In the middle of playing late last night I found myself guild-less. Now while it was possible that I’d been kicked, it seemed unlikely given that I was second-in-command and knew the Guild Leader well. I emailed her at once and it soon became obvious that she had been hacked, the Guild no doubt stripped of all assets and, then to rub salt in the wounds, disbanded. This is not my first experience with hacker and gold stealers – my first guild was cleaned out when one of the ranking officers followed an ingame email ostensibly from one of the guild members with a website link to a supposed video about our guild but in reality a key logger site. The sad fact is that such attacks are not rare occurrences in WOW. Most often a GB is cleared as the result of a hacker gaining access to a guild member’s account. In other cases it may be ninja (a less than trustworthy guildie who takes items of worth to sell rather than for personal use). And in some rare cases Guild Masters have apparently, in a fit of pique or boredom, closed down the guild. There are people after your virtual gold – whether for their own personal use or to sell for real US dollars to those silly enough to trust them.
If your account is compromised you should immediately 1) create a new password for your account if you can; 2) contact Blizzard by phoning or sending an email (to restore account if necessary) and, once you have access to your account, by opening a ticket in game with a Game Master (GM) (to recover lost items) and 3) run a full viral scan of your computer to eliminate the presence of key logger programs., 4) secure your account and your email account, & 5) you will need to be patient as generally takes time to restore things. ( Check out this and this for summaries of what to do).
Just as with theft in the real world – there are a number of measures that you can take which greatly reduce the risk of being hacked, but not entirely eliminate it. And as with theft in the real world, it is a shock when it happens to you and can often feel like a gross invasion of personal space. Many players, experiencing this for the first time, find it hard to become committed to a guild again, especially if they have contributed significantly to the guild bank. Yet, unlike in the real world, what was stolen is virtual and can usually be restored or replaced. The Guild Bank is only one (and maybe even a minor) benefit of belonging to a Guild. Other benefits include the camaraderie with other payers (through guild chat, vent etc), a proven pool of players to do instances and dungeons with, players who can help you out and vice versa, a sense of belonging and a source of information and encouragement – all depending of course of the kind of guild you belong to (social, role-playing, levelling, raiding or pvp).
Reflection over the issue and reading many forums and sites (this is indeed a common problem), I’ve come up with a number of tips to guard against hackers, ninjas and the like:
Personal security:
- Have a strong password (preferably randomly generated) or even better – an authenticator.
- Do not use your WOW password for other accounts (such as forums etc).
- Never give away your password and account details to others.
- Be wary of using public computers to play WOW (you don’t know how strong their security is or whether there are covert programs recording your account & password details).
- Make sure you have a strong firewall on your computer.
- Make sure you have a good virus checker which is up to date and checks for keylogger programs.
- Install latest updates of the computer operating system etc.
- Don’t fall for special offers of pets or other rewards or threats of account suspension whispered to you ingame.
- Beware of links to suspicious websites, ads or emails and only ever use your password and account information on official Blizzard websites.
- Type official Blizzard sites (such as the Armory) in directly or, better still, bookmark it. Hackers have used common misspellings of Bliz websites or like-a-like sites to trick players.
- Beware of powerleveling sites and gold sellers – not only is the gold they sell from hacked accounts – you have to give them your account details to receive the gold or level your toon.
Guild security:
- All guide members, but particularly ranking officers, should take above security measures. Guilds don’t get hacked, players do.
- Access to the bank can be limited in line with rank, length with the guild or trustworthiness. Most guilds have a probation period for new recruits in which they cannot withdraw from the GB and may even not be able to view it. Some guilds restrict all withdrawals to the high ranking members and access to GB must go through them (though this can be frustrating for other players in the long term). Alternatively, restrictions can be placed on both the number of stacks and/or gold that can be withdrawn per day and access to particular bank tabs (e.g. general mats or equipment for lower levels vs elite tabs).
- Even the highest ranking members may have limits of GB withdrawals – to impede a potential hacker if their account is ever compromised.
- Have a clear policy on what items should be withdrawn for – e.g. for personal use of toons within the guild but not to be sold &/or for guild raids etc. (Of course, the guild officer may need to sell items accumulating in the GB if it gets overstocked – with the profits returned to the Guild treasury.)
- Officers particularly should keep an eye on GB logs, checking for any suspicious withdrawals.
- Similarly, the ability to invite new members to the guild and promote/demote members is often restricted to higher levels. One way a hacker can clear the vault is to invite a large number of alts or accomplishes who s/he then promotes to high rank.
- If a guildie is acting out of character and suspiciously (ie rapidly logging on and off characters, not responding to tells or doing so abruptly, making massive withdrawals from the GB, inviting multiple new members to the guild & promoting them, all of the above – especially in the early hours of the morning) then see if you (or another guildie who knows them) can contact them out of game. There may be valid reasons for each of these behaviours – but it is also possible that their account is being hacked as you watch. The sooner your guildie can change the passwords and get in contact with Bliz, the sooner steps to correct the problem can be made.
There are probably 2 main reasons for a Guild Bank – for members to share resources and /or to help equip guild members for raids. Different guilds have different policies on deposits and withdrawals – for some a certain level of depositing is compulsory, for others it’s entirely voluntarily, some guilds pay for repairs either generally or for raids and may help out with mounts etc, while others don’t. However, in general players contribute either items that they can’t use (e.g. stacks of cloth or mats, armor and weapons for another class or level, patterns and recipes etc) or that they have made especially (potions, enchants, gems, glyphs etc) that can be of use to their guild mates. It is probably a good idea to give only what you feel comfortable in doing and can afford to part with. Also, there are other ways of helping the guild – giving such items to guild members directly or by helping with quests or taking a lower level guildie through an instance, working on a guild website or on recruiting new members etc.
In most cases if the player (whose account has been hacked) reports it (the sooner the better) Bliz can recover the majority of the equipment and gold that was stolen. In the less common cases in which the guild has been dissolved, they may well be able to restore the guild – at least in terms of name, tabard, bank etc.
A famous person once said “Do not store up your treasure on earth, were thieves, moths and rust [and hackers] can destroy – rather store up your treasure securely in heaven”(paraphrase of Jesus of Nazareth ). Having our guild hacked (and disbanded) has been a good reminder not to get too attached to transient, ephemeral things – but instead to value what really matters and lasts. In the meantime, it is yet to be seen whether our new, small guild will survive this disruption.
Kharin