KAPT Guide [Know your account protection tips]

=====================
| KAPT Guide version 1.21 |
=====================


First off I will have to say that the state in which people have been getting hacked is in and of itself inadvertently the cause of their own lack of knowledge. Its like an adult stealing money from a little kid by shorting him by using his own superior knowledge of math. I personally for one am not a trusting individual and I have yet to have been hacked by anyone but my own friend a few years ago.


First off, bring protection. Have your laughs at that but really, what virus protections are you using? Is it that hard to do research and find the one that's right for you? There are free virus protection programs like Avast, and Avg. Even Comodo for a firewall, that one is amazing. Every computer I've had has had a combination of the 3 [obviously switching avast or avg to avoid conflict].


Secondly, do not trust strangers. Know your official notices and know your scammers blizzard will never just whisper you in game about anything without proof of their identity. In many cases You can tell by the grammar! You should know by now that phishers are trying harder than ever to get your own hard earned gold and your very account and they wont care how much time you've spent on your glorious toons to get it. They are out for one thing, business.


If 'blizzard' is sending you emails, check the email out. Does it have blizzards official header, footer? Does it state that your account has been compromised and urges you to click their link? Well, that is a obvious tactic, they want to make it seem like your in danger. After all, if you've put your heart and soul into something you would do just about anything to protect it... right? So they assume you will click their link.


Never, never click a link within a email stating something like this. Do yourself a favor, and delete it. For good measure, manually type the link to the official blizzard website in your web browser manually and change your password.

The more you use a password the more compromised it becomes, If you sign up within even your trusted guilds website its still a risk. Its even more a risk seeing as you have to use your email to go along with it in most cases. For all occasions, Keep your passwords unique. You can only blame yourself. For added measure, use a separate email address for things like that.
[This tip courtesy of "Kordd" from the server Vashj.]

The whispers you get in-game that will denounce your account as suspended or has been compromised is 9 out of 10 times wrong, add another 1 point to that 9 if you get a message from someone that does not have the blatantly obvious 'blizzard' crown next to their name even in whispers, secondly why would blizzard whisper you in game on an account that is compromised or suspended? Think about that for a second.

Most browsers like firefox and internet explorer show you where the link sends you, if you hover it over the link itself. Is it a link that does not exactly match the WoW official website? Then that will clue you in to how valid this email from 'blizzard' is.

Whilst I stick to my habit of never clicking links in emails. If you are concerned that any of that is true it is a very good thing to know the validity of the sender by checking the accuracy of the link(s) in the email itself.
[This tip curtosy of moderator Kamchak of the forums of zygorguides.]


Methods of protection You do need to arm yourself just like you do in game. You arent gonna do a end game raid with shoddy green quest gear right? Here are methods listed simply below.

1.) Get Virus Protection and a Fire Wall.
2.) Put an authenticator on it! These things do work or they wouldn't be selling that much
2a.)Download the authenticator software onto your Iphone or Ipod if you can, this is cheaper in the long run and more variant of codes apparently. [Tip curtsy of trevo66 of the Zygor guides forum]
3.) Don't share your account info with your friend, because you are placing your account safety in his hands.
4.) Don't Click Links in emails stating that your account is dire jeopardy of any sort, don't be lazy and type it out.
5.) Get the badboy addon from the official curse website. It will weed out false whispers if you have trouble deciphering which one is an official message and which one is fake.
6.) Use a Unique password everywhere you go.
7.) Check for the blizzard crown in whispers ingame.
8.) Check the validity of the links you get in emails, by moving your mouse over it.


[I will be adding more suggestions as I see good ones within the post to this one. If you want you can add your own short suggestions I will get around to adding them when I can.]

First of all, excellent post.

I will add one important check you can perform on these "links" that are sent out to you in an email.

Mouse over the link and check the bottom of your browser window. Most browsers will show where the link will take you, or the address the link sends you to.

Further, if you are ingame and get a whisper that your account is suspended, consider this question..... how the heck are you playing in a game to get a whisper that the account you are playing on has been suspended?

I will amend it with that tip right away.

Great post with great advise

One thing, I advise gamers with iphones and itouches to get the downloaded version of Authenticator. The Keyring type is not as secure. The keyring type (although it has a large rotation of codes) can over time be predictable. The downloaded version is far more random in its codes.

I would like to ask one question....

Do other players get random "hello, how are you" from people in game? Pretty much everytime Im online I get these from people I dont know.....always level 1 toons, which I find odd as all my toons are 80....so we are no where near each other for some one to say hi.
My question is.....who are these people and what are they trying to achieve?

Thanks

There are companies (most of them in fact) that sell, rent, or lease your information to 'sales listing' companies.
This is where most of your information is going, on a list available to everyone that has the $$ to buy it.

It is for this reason alone I place a different name and email on everything. This way, when I get something in an email addressed to 'john doe III' I know its crap and can toss it away.

