone to the length to enforce stronger passwords (numbers and symbols), as far as I know, WoW still allows you to use a simple one.

Bruteforcing isn’t as efficient, though, as the attackers need to know your e-mail in order to start automatically force-guessing your password.

To prevent your account from ever getting bruteforced, make sure to use a strong password, preferably with numbers and/or symbols in it, and something that isn’t out there on Facebook, for example, such as a pet/car/middle name.

Buying Piloted Boost

While this is against World of Warcraft’s Terms of Use, it’s well known that quite a few WoW players buy boost every now and then to earn various PvP/PvE achievements, gear, mounts or even to get their other characters leveled up to max.

Unfortunately, upon purchasing a boost, you risk both getting banned – often times the boosters do use third party software (bots) to boost you – or getting your account stolen, along with the money you’ve paid for this service.

Of course, not all boosting websites are out to scam customers, but pretty much all of them do present a risk of getting you banned, due to the IP discrepancy or public VPNs they use in order to fake the location.

AddOns

You should never install any addon that isn’t on Curse or WoWInterface. However, sometimes, even those can cause issues, even though indirectly.

For instance, there was a WeakAura string that, once imported, would cause you to trade all of your gold to the attacker. While this was patched, and Blizzard helped victim players recover their gold, you should never import any strings that aren’t from a reliable source, nor install any addon someone tells you to out of the blue, especially if you don’t know that person.

While this isn’t an account hack, the outcome is almost the same, as it can leave you without your gold, and even worse, banned, assuming the player is level 1, which can automatically get you flagged and suspended due to alleged gold selling.

Watering Hole Attacks

Watering hole attacks haven’t really been an issue for WoW accounts, however, derivations of them did.

In a nutshell, a watering hole attack means that the attacker will gain access to a website that is very popular among the targeted community, such as a forum or a WoW item database, infect it with malware, such as a keylogger, to spread it to its visitors and steal their accounts.

As derivations, even though it’s quite far from its actual meaning, there can be actual websites designed to do just this from the very start. Even if they won’t actually spread malware through said websites, they can very well export all e-mails and passwords used to register an account there (such as on a forum), and use them to either bruteforce your WoW account, mail or anything else that can lead them to get all of your information.

As a way to prevent yourself from such attacks, it’s best to have a completely different mail/username/password from your WoW account when registering on community forums (and other websites as well), and to always have an updated and efficient antivirus.

Dealing with the Outcome

Assuming you got banned as a result of having your WoW account hacked, don’t panic! First of all, start by scanning your computer thoroughly, remove any malicious finds, change all of your passwords (to every single mail, especially if malware has been found), then perform another thorough scan.

Once everything is secured, contact Blizzard’s Customer Support and explain what happened, and they should help you recover it.

Sometimes, though, due to other players trying to double their gold amount by claiming they were hacked, they can have second thoughts about restoring your account. On top of that, if whoever hacked you also used a bot or has done anything at all and got you banned, you might have a bit of a hard time explaining your situation.

In such cases, which are harder, there are some guys which have years of experience with Blizzard’s customer support and they can help you with your appeals through their unban service.

After you’ve recovered your account, do your best to find out how it was breached in the first place, and avoid getting in this position again, since if you get hacked multiple times, you might just end up losing your account forever.

How to prevent getting hacked in WoW

The best way to stay out of trouble is to pay attention to what you’re doing, as well as who and what you trust. Here’s a list of essential things to do to prevent you from getting hacked:

• Add an account authenticator;
• Always have an antivirus and firewall active;
• Have your real information on your Battle.net account, as if you ever get hacked, you might need an ID scan to prove that you’re the owner;
• Don’t use your WoW account mail on shady websites;
• Don’t install addons nor click on in-game addon strings that you don’t trust;
• Check your promotional mail links thoroughly before clicking on them;
• Avoid sharing your account with anyone you don’t trust, and avoid purchasing boosts, at least from unreliable sources.

Conclusion

While most of us don’t even consider ever getting hacked, it can happen when you least expect it, and even if you do get everything back, it’s still quite an unnecessary hassle, as it can cause you to miss a few raids or in-game events.

As long as you can follow the steps above, you should be safe, but never take it for granted, as new account hacking methods can arise every second.

Hopefully this post will help you prevent having your WoW account hacked, and if you’ve ever been through this ordeal, please feel free to share your experience in the comments!