Whilst the WoW game itself is relatively safe, there are several things you can do to protect your account, and information you have on your PC, from people who want to steal it. WoW accounts sell for a considerable sum on the black market.[1] Thieves do not care that you spent five years getting a full set of T9 gear on every character[2] - they will sell it for the few pieces of gold they can get and transfer the money to gold farmers to make real world money.[3]

Some of the things you can do to protect yourself are:

  • Keep your Computer safe
    • Keep your computer updated with the latest security patches from your operating system provider (typically Microsoft or Apple)
    • Install good security software including anti-virus, firewall and spy-ware checkers
    • Run a daily virus scan and on ANY file you download from the internet or from a friend's CD or USB stick or similar and turn off auto-run
    • Run a spyware scan at least once a week
    • Create a low-privilege account on your PC that does not have administrator rights. Use this for everything except when you need to update WoW or your other programs, or to run a full virus scan.
    • Password-lock your administrator account.
  • Run WoW safely
  • Surf the web safely:
    • Check web page links before you click on them
    • Check the link matches that listed
    • Use anti-phishing addons
    • Use NoScript[6] for FireFox

If this seems like a lot of effort, remember how long it took you to get all the gear you now have. Note also that it can take up to three weeks to get an account banned for botting and spamming (by the hacker) back. Some of your gear may never be retrieved completely.

Keyloggers will also have been after your log-in details to payment sites (such as PayPal), shopping sites (such as Amazon) and your bank and credit card details, so you may lose money in real life too.

The information on this page will never mean that your are 100% safe, as criminals are always coming up with new ways to "beat the system". However, like the camper who stopped to put on running shoes when his friend was already running from the bear, if you follow at least some of this advice, you will have a better chance.

Keep Your Computer Safe Edit

Keep Your Computer UpdatedEdit

Computer programs are complex things, written by fallible human beings. As such they may contain unintended flaws. One of the most frequently used ways of getting malware onto a computer is to exploit one of these flaws.

As a consequence the companies, or, in the case of Unix and Linux, the communities, who offer these operating systems (literally the programs that operate your PC), have to issue updates (patches) to fix them. These may address urgent security flaws, that could allow a criminal to craft a web page that could install malware (malicious software[7]) on your PC. Or they may be fixes to things like drivers (pieces of code that drive a piece of hardware to do something) for your peripherals (such as your monitor or printer) or internal hardware (such as your graphics card or hard disk) that make your game go wrong. Every couple of years, the company may bring out a major new version, such as Windows 7, or Vista from XP. Typically they will have better security, but, may also introduce new faults too. Good advice is "never install version x.0 of anything". For Windows, when Service Pack 2 is issued, most of the major holes will have been addressed.

Malware used to be typically written to show off a cracker's skills, or cause damage by corrupting or deleting a user's files [8]. However, as broadband access became widespread, criminals realised that it was much easier to spy on a persons computer as they typed passwords into their banking website than to rob a physical bank [9].

Though it is often claimed in forums that Apple and Linux users are "safe", this is increasingly being challenged as criminals realise that these users have grown accustomed to being lax about security[10]. Vista's claim to be "more secure than previous versions" has also come into dispute in a recent survey of malware infestations [11].

Consider using software such as the free Secunia Personal Software Inspector to check all your other software is up to date. A full scan from a security suite such as Kaspersky Internet Security will also advise you of software with known vulnerabilities.

Windows UpdatesEdit

Microsoft tend to issues weekly on "Patch Tuesday" but may release urgent fixes to address serious flaws at any point. If you trust Microsoft to get fixes right most of the time, or cannot be bothered with security stuff, then set Windows to automatically update with the latest patches as follows:

  • Log on to the account with administrator privilege
  • Click on Start (the windows button in the bottom left of your screen)
  • Windows Update (if it is not here, try Control Panel > Windows Update)
  • Click on Change settings
  • Select Install Updates Automatically, Every Day and choose a time when your computer will be logged on, but it will not affect game-play (such as 7 in the morning if you power up your computer then to check e-mail)
  • Check the boxes to "Include recommended updates" and "Use Microsoft Update"

If you are less trusting of Microsoft's ability to generate fixes that work and do not break something else[12], then you can choose a different setting.

