Guild Wars 2

Goshee’s Guide… To Not Getting Hacked! (and what to do when you are hacked!)

Hello readers!

As you may have noticed from reading these boards, a lot of people are having their accounts compromised, their gold removed and sometimes their characters deleted!

Now, some of you might be getting a little paranoid. You may be thinking, “How long until I’m hacked?” or “I don’t want this to happen to me, what can I do to stop it?”.

These are just some of the questions I plan on answering, so grab a quill and some parchment and get ready to take some notes!

Firstly before I begin, I am going to give you some useful links and advice on what to do if you find your account already compromised.

If you are in this position now, my first bit of advice is:

• Stay Calm!
  What’s done is done, you can’t go back in time and undo anything now. The best thing to do is continue reading this thread and follow the steps accordingly. I understand you might be angry or scared but please don’t take it out on other members of the board. Doing so may result in a forum ban and you will have only hindered yourself in the long run. Remember to try and be as polite and as resourceful as possible in such a situation.

• Secure your information!
  Immediately (or as soon as possible) begin changing passwords. (This includes e-mails, facebook, other gaming sites) Anything leading to your (or family members) bank details should take priority in such a situation. Change yours and have them change theirs if it is a shared machine. The most secure passwords usually contain both letters and numerics, as well as capitals and non capitals. Try to avoid using your birthday or your name. Complete gibberish is your best bet, provided you can remember it! If you can, do this on a different computer. (One unlikely to be infected with a virus). If you can’t, keep changing them every day until you know your system is secure.

(To be even more secure you can call your bank and tell them that your details have been compromised. Ask them to notify you of all transactions being made so you can confirm if they are legitimate or not.)

• Submit a Ticket/E-Mail!
  The sooner you get a ticket sent about your problem, the sooner it can be dealt with. Remember to be polite, accurate and resourceful. Explain what has happened, when it happened and anything else you think may be useful! You can send a ticket here: http://support.guildwars2.com/ (Click the “Ask a Question” link). Hopefully it will not take a lengthy amount of time. Remember to send only 1 ticket and only another once the previous ticket has been answered.

• Identify the Problem!
  After your ticket has been sent you will want to begin thinking of reasons as to how your account was compromised. Believe it or not, but the biggest reason for compromised accounts is account sharing. Followed by key loggers and hacked websites that hold sensitive information. Regardless of this, you will want to run a FULL system scan on your machine. The biggest threat is a key logger virus as it will not only have the information to your game account, but your other personal information (bank, email etc) as well. I recommend Microsoft Security Essentials (free) or Bit-Defender ($$$) to protect your machine. Remember to keep your anti-virus software updated all the time to protect against the latest threats. Hopefully once the scan is completed it will have found a virus and contained it properly.

(some argue that installing new anti-virus software on to an infected machine is still potentially hazardous. But unless you are willing to either buy a new hard-drive or completely wipe your current hard-drive, this is the only sensible option and one I recommend to inexperienced computer users.)

• Secure your information! Again!
  After you have found and contained a virus, it would be very wise to update all your passwords once again. Try and use different passwords for different things, don’t ever use the same password for everything as it only makes you more of a target. The only thing you can do now is wait until you hear back from ArenaNet.

• Be Patient!
  Being hacked isn’t a fun experience for anyone, just remember to be patient and hope that everything will be back to normal soon. You can also try and channel your distress into helping others in similar situations!

How to prevent having your account compromised!

Ok, now that that has been taken care of, I am going to give you tips on what you can do to prevent yourself from ever getting hacked in the first place. (Remember whilst these tips are certainly useful, you are never 100% secure and so should you never think you are!) So my first tip to start this off is!…

• Be Smart!
  A lot of the time, common mistakes can be avoided as long as you keep your wits about you. Stay sharp and keep an eye out for anything suspicious and you should be OK!

• Keep your Passwords secure!
  Remember to change your passwords regularly, because when someone manages to eventually find that password, it will not longer be in use! You should also avoid using the same password for everything. This means you should have many passwords to minimise the risk of everything being breached if your information is compromised. Use complex passwords (not overly so, you need to be able to remember them!) that use upper and lower case sensitivity, use numerical, alphabetical and symbols if you can! Try to avoid using things like your name or your date of birth as these things are often tried first. As said above, gibberish is best, but not to the extent you can’t remember it. Never write your passwords down either, there are some useful password protection services that allow you to store passwords securely. Though if you lose that password you are censored. It’s best to avoid writing them down anywhere, but if you feel like you have to, I would recommend such a service instead of the old stickypad!

• Don’t visit Malicious Websites!
  You should try and avoid any websites that are known to have malicious content. Websites with 128-bit encryption (the padlock you see in the URL bar) are generally secure, though don’t trust on that alone. Avoid any “gold selling” websites or “account trading” as not only is it against the rules but they are a prime source of account compromise.

• Don’t share your account with ANYONE!
  I’ve seen it happen so many times, someone gives their account details to a “friend” so they can help them. You don’t know whether your friend’s machine is secure, if you met them online you certainly can’t guarantee their 100% trust either. Just keep your details to yourself and encourage other users to do the same! This is the number one source of compromised accounts!