IMPORTANT NOTE: anytime... anytime you get any message to log into this that or another and are offered a web address to go to, do not use it.
Yesterday, ingame, I was given a message from user "blizznotices" that told me I had a mount I had not collected, and a web address to go to. However, when I go into the "manage account" tab from the wow launcher, there is no such mount waiting for me. Also, there was no email sent to me to my main account.
Yes, the slimballs are getting very creative. If only they worked half as hard to make an honest dollar.

Of course if you do get an ingame message from a 'gm' ask them to appear in front of you in game, most are quite happy to do this.

Just run a Mac and you'll be much happier being relatively hack proof (unless you're one of these retards that DO click on links in game, emails from "blizzard" etc).

A good piece of advice that a bliz GM gave me is to make a fresh gmail account and have it forward to your normal account (in case Blizzard sends you the occasional email update) and use ONLY this email address for WoW. The premise behind this is that even if you've used your real email on facebook and with various websites that scammers/hackers dont know your battle.net login. Aside from that just use common sense, dont click on any offers in game, dont buy gold, dont get power leveled 3rd party, dont fall for Cataclysm invites via email asking to login using the link provided.

Macs are far from hackproof, Safari is the probably one of the worst web browsers from a security standpoint.

Over the years Apple has either ignored or been very slow to respond to security threats, much like Microsoft did during the 90's. The only thing that has kept Macs relatively safe over the years is their low ownership numbers, unfortunately increased popularity makes you a bigger target, especially when the idiots at an Apple store are telling people that anti-virus and malware software is not needed on a Mac. (This actually happened to me Saturday afternoon.)

Any computer that is not a standalone is vulnerable to being hacked regardless of architecture or operating system, it's just a matter of it being profitable for the hacker to exploit the vulnerability.

Maybe explain that to see the real link when you hover over the link, you should check in the left-down corner (right above the Start button).
And make an example: http://www.this-is-a-fake-link.com/
What you think is the link, is actually the "name" of the link.

Never register with your real name on e-mails that you shall use for forums, blog sites and so forth.

Before open an e-mail, right-click on it and click 'View source code'.
A new window will appear; press Ctrl + F and search for '@' to find an e-mail adress that's not yours.
If you use Hotmail, then click 'View message source' in the context menu.
Check the e-mail adress if it's the same as Blizzard's, but you should also add all Blizzard's e-mail adresses to your whitelist or contact list.
It will make it more convenient to check if the e-mail adresses are the same.
This goes for any emails that claim to be a well-known company.

Recommended e-mail providers to use: Hushmail, Gmail or Yahoo (but it's filled with ads).
Remember to always at least login once before 30 days have passed, or else your e-mail will get deleted or inactive, and have to pay for premium to get it active again.

How to make easy rememberable passwords, but will reduce the security at some points.
Never, ever use words, some hacking programs can detect a word almost as easy as one letter (i.g. magicbananadog is just as safe as using only the letter A).
Use numbers and symbols in your passwords.
F.ex. instead of using 1234, use Shift + 1234, or Alt Gr.
Note that 1 does not have a symbol with Alt Gr.
And maybe also use backwards, 4321.
You can also use the 1337 language with words to make your password easier to remember.
And if you like, a capital letter on each word.
F.ex. $£@M4g1cB4n4n4D0g!"#¤
Wich would be Alt Gr + 432 in the beginning, magicbananadog in 1337 language and Shift + 1234.

Use CCleaner to remove logs and traces in Windows.
And remember to tick "IIS log files" in the Windows fan.
Download: www.piriform.com/ccleaner

When you shall delete files, use Eraser to overwrite them.
Remember to not use this application for uninstalling other softwares.
Download: http://eraser.heidi.ie/

This will completely wipe everything on your hard disk, if you ever shall reformat your hard disk.
Download: http://www.dban.org/

Scans your computer for security holes.
Download: http://secunia.com/

Scans your network for security holes.
Download: http://www.nessus.org/nessus/

Test your security on your wireless network.
Download: http://www.kismetwireless.net/

Online scanners to scan individual files with several anti-virus programs.
Jotti: http://virusscan.jotti.org/en
VirusTotal: http://www.virustotal.com/

Recommended Firefox Addons.
TACO: https://addons.mozilla.org/en-US/firefox/addon/11073/
Adblock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865/
CustomizeGoogle: https://addons.mozilla.org/en-US/firefox/addon/743/
Web of Trust: https://addons.mozilla.org/en-US/firefox/addon/3456/
NoScript: https://addons.mozilla.org/en-US/firefox/addon/722/
Tor: https://www.torproject.org/easy-download.html.en

I would prefer those not be added. While they are out there and being used, it is still hacked and/or just plain stolen use of software.
I would like to keep Zygor et al away from appearing to condone such activity.

Easy tip to do is to change the email address for your battle.net account to a unique one which you only use for warcraft.