Mac OS-X UpdatesEdit

Mac OS X has a software update tool:

  • Click on the apple logo in the top left hand corner of the screen
  • Click on Software Update

For help on updating your Apple Mac, including how to set it to run automatically, see the Apple website "Mac OS X 10.5 Help".


If you are running WoW on Linux, you are probably technical enough to know how and why to update it. Otherwise, contact your Linux provider for information on how to download and install updates.

Other Software to UpdateEdit

If you do not have version checker software, then check regularly for updates to:

  • Security software (preferably set to update daily)
  • Browser software such as IE, FireFox, Chrome and Safari
  • Portable document format readers such as Adobe or Foxit
  • Web content add-ons such as Adobe Flash, Real Player, NoScript and Silverlight
  • Office software such as Word, Excel, Lotus or Open Office
  • any other software installed on your computer such as games

Typically the software will have an option under Help to "Check for updates".

Install good security software Edit

Whilst free security programmes offer a bit of protection against some known viruses, like the difference between free plastic bags and the strong re-usable shopping bags, the paid-for software on the whole will work better in the long run. For gamers, the paid-for software tends to run faster (with some notable exceptions) and be less intrusive, often with an option to run in "game mode" that is not available with free software.

Necessary Software Edit

As a minimum you will need:

  • Anti-virus - this checks files on your computer and that you download from the internet or media like USB sticks for software that should not be there and will cause your computer harm
  • Firewall - this sits between crackers and your computer and checks that the request to access your computer is legitimate

Ideally you should also have something to check for spyware, which, though it may not harm your computer, tends to send more personal information than you have authorised back to the company that created it. In the worst-case scenario, it may cause system instability [13], steal your email address resulting in spam[14], or result in Identity Theft[15] (where someone pretends to be you and opens bank accounts in your name, or even redirects your post). Anti-spyware will also check for ad-ware which slows your computer down and intrudes by popping up windows to their adverts. Typically these anti-spyware software are free, but they do require you to run and update them manually unless you buy a paid-for version.

If you think your computer is secure, and you do not need the hassle, try this tests:

Antivirus Edit

As the best software changes annually, see Anti-virus for an up-to-date list and reviews.

You may want to look for anti-virus software with a games mode, such as BitDefender GameSafe[16]. Whilst these will not afford as much protection as a full anti-virus suite, they are designed to minimise the impact on game play. For example, when gamer mode is switched on, pop-ups will be disabled, and the update to virus signatures will be postponed.

Firewalls Edit

As the best software changes annually, see Wikipedia - Firewall for an up-to-date list and reviews.

Anti-Spyware Edit

Two of the best programs[17] are also free:

Let WoW Wow You not Woe You Edit

Use a Strong Password for your Account Edit

Think of the password as the key to unlock your account. If it is too simple, it is easy to pick the lock. Words from a dictionary, pets names, birthdays and "password123456789" are all easily guessible, or, with software, can be fired at a website by a botnet (massive networks of malware infested PCs, thousands of them) until the password is cracked. A strong password, like a strong lock, means the thieves are more likely to be detected trying to break in, so will move on to easier pickings.

