THE BAD NEWS:

Credit fraud is growing by leaps and bounds, following the massive increase in the number of people who have credit cards. Lots and lots of credit cards. And the internet. Lots and lots of de Internetz.

We have login names and passwords for a hundred different sites, many of which we can't even remember. We use credit cards for purchasing everything from Christmas presents to games to donations to baby seal band-aid foundations. We are so used to giving out our information online that we hand out our SSNs and personal information to dozens of faceless, formless entities each year.

It is no surprise then that a lot of fraud finds its way to us via the gaming worlds that we love. Within the past week on good ol' Crushbone server in EQII, I have witnessed live several screaming sessions in the chat channels as people discover empty guildbanks, missing items, money, even characters.

The collective tears of ubers would fill a swimming pool, but the cries of SOE YOU %@$# BASTARDS!! was heard all too often. SOE?

Uh, folks. Get real. SOE likes your monthly subscription fee. They didn't steal your account or post your login info to EQ2flames or write it on the men's room wall. They didn't flush confidential account information out with the industrial waste flowing to the ocean.

Game companies have massive safeguards in place to prevent people from hacking logins and passwords from the encrypted, secret servers kept in lead-lined rooms, buried under 300 feet of ocean floor and lined with kryptonite, surrounded by coprolites, and within a liquid bath of Miller Lite (not even a desperate Dwarf drinks that stuff). OK, so I am speculating a bit, but believe me, all game companies take this stuff seriously.

I don't recall hearing of a game company in recent years compromising private information, unlike say, Beacon Medical Services.

So how else can people steal your stuff, your precious, precious stuff if SOE and others aren't handing it out?

Oh, let me count the ways, and I am sure I am missing a few:

*People share account information with in-game friends, real life friends, and guildmates they don't even know that well. This is not new, and I remember many, many cases like these back when I was a Guide; seems people have not learned yet. Heck, ex-spouses were often cited for clearing and deleting items. Hell hath no fury and all that.

* If you have EVER bought gold from a gold seller, you have given them your credit card info. As soon as your payment is successfully transferred, they know they have a WINNAH. And you, yeah... you're the loser. LOOOO-HOOOO-ZER. That'll teach you for violating the EULA.

* If you have ever paid for a power-levelling service, you are a TWO TIME LOSER, because now the charming people have your account info as well as your credit card info, and you'll be lucky if you don't log on in your underpants. Nobody wants to see that.

* Just because you bought money or powerlevelling four months ago and haven't lost anything yet, doesn't mean you won't some day.

* You responded to a phishing mail, where someone pretending to be a game company (but usually featuring poor spelling, badly phrased lines, gimpy-looking overall design or all of the above) requires you to respond to them with login and password information. I've seen this sort of scam with a number of fake banks as well. Game companies never, EVER ask for your password. Make note of that. NEVER. So don't give it out.

* You picked up a keylogging Trojan, a particularly nasty and quiet computer virus that tags along with an executable. Game cheats and hacks, and oh yeah, PORN files are notorious for this (surprise!), but any executable is suspect. Keyloggers work by quietly tracking every keystroke you make on your computer. Get thee to a virucide!

Most major virus protection programs will pick up on known versions of Trojans, but they are not hard to write and can get thousands of people before being detected and stifled, relying on you to keep your virus protection program updated. Many can't be bothered to do more than twice a year... what, you think hackers go on holiday? They do this for fun and money, and you bet they are looking for you.

Yeah, I am updating mine as I write.
Again.



Fraud is a huge concern for SOE, and Brad Wilcox, head of Customer Service, talked about it at some length at the SOE Community Summit. Up to 35% of ALL customer service contacts have to do with fraud. THIRTY-FIVE PERCENT. Ye gods above and below, people, start looking after your information! The majority of these are not even in-game scams.

Brad explained that they receive hundreds of fraudulent subscription and game orders every day. When you see people spamming you for gold sales and powerlevelling, almost all come from accounts purchased with the use of stolen credit cards. Sure, the fraud is usually detected quickly, but by then the damage is done.

One of the most ludicrous things I heard on open channels was that "SOE allows scammers cause they want the box sales and subscription fees." This statement caused my eyebrows to writhe until they almost tied themselves in a knot.

SOE does not get to KEEP this money, you know. In fact, it costs them a great deal in man hours to track down scams and restore characters/items/money, not to mention refunding fraudulent charges as soon as someone reports their credit card being misused.

Yeah, they LOVE scammers. On a pike by the gates maybe.

THE REALLY BAD NEWS:

Sometimes everything you do is NOT enough.

The scammers are getting smarter all the time. Over this past week, a lot of game companies have been targetted (SOE among them) for fraud. This is bigger, far bigger than any one game company.

Nothing has been said officially, but I would imagine that every MMOG developer has people poring over information right now, trying to see if there is anything they can do to help their customers avoid these issues.

The companies themselves are not being hacked, but customers are definitely being affected. Speculation involves vulnerabilities involved with ActiveX controls, used for game launchers.

The first step is education. Get a cup of coffee, soda, beer, whatever you like and READ these articles. You owe it to yourself. While you're at it, then get your virus protection programs patching regularly till we get a better handle on what's going on.

ABC News: Password-Stealing Hackers Infect Thousands of Web Pages

"The attack code takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.

If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including the Lord of the Rings Online.

These online game passwords are a popular hacker target, in part because many online gaming resources can be stolen and then sold for cash."


McAfee Avert Labs Blog: Another Mass Attack Underway

"On the heels of recent iframe attacks, we’re currently tracking another mass compromise. This attack involves injection of script into valid web page to include a reference to a malicious .JS file (sometimes in the BODY, other times in the TITLE section). The .JS file uses script to write an IFRAME, which loads an HTML file that attempts to exploit several vulnerabilities, including:

MS06-014
RealPlayer (ActiveX Control)
Baofeng Storm (ActiveX Control)
Xunlei Thunder DapPlayer (ActiveX Control)
Ourgame GLWorld GlobalLink Chat (ActiveX Control)
This is one of those cascading threats, where one page leads to another and another, which leads to an executable, which leads to another and another. At least one of the payload trojans targets online gamers.

Preliminary research results suggest more than 10,000 pages were affected by this hack attack."


Oh it's all back on our heads, folks.
If you buy game gold or accounts, not only are you violating the EULA and TOS for your game, but you are buying STOLEN GOODS. Think about it.

This is definitely not fun and games.
Brasse