Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Watch out for Keyloggers/Account Security Thread

RiftFanRiftFan Member Posts: 239

Just a general watch out thread. Some people are starting to report that they were hacked after downloading some of these 3rd party DPS trackers and also after visiting some "fan sites" to use the soul calculator.



If you notice on the Rift boards a few of these are popping up. This game is getting pretty popular and some people see you as a source of income willing or unwilling.



Upgrade your anti-virus stuff.

/pray we get Authenticators someday

 

Edit:

http://forums.riftgame.com/showthread.php?109922-Protecting-Your-Account

 



Hey, everyone – Our first week in Rift and we all know that the game has attracted all kinds of attention.



I’m sure it will come as no surprise that while a lot of the new, sudden attention is fantastic (you), some of it is a lot less great (those who enjoy stealing accounts and passwords).



We wanted to let you know about some of the things we’re doing, as well as some of the things that you can do to minimize the chance of going through the horrific experience of logging in one day to find that your main is now naked, having sold off all of its gear and mailed all the coin of to a plat selling ring.



HERE’S WHAT WE’VE DONE AND ARE DOING



Our network and platform teams have been spending a lot of time on this over the past few days, and they continue to as I write this. They’ve been tracking down the sources where hack attempts are originating, and ensuring that it’s as annoying and slow as we can possibly make it for hackers to try to brute force their way into accounts. (Brute Force hackers depend on being able to try many thousands/millions of logins very rapidly).



We're already locking out suspicious locations in the world from logging in.



We'll also be implementing Last-IP address protection as quickly as we can, to make sure that you have to doubly verify if you're logging on from a different location in the world.



We are working on two-factor authentication, to keep you even safer. We're evaluating these solutions with all due haste.





HERE’S WHAT YOU CAN DO



Whatever you do, do not download random “hack” “cheat” or “keygen” programs. In many cases, they just install a keylogger and send your credentials back to the gold farmers the next time you try to type it in.



And just in general, accounts that do manage to find a way to hack tend to be locked out within a few minutes of actually succeeding at something anyway.



Our servers watch this all by themselves so when clients do anything shady, people find themselves suddenly unable to log in, and eventually banned.



80% of the hacked accounts we've seen are from keyloggers -- People who have software on their machine that's capturing their info and sending straight to the hackers. If you're hacked and changing your password and they're still getting in, that's why! You have to scan your system. Changing your password alone will just send them the info the next time you log in.



That's why being careful with what you download and run is so vital, and why keeping your system clean and scanned is critical.



Some programs that you might find helpful are

Microsoft Security Essentials

Adaware

SpyBot Search and Destroy



Run them. Scan your system. Then change your password to something that's got lowercase, uppercase, and punctuation in it.



IF YOU FIND YOURSELF IN THIS SITUATION



If your account has been compromised please know that you are our top priority and we are getting to you as quickly as possible. When submitting a ticket for assistance of this kind please ensure that you select “Hacked Account” as your category in order to get the fast possible resolution. Please also title your page as “hacked account” and include the character name and shard that has been compromised.




Cindy Bowens

Community Lead

Rift


«1

Comments

  • XforsakerXXforsakerX Member UncommonPosts: 124

    Man them hacker's sure start quick =/

    AMD Phenom(tm) II X4 955 Processor (4 CPUs), ~3.2GHz
    6142MB RAM
    NVIDIA GeForce GTX 260
    Antec Gaming Phenom
    Windows Vista™ Home Premium

  • DrowNobleDrowNoble Member UncommonPosts: 1,297

    Keep a security suite going.  If it has data protection, you can add your password (with the onscreen keyboard) so that if your password goes out unsecured, the suite should block it.  Connection to Trion's servers are encrypted so the suite would let it pass legitimately.

    Don't download 3rd party mods/addons.  This is why WoW has so many problems, people download several mods from different sites then wonder why their account got hacked.  The standard UI is fine, worry about dps charts later.

    Change your password at least every 2 months.  I usually change mine on every odd month (jan, march, may, etc).  Plus if you have another mmo account, don't use the same password for Rift.

  • KhrymsonKhrymson Member UncommonPosts: 3,090

    Originally posted by DrowNoble

    Change your password at least every 2 months.  I usually change mine on every odd month (jan, march, may, etc).  Plus if you have another mmo account, don't use the same password for Rift.

    Nah, I've been using the same password for everything for the past decade and to this day, still havn't been hacked.  Just gotta be smart about what sites you visit and keep a good anti-virus/firewall running like say AVG.