A strong password[18] is:

  • At least 8 characters long, preferably 12 to 14
  • Contains alphabetic, numereric and punctuation characters (e.g. my#2nake1s!0n_aplane)
  • Note however that passwords are case-insensitive! Don't rely on CaMeLcAsInG.
  • If written down it is encrypted in some way (e.g. if you write it in your diary, don't write down that it is a password; create a long list of fake passwords)
  • Can easily be remembered by you, and you alone (e.g. is a phrase from a book, and only you know which page and paragraph; initial letters of the fourth line of your favourite song)
  • Is never stored on your PC (any file could be stolen)
  • Is only used for BattleNet and is different to your eMail password
  • Changed regularly, at least every quarter


  • Never, ever, share it with anyone (e.g. someone telephoning or eMailing you or contacting you in-game "from Blizzard" saying there is a problem with your account)
  • If you do ever share it, (e.g. to allow your room mate to log on and tell your guildmates you are stuck in traffic), then change it as soon as you get home
  • Never let your younger/elderer brother/sister know your password, or shoulder-surf while you are typing it in. Get him a trial account instead

Use a Blizzard Authenticator Edit

An authenticator is a small key-fob device that gives you a One Time Password (OTP) to enter in addition to your normal password, thus ensuring the user has something as well as knows something. These are cheaply available from the Blizzard store. Note that they are not infallible - you still need to keep your PC free of key-logging malware. These trojans, such as emcor.dll[19], can intercept the code you type in, tell you that you have "entered an invalid code" and send the real code, along with your username and password, to a thief working in real-time. This is called a "man in the middle" attack.

Use a Separate eMail Address for BlizzardEdit

With the merger of accounts into BattleNet, you will now have to use an eMail address to log into WoW. It is highly recommended that you set up a separate eMail address to use for, and only for, logging into WoW and getting eMails from Blizzard.

  • For your paid for service, create a separate alternative eMail with a nonsensical extension such as
  • For free mail services such as GMail, CryptoMail (secure), HushMail (secure), MSN Hotmail, S-Mail (secure, but Windows/Linux only), or Yahoo, create a unique but nonsensical address such as or
  • Set the Secret Question to a custom question (where possible) and treat this like you would a password
  • Do not use an email service where you cannot choose a custom question (names are easily guessable)
  • Uncheck "Remember Me On This Computer" whenever you log in
  • Set the Secondary Account field to another new email address that you do not use, ever, except when you have forgotten your password. If you have to use it to recover the password, then delete the account and create a new one

Clear Stored Fields and FilesEdit

Be aware that this eMail address may be recorded if you use a public computer, so if you HAVE to use one to read Blizzard eMails or run WoW, (or you use a laptop that might be stolen) then:

  • Turn off the browser Auto-Complete function[20], or remove the field from the list[21]:
    • Navigate to the form containing the field that has a saved value that you want to delete
    • Click on the field so that your cursor is in the text field
    • Press the down arrow until the value is highlighted
    • For Microsoft Internet Explorer - press Delete and the value will be removed from the saved form history
    • For Mozilla FireFox - press Shift and Delete together
  • When done:
    • Remove any cookies on the PC[22]
    • Clear down any Temporary Internet files
      • On IE, Tools > Internet Options > Advanced > Security > Check "Empty Temporary Internet Files folder when browser is closed"[23]
      • On Firefox, Tools > Options >Privacy > check Always Clear My Private Data[24]

Install Blizzard Updates via the LauncherEdit

Blizzard have supplied a launcher which should automatically download and install updates for you. This is particularly useful when there is a large patch as they typically make it available in sections which can be downloaded over several days, thus reducing the impact on your PC and their server. More information is at the Blizzard Background Downloader FAQ and Blizzard Downloader FAQ.

However there are times when the background downloader does not work. This seems to be an issue with Windows Vista users who allowed Blizzard to automatically create the Public > Games > World of Warcraft directory, though it also occurs with Windows XP users. Blizzard believe it could be conflicting background applications[25], though its advice on closing background services requires more technical knowledge of Windows XP[26] or Vista [27] to carry out safely than most non-expert PC people have. The advice on updating Windows is relatively sound. Or it could be a problem with security software conflicts, or the downloader itself[28]. One option to try is to backup the entire directory to a removable hard drive, delete the original and create a new c:\users\public\games\World of Warcraft directory from the administrator account. There are other issues and solutions scattered through the US and EU support pages and EU Technical Support Forum.

