I don't know if anyone imagined a decade ago that active usernames and passwords for online games would become a major target for thieves and hackers. This isn't your banking information, after all, but an account for a game like World of Warcraft turns out to be quite valuable to criminals. A high-level character can have its items stripped off and sold in a matter of minutes. After the resulting gold is quickly transferred to another account, it is traded for real money through a gold seller. From a thief's perspective, it's a good return for a relatively low risk.
Character theft is on the rise and a growing number of trojans and viruses are being targetted at game accounts. Here is a breakdown of the major threats and some tips on how you can best protect yourself.
One of the primary means used to obtain passwords is "phishing," and it's no accident that this term sounds exactly like "fishing." Typically it involves a fake email or fake Web site that prompts you to enter a username and password for the game. Thieves often pose as developers or game community managers, and they even try to use email addresses and URLs that are similar to those of game's official site.
It's relatively easy to avoid becoming a victim of phishers. No legitimate game company will ask for your password in an email. You might, on occasion, be asked for your username, but they don't need your password for anything. If the email is actually from the game company, they will be able to override the password on your game account anytime they want without your help.
Some games use the same login information for their official forums as they do for the game itself. Familiarize yourself with the URL of the game's official site and bookmark it if you plan to visit regularly. Beware of strange URLs linked in game chat, even if they appear to be from someone you know. The first thing a phisher or hacker will do with a compromised account is try to draw friends of the account's rightful owner into the trap.
Trojans and Keyloggers
Many recent trojans and viruses also place a keylogger on the infected system, which can record keystrokes and send them to another party over the network. This is a common way of obtaining passwords without the user's knowledge. A trojan can be hidden in any executable, and they often come disguised as game cheats or hacks. Keep in mind that someone offering you cheats and hacks for a game probably isn't very trustworthy, and could simply be trying to infect your computer.
It is important to be careful about running any exectuables from questionable sources on your system. The best approach is not to run any program from a company you don't trust.
Using a virus scanner can help, especially when downloading and installing new software. A firewall can also offer some level of protection against trojans, as they typically try to connect to the Internet to send the information they have gathered. If your firewall notifies you whenever a new or changed program tries to access the Internet, you can usually catch malicious software in the act.
Sharing Account Information
It's always wise to make sure your Web browser, operating system, and security software up to date. Windows users should by now be very accustomed to the constant stream of patches released by Microsoft, and most software these days offers a straightforward way to get the latest updates directly from the developer. These updates frequently address vulnerabilities in the software and make it harder for hackers to exploit your system.
Choosing a Good Password
Not all passwords are created equal. I once read that the most common password is "password" - a very bad choice for a password. Your username is another example of an extremely poor password. Avoid using terms people might guess correctly, make your password at least 7 or 8 characters long, and throw in some numbers, punctuation, or uppercase letters. Some programs will actually try a list of common or short passwords on a given username in hopes of finding a match.
It is also prudent not to use the same username and password for every game, site, or forum you visit online. If a forum, for example, is being run with ill intentions, the owner may try usernames and passwords used to access the forum in a popular online game. You may find that keeping track of numerous different names and passwords can be a hassle, but there are free programs available that will consolidate all of this information under a single login.
For those who want the highest level of security, some game companies, notably Blizzard, now sell "authenticators." These are devices that generate a random password used in conjunction with your regular password, and they are extremely difficult for intruders to circumvent. Blizzard's Authenticator for World of Warcraft costs a few dollars, but for some people it's well worth the peace of mind.