  • EbonHawkEbonHawk Member Posts: 545

    Hey fellow gamers...

    Don't know if ya know this or not but in Windows Vista and Windows 7 at least there is a little trick that can pretty much defeat any Keyloggers.

    All ya gotta do is go to your "Start" menu and type "osk" (without quotation marks) and bam! there you go an On Screen Keyboard that you use your mouse to type your password. 

    Undetectable by the keyloggers...

    Hope that helps...

  • RiftFanRiftFan Member Posts: 239

    Thanks for the sticky. Trion has obviously been hit by this. A lot of people looking for a dps meter installed keyloggers on their systems. Trion posted this and they are focusing on fixing hacked accounts first:

    http://forums.riftgame.com/showthread.php?108133-A-Message-from-Trion-Customer-Support

     


    A Message from Trion Customer Support



    At this time we are experiencing an extremely high volume of requests for support and are taking a much longer than expected time to get to your requests. We do appreciate your patience, as well as your part in helping to create this wonderful problem to have.



    Please know that this is not the level of customer service, nor the speed of response that you should expect from Trion Worlds Inc. We are taking steps to correct this situation as quickly as possible, however it will take us some time to get to the level of staffing necessary to provide the support that you deserve.



    There are a couple of things that you may be able to do to help us get you the assistance you need as quickly as possible.



    1. Our first priority is helping anybody whose account may have been compromised. If your account has been compromised please know that you are our top priority and we are getting to you as quickly as possible. When submitting a ticket for assistance of this kind please ensure that you select “Hacked Account” as your category in order to get the fast possible resolution. Please also title your page as “hacked account” and include the character name and shard that has been compromised.


  • SwaneaSwanea Member UncommonPosts: 2,401

    Originally posted by EbonHawk

    Hey fellow gamers...

    Don't know if ya know this or not but in Windows Vista and Windows 7 at least there is a little trick that can pretty much defeat any Keyloggers.

    All ya gotta do is go to your "Start" menu and type "osk" (without quotation marks) and bam! there you go an On Screen Keyboard that you use your mouse to type your password. 

    Undetectable by the keyloggers...

    Hope that helps...

    You're lucky you gave some good info there, otherwise I would have the mods ban you for such an avatar.

     

    Oh yeah, and just like with WOW, don't be silly about downloading stuff off the web and then wondering why you got keylogged!

  • EvasiaEvasia Member Posts: 2,827

    This!

    Will people ever learn?

    Games played:AC1-Darktide'99-2000-AC2-Darktide/dawnsong2003-2005,Lineage2-2005-2006 and now Darkfall-2009.....
    In between WoW few months AoC few months and some f2p also all very short few weeks.

  • AC1074AC1074 Member Posts: 274
    It's not really the players fault. To this day I still can't figure out how my WoW account was hacked by a gold seller. I had 2 antivirus programs on my comp too. Never ever ever bought any gold but did visit a few wow related info sites....thankfully I was able to get it recovered but totally had to change my battle net address, passwords, etc. Now I change passwords every so often. Somewhere somehow I was key logged.
  • RiftFanRiftFan Member Posts: 239

    Originally posted by Ad-am

    It's not really the players fault. To this day I still can't figure out how my WoW account was hacked by a gold seller. I had 2 antivirus programs on my comp too. Never ever ever bought any gold but did visit a few wow related info sites....thankfully I was able to get it recovered but totally had to change my battle net address, passwords, etc. Now I change passwords every so often. Somewhere somehow I was key logged.

    It really is the players fault. People could not live without dps meter so they downloaded 3rd party programs with bad protection and got owned by key loggers.

    Some people not using the official patcher for whatever reason and basically installing key loggers.

    I can't blame some people for wanting soul calculators and visiting sites to get it, but those sites were hacked.

  • skullquakerskullquaker Member UncommonPosts: 311

    i guest some people will never learn them famers dont waste time $9.00 for 2 plat all ready sky high prices im in wrong job good job site i know has a good rep and as been going for years

  • RiftFanRiftFan Member Posts: 239

    Originally posted by skullquaker

    i guest some people will never learn them famers dont waste time $9.00 for 2 plat all ready sky high prices im in wrong job good job site i know has a good rep and as been going for years

    They have been banning people left and right. Gold spammers do not even bother to post in general or whisper anymore because they get banned so fast.



    Only issue we have right now is people who found exploits in Alpha/Beta and thought Trion would just allow it.