If you find you are still unable to download the patches, having followed all the forum advice, then the best option is to copy the WoW-n.n.n.nnnn-to-m.m.n.mmmm-enGB-downloader.exe file from a computer or user you trust to have a "clean" PC. Run your own virus checking software on the download media or email before your copy it across. Running this should download the patch direct. There are many mirror sites listed (including those on WoWwiki) but these have frequently been attacked by crackers, with the purpose of installing malware to capture account information. Use these only as a last resort, and check any listed URL by copying it and running a Who-Is query at a reputable site, such as Network Note that you may have to remove the "http://" part if the site requires it and leave just the first main part (up to and including, for example .com or .org or The second complication is obfuscated URLs[29]. If the URL contains the "@" character or "%40" then it will redirect you to the site after those characters. In short, if you are not sure it is safe, do not use it and contact Blizzard Technical Support for help.

Never Share Your Account Edit

Blizzard is very strict on this[30]:

"Blizzard does not recognize the transfer of WoW Accounts or Blizzard Accounts (each an "Account"). You may not purchase, sell, gift or trade any Account, or offer to purchase, sell, gift or trade any Account, and any such attempt shall be null and void."
"You are responsible for maintaining the confidentiality of the Login Information, and you will be responsible for all uses of the Login Information, whether or not authorized by you."

This includes the use of "power levelling" services, sharing with a friend or spouse, etc due to the risk of the account being compromised, the contents sold and emptied (either to earn real-life money or for revenge). This costs Blizzard time and money to resolve and takes away time from legitimate users of the game who have to wait longer for legitimate issues to be resolved. The consequence of Blizzard finding you responsible for account sharing ranges from a temporary ban through to deletion and permanent closure of the account with no restitution. Gold buying may also result in account compromise, banning when discovered, or, worse, mis-use of your credit card, or even identity theft.

Exception for MinorsEdit

The ONLY exception allowed is if you are an adult, you are allowed to open account on behalf of a minor child (in the UK this is below age 18, may vary by country)[31].

"You agree to these Terms of Use on behalf of yourself and, at your discretion, for one (1) minor child for whom you are a parent or guardian and whom you have authorized to use the account you create on the Service."

Surf the Web Safely Edit

The internet has been likened to the Wild West[32], travel at your own risk. So how do you protect yourself better?

Look Where You are Going Edit

Not all web page links point to where you think they are heading. Take for example Thís Link to a joke.

Hands up if you clicked on it?


  • check in the status bar, or when you hover over it that the link matches the site it says it lists
  • watch out for unusual characters like í instead of i
  • check the file extension on the link, for example, be careful or, or avoid, any file format that does not end in .htm or .html unless you are actually planning to download a file.

File Extensions Edit

Information is held on computers in files. Under Windows, each of these will have three or more letters at the end after a dot such as file.htm or file.html. This file extension is used to tell the computer what to do with the file, and which program to use to open it. By default, Microsoft hides file extensions on files, but this can be easily changed. This default is dangerous, because if someone sends you a file called IKilledYou.jpg, you may think it is a picture, but if file extensions are hidden, and it is really IkilledYou.jpg.exe, it may contain malware which will be automatically run as soon as you open it.

In particular be careful of files sent to you, or links with, the following extensions:

Get a Look-Out Edit

Consider installing anti-phishing software[33] that warns you if a link may lead to a known "dodgy" page. Examples include:

  • IE or FireFox: Netcraft toolbar (free)
  • McAfee SiteAdvisor (free) or SiteAdvisor Plus (paid for)
  • FireFox: NoScript add-on to prevent cross-site scripting

Beef up Your Browser Edit

Consider changing to another web-browser that has a better record of preventing and fixing issues than Internet Explorer, the default browser supplied with your PC. Examples are Mozilla FireFox for Windows and Linux and Camino for Mac.