• Double Check that link!
  Before you open any e-mails, or any link for the matter. Be sure they are who they say they are! Look for mis-spellings or bad translations as they will probably contain malicious software or send you to a malicious website. Often links are hidden behind text to look like links, if you are using Google Chrome you can view the official link if you hover over it and look in the bottom left corner of the screen. Remember, the official website for the EU version of guild wars 2 is: https://www.guildwars2.com/en

• Have the latest protection!
  Anti-Virus software is important, especially this day and age with so much sensitive information being shared over the web and being stored on computers. Always, and I mean always! keep your Anti-Virus software up-to-date. This means that your computer will be protected against the latest threats as it knows what to look for. As mentioned earlier, I recommend Microsoft Security Essentials for a free service. Though if you are looking for that extra kick of protection, Bit Defender offers great protection especially against key-loggers!

• Keep the firewall on!
  Don’t ever turn your firewall off unless you know it is safe to do so. Even then still don’t do it, It’s not worth it! If you are having difficulties with a specific (legitimate) program trying to connect through the firewall, you can add it to your firewall’s “whitelist” of approved programs. Depending on what firewall you use will determine how to do this, just google your anti-virus software for advice.

• Scan and scan some more!
  You should routinely scan your computer for infections, the most dangerous of which is called a Key Logger virus. This virus takes a note of every single key you hit, logs it (stores it) and transfers it to a hacker. That means they can have your usernames, passwords and more. Deep system scans are recommended, they can take a large amount of time but it’s better to be safe than sorry!

• Keep your computer Organised & Efficient!
  Your computer (much like your room) tends to pick up a lot of junk over a period of time. You should do your best to keep it clean and organised as much as possible, not only will this make your computer run faster, but it can also make virus’ easier to find. You can organise your computer by defragging it. This will take a lot of time depending on when you last de-fragged the machine and how much data you have collected since. De-fragging your PC will effectively shift things around, making search queries a lot faster. You should defrag your computer every so often, if you are on Windows you can Analyse your system to see if it should undertake another defragmentation or not. (Doing this excessively can actually damage your hard drive, so read up on it before you do so!)

• Don’t tell your password to anyone!
  I’m sure you have seen it before. Someone will contact you, claiming to be an official employee of the game and ask for your account details to help assist you. Don’t give them it, report them for impersonating an employee of ArenaNet and warn other players not to trust them. Remember that an ArenaNet employee/representative will NEVER ask for your account name or password.

• Avoid playing from Public machines!
  Internet Cafes and public computer spots tend to be a big target for viruses. The best thing to do is simply avoid using any of your confidential information on such computers. You can’t be sure of their security, as such you should treat them as infected before even attempting to log on to anything!

NB – If your account has been compromised, I can’t stress enough how important it is to secure your bank details first. This takes priority over everything. Though as soon as this is done, remember to contact ArenaNet right away to minimise damage to your account.

That’s all I can think of for the time being, I hope you find it useful! If you think there is anything else that should be mentioned I would love to hear it and add it to the guide.

Happy trails and remember, play smart!

Keep An email address just for games and use another one for personal. that way if they compromise your game account the rest of your life is not taken away by hackers such as bank details Contacts etc..

Its also best not to use Your Gmail account that is linked to your Android Device as hackers could remote Wipe Your Phone Same thing goes with your iPhone if you use your @me email for your Guild Wars if that is comprised the could also Remote Wipe your iPhone or worse your computer.

if you have Gmail set up 2 Step Verification

http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744

Yahoo 2 Step Email Verification

http://www.askdavetaylor.com/enable_yahoo_mail_two-step_authentication_security.html

this makes it so if someone logs into your Yahoo or Gmail from an Unknown device it will send you phone a text or call with a code you need to enter to be able to login to the account.

Hotmail does not offer this at the moment so i would recommend making a Gmail or Yahoo email account for Guild Wars
Another thing with Gmail is if you login to your Gmail and all the way on the bottom is a link that you can see who has logged into your Gmail account
check this from time to time and if you notice anything odd change your passwords right away

this has helped me so many times from being hacked in WoW and other games as they need my phone to be able to login to anything.

keep your account secure these hackers will steal not only your in game items but your life to as most people have there bank info online Facebook etc..

I disagree about the part re: not writing down your passwords. If you live alone it should not be a problem writing passwords down, assuming you lock your doors at night and don’t live in an area where breakins are frequent. Not everyone is going to be technically savvy enough to use programs to remember passwords, and each has drawbacks.

Storing passwords only in an online service can make some people nervous even if the passwords have strong encryption and aren’t sent in the clear, and it relies on the online service always being available. Storing passwords only in your computer can cause problems if your hard drive has issues and you can’t access your password file(s). Storing both online and offline has advantages but relies on a dependable password service.

For those not wanting to deal with all of this, writing down passwords should be fine assuming others can’t normally get to those passwords. Writing down passwords like #hs*b8s@nd! is much better than simply remembering one or two passwords like “mypassword2012”.

Writing down your passwords is fine as long as you keep them in a secure and safe place. Obviously the part where it was mentioned was referring to writing down your passwords on stickypads on your desk for everyone to see.

Just keep the first tip in mind, be smart. If you write your passwords down that’s fine, just store them in a suitable location that’s out of sight and only you know about.

Edit: And by services I meant phone apps like the password vault on the blackberry. Which can have multiple layers of security! I didn’t mean online services.