  • wolvie3131wolvie3131 Member UncommonPosts: 196

    Originally posted by RiftFan

    Originally posted by Ad-am

    It's not really the players fault. To this day I still can't figure out how my WoW account was hacked by a gold seller. I had 2 antivirus programs on my comp too. Never ever ever bought any gold but did visit a few wow related info sites....thankfully I was able to get it recovered but totally had to change my battle net address, passwords, etc. Now I change passwords every so often. Somewhere somehow I was key logged.

    It really is the players fault. People could not live without dps meter so they downloaded 3rd party programs with bad protection and got owned by key loggers.

    Some people not using the official patcher for whatever reason and basically installing key loggers.

    I can't blame some people for wanting soul calculators and visiting sites to get it, but those sites were hacked.

    Yes , there are reports of being hacked , and some rather odd things with the reports are , from what I have read on the main boards are they are being stripped of money and items, but passwords and such are not being changed.

    You mention 3rd party parsers are to blame, and that as of yet has to be determined, as several of those saying they have been hacked are reporting they did not download the parser, visit external sites, have AV programs running , etc etc.

    lets face it your post is just your way of dropping your opinions on dmg meters ( it is a HUGE subject on the main boards)

    All I am saying is, yes it seems people are being hacked , from somewhere or something, but until you have ALL the facts , one should refrain from posting things that are entirely subjection on the posters part , and include that as a fact. you do the game, nor those honest people who got blindsided by a hacker no service.

    (side note  before you must have been hacked, you use a dmge meter blah blah) I do not use a dps meter , parser, nor have I been hacked in Rifts, I just find it silly one always wants to make the person hacked out as the bad person in all this the main boards are ripe with trolls and finger pointing, as well as idea's as to were the hacks are coming from, ( most of it stemming from the parser and add on debate)

      Either way happy rifting and my 2 cents.

  • sloebersloeber Member UncommonPosts: 504

    Originally posted by Evasia

    This!

    Will people ever learn?

     ^^THIS ^^

    I have been playing mmo's for over 10 years......never used plugins (3rd party software is for nOObs imho) and guess what.....i never got hacked in my life.

    so stay off the cheating programs and dps meters (nOObs cant manage agro without a meter.....moehahaha)

  • RiftFanRiftFan Member Posts: 239

    Originally posted by wolvie3131

    Yes , there are reports of being hacked , and some rather odd things with the reports are , from what I have read on the main boards are they are being stripped of money and items, but passwords and such are not being changed.

    You mention 3rd party parsers are to blame, and that as of yet has to be determined, as several of those saying they have been hacked are reporting they did not download the parser, visit external sites, have AV programs running , etc etc.

    lets face it your post is just your way of dropping your opinions on dmg meters ( it is a HUGE subject on the main boards)

    All I am saying is, yes it seems people are being hacked , from somewhere or something, but until you have ALL the facts , one should refrain from posting things that are entirely subjection on the posters part , and include that as a fact. you do the game, nor those honest people who got blindsided by a hacker no service.

    (side note  before you must have been hacked, you use a dmge meter blah blah) I do not use a dps meter , parser, nor have I been hacked in Rifts, I just find it silly one always wants to make the person hacked out as the bad person in all this the main boards are ripe with trolls and finger pointing, as well as idea's as to were the hacks are coming from, ( most of it stemming from the parser and add on debate)

      Either way happy rifting and my 2 cents.

    Well look at it the way one of these account sellers might look at it. I want you to download or goto my website somehow so you can install this keylogger.



    I have a few options. E-mails are tied to the account so once I know your facebook I typically know your first and last name and probably your primary e-mail.



    That is one option. Another option is have you download this awesome dps parcer I just came up with and have you do the work for me. I think Riftjunkies has maybe the only trust trust worthy one out there if you insist on using a damage meter.



    Then you have the people that instead of using the patcher that is right on the web page that can download at like 20mb/s they ue a 3rd party one. One of the HUGESTTTTT issues in Beta was people who used a 3rd party link and were using the Alpha patcher to access the Beta game.

    It has to be something and people using free virus scanners are not going to find it. The scanners are free for a reason.

     

  • SovrathSovrath Member LegendaryPosts: 31,937

    Originally posted by Khrymson

    Originally posted by DrowNoble



    Change your password at least every 2 months.  I usually change mine on every odd month (jan, march, may, etc).  Plus if you have another mmo account, don't use the same password for Rift.

    Nah, I've been using the same password for everything for the past decade and to this day, still havn't been hacked.  Just gotta be smart about what sites you visit and keep a good anti-virus/firewall running like say AVG.

    I have to say that I've only once had a problem and I'm convinced that it wasn't a problem.