For e-Mail and newsgroups, you may want to look at Mozilla Thunderbird, or SeaMonkey which will also integrate your instant messaging.

Internet Explorer Edit

If you must use IE, make the following changes to IE to improve on the default security[34]:

  • Open IE
  • Go to Internet Options > Security > Internet, then press "Default Level", then OK.
  • Press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

From now on, you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.

Sites that you are sure are safe can be moved to the Trusted Zone in Internet Option > Security. Though as servers can be hacked and defaced, it is better NOT to add any sites to this zone, but always prompt.

Is that e-Mail REALLY from Blizz?Edit

"You have been reported for spamming and your account is now on a three day ban. Please click on this link if you wish to dispute this decision"

Now the message "from" says it comes from but the "from" can VERY easily be spoofed so how can you tell if the message is genuine ... or not?

There are several technical ways of doing it, but firstly, simply try logging in to your account. No ban? The message was not genuine. If you have been banned, then ignore the e-Mail and go DIRECTLY to the Blizzard Account Support pages [6][7][8]. If you really must follow the link, then right click on it and COPY the link and paste it into your address bar. Does the link have funny characters or extra ones? Does it have a Tiny URL - in which case copy it and use the preview facility: instead of going to go to for example. However, opinion is divided on the security and privacy of these shortened links [35], so use with care.

If the link is malware, and you want to take a step further report the spammer, then consider joining SpamCop [9].

Hackers use clever "social engineering" techniques to make you feel worried ("account banned") or clever ("get ahead with this hack") and do things in a panic that you would otherwise stop and think about. Other types of e-Mails you may receive include:

  • Buy gold, no more grinding, get ahead
  • Clever flying hack
  • Automate your fishing/mining/other boring repetitive stuff

ALL of these (even if not infested with malware) would break Blizzard's terms and conditions of fair play. They could (and have for other players) resulted in bans or out-right account termination (no more World of Warcraft, bye-bye Level 80 characters...).

Make your e-Mail client saferEdit

If you use Outlook, then turn off Mail Preview for your Inbox folder and right-click on genuine messages to set up Rules to automatically move them to Folders and on the address to add it to your address book. Treat all other e-Mails with caution.

Consider using a different e-Mail client to Microsoft's.

Turn off HTML viewing. This will depend on your e-Mail client. Read the Help file.

Check that Instant Message Edit

Apply the same caution when using instant messaging.

How do you know it is your friend on the other end, and not his spiteful kid brother who is using his logged in account whilst he is out, or your worst enemy who has found out the password, or even a hacker from Russia or China? One of the most successful social engineering hacks is being carried out by a "Rasputin bot" or "SlutBot", that pretends to be a lovelorn human male or female[36].

When using Instant Messaging software (IM, Yahoo! Messenger, IRC, mIRC, ICQ, AIM, WLM etc):

  • Configure it using Tools > Options (or similar) to require contacts to be approved
  • Share the minimum of personal data (especially your birthdate) with "everyone"
  • Set it to prompt you to check links, approve video requests etc
  • If you use IM on any other computer, change your password when you return [37], as you don't know that your friend, or neighbourhood internet cafe, has not unknowingly installed a keylogger. (This is also good advice if you play WoW at a friend's house, change the password when you get home).

You may prefer to switch to a different multiple-access IM (readers are strongly advised to check for security issues and reviews before installation!) and change all your passwords regularly. These include:

Safer Websites Edit

Note that some of these websites have also been known to have been hacked[38], and no website can ever be considered truly safe. However when they are, due to their popularity, news of the hack gets out sooner. This list should help you identify real versus spoof sites (check the history page to ensure this page has not been edited!):

  • Blizzard US:,
  • Blizzard Europe:,,
  • Add-ons:,
  • pictures:,,
  • Movies:,,
  • Quest and item information:,,,,,,,
  • News:,,
  • Tactics:
  • Character improvement:,,
    • Druids:
    • Druids, Balance:
    • Mages:
    • Paladins, Holy:
    • Paladins, Retribution:
  • Combat log parsers:,

Further Reading Edit

For more information see:

Blizzard Forum Links Edit

References Edit

  1. ^ 'Vuln left me naked and penniless' - - The Register, April 2007
  2. ^ "Guild Member Hacked and Banned" -, WoW Europe Forums, May 2009
  3. ^ "Cursor hackers target WoW players" - BBC News, April 2007
  4. ^ "*IMPORTANT* - Account Security" - - Blizzard Support
  5. ^ "*IMPORTANT* - Account Security" - - Blizzard Support
  6. ^ "NoScript" - -, October 2009
  7. ^ Malware - - Wiktionary, March 2009
  8. ^ Malware - - Wikipedia, 2009
  9. ^ Virtual Criminology Report - - McAffee, July 2005
  10. ^ World's first Mac botnet - - Guardian newspaper, April 2009
  11. ^ "Vista security credentials tarnished in malware survey" - - John Leyden, The Register, May 2008
  12. ^ "Problem with KB951748 XP Update in Windows Update" - - Windows Community Forum, July 2008
  13. ^ "Spyware Effects and Behaviours - - Wikipedia, May 2009
  14. ^ "Anti-spam bots - - Audit My PC, May 2009
  15. ^ "Spyware Identity Theft and Fraud - - Wikipedia, May 2009
  16. ^ "BitDefender - GameSafe Antivirus Defence review" - - IT Reviews, November 2008
  17. ^ Spyware - Remedies and Prevention - - Wikipedia, May 2009
  18. ^ "Guidelines for strong passwords" - - WikiPedia, October 2009
  19. ^ "Hacked with Authenticator - Blizzard EU Forums, 27 Feb 2010 -
  20. ^ "How to use the AutoComplete feature in Internet Explorer 5 and 6" [1] - Microsoft Knowledgebase - 24 January 2007
  21. ^ "HOWTO remove form field completion values in Firefox" - [2] - Jason Clark - 25 June 2007
  22. ^ "How to delete cookies..." - [3] - Pinsent Majors - 22 October 2009
  23. ^ "How and Why to Clear Your Cache" - [4] - Microsoft - 30 June 2006
  24. ^ "Set Firefox To Clear Temp Files, History etc. On Shut Down" - [5] - - Mark O'Neill - 14 December 2008
  25. ^ "Does your Blizzard Downloader fail to launch?" - - World of Warcraft Technical Support, May 2009
  26. ^ "Turn Off Unnecessary Windows XP Services" - - Jason A. Nunnelley, April 2005
  27. ^ "Tweak Windows Vista services the right way" - - Greg Shultz, June 2008
  28. ^ "Download todays patch over and over" - - Neerdia of Rising Storm, April 2009
  29. ^ How to Obscure Any URL - - PC Help, January 2002
  30. ^ WORLD OF WARCRAFT® TERMS OF USE AGREEMENT, Section 11 - WoW US, 29 July 2008 -
  31. ^ WORLD OF WARCRAFT® TERMS OF USE AGREEMENT, Section 3 - WoW US, 29 July 2008 -
  32. ^ "Internet is becoming as lawless as the Wild West, report peers" - - Times Online, August 2007
  33. ^ "Netcraft Toolbar" - - CNet Reviews, Feb 2007
  34. ^ "How did I get infected" - - Geeks to Go, May 2009
  35. ^
  36. ^ "Beware the CyberLover that Steals Personal Data" - - Sandra Rossi, Computerworld Australia, 2007
  37. ^ "Password Stealers Sit on Popular Download Sites" - - Erik Larkin, PCWorld
  38. ^ "ImageShack hacked in oddball security protest" - - The Register, 13 July 2009

External links Edit