    I've used the same password (a decent password if I do say so myself) and have never been "hacked". The only time I was told I was hacked was Turbine. They indicated that my account had been compromised. So after spending a bit of time on the phone I get the LOTRO account back only to find that nothing was touched. No characters had been moved and essentially, er "nothing was different".

    So either they had some sort of false positive on their side or they are so good that they caught the person before he/she could even get their hands on a character.

    Like Skyrim? Need more content? Try my Skyrim mod "Godfred's Tomb." 

    Godfred's Tomb Trailer: https://youtu.be/-nsXGddj_4w


    Original Skyrim: https://www.nexusmods.com/skyrim/mods/109547

    Try the "Special Edition." 'Cause it's "Special." https://www.nexusmods.com/skyrimspecialedition/mods/64878/?tab=description

    Serph toze kindly has started a walk-through. https://youtu.be/UIelCK-lldo 
  • tort0429tort0429 Member UncommonPosts: 297

    Originally posted by EbonHawk

    Hey fellow gamers...

    Don't know if ya know this or not but in Windows Vista and Windows 7 at least there is a little trick that can pretty much defeat any Keyloggers.

    All ya gotta do is go to your "Start" menu and type "osk" (without quotation marks) and bam! there you go an On Screen Keyboard that you use your mouse to type your password. 

    Undetectable by the keyloggers...

    Hope that helps...

    HOLY MOTHER OF PEARL!!!  Awesome!!!  Thanks for the tip.

  • sloebersloeber Member UncommonPosts: 504

    Originally posted by EbonHawk

    Hey fellow gamers...

    Don't know if ya know this or not but in Windows Vista and Windows 7 at least there is a little trick that can pretty much defeat any Keyloggers.

    All ya gotta do is go to your "Start" menu and type "osk" (without quotation marks) and bam! there you go an On Screen Keyboard that you use your mouse to type your password. 

    Undetectable by the keyloggers...

    Hope that helps...

     karma to you.....nice work around for those who use 3rd party tools.

  • CeridithCeridith Member UncommonPosts: 2,980

    Originally posted by EbonHawk

    Hey fellow gamers...

    Don't know if ya know this or not but in Windows Vista and Windows 7 at least there is a little trick that can pretty much defeat any Keyloggers.

    All ya gotta do is go to your "Start" menu and type "osk" (without quotation marks) and bam! there you go an On Screen Keyboard that you use your mouse to type your password. 

    Undetectable by the keyloggers...

    Hope that helps...

    This will help with 'dumb' keyloggers that only detect keystrokes, however it will not help against the more sophisticated that capture the value you're submitting.

  • BuffySBuffyS Member Posts: 5

    The only thing I'm afraid of is that maybe the server got hacked...

    I know, it didn't happen often in the past that the game servers were hacked, but e.g. in Runes of Magic it definitely happened.

    Months after I quit RoM (not even started it), I got a phone call from a friend still playing that crap asking me why I don't answer in chat. They even searched for me on the whole map. Then they saw my character running around as a bot...

    I used a unique password only for RoM (because I know that it is buggy crap), and even the best keylogger cannot record my password when I not even started the game...

    After my friend told me that, I wrote to the support and got my account back. Then I started the game... after about 2 hours (!) of updates, I was able to log in. So there is really no way a keylogger could have got my password..

    I don't even think that the game servers themselves are the problem... Since in RoM (as it is in Rift) the forum account is tied to the game account, I'm afraid that the forum could have been the problem. It's not that it never happened...

  • RenoakuRenoaku Member EpicPosts: 3,157

    Well you can get any type of key logger from almost any add-on or download from the internet. I find that AVG Works the best at preventing key logging, and such as I can't even visit a site that has spyware or any type of key logger or script on it because my anti virus stops it if it has been reported already.


     


    The most common type of Key logger though is from Add-on interface customizations which is how my WOW account got compromised 3 times in a row before. This was done from an add-on which I downloaded from curse gaming, and the safest way not to get such is not to download any type of add-on at all.


     


    Let’s say for example an add-on (Name Here) could become really popular, and legal for any type of game like Rift, or WOW, such as an interface mod. Anyways lets say everyone trusts it, and there is no account hacking, or stealing/compromise going on for months down the line, later on they can always add a key logger in the updated version, which steals all your information while the game is running, and sends such to gold farmers.


     


    You could also download Comm View which is a program that monitors the packets being sent from your computer and allows you to see everything that is being sent from your computer, so if nothing else on your computer is sending any information, you can see if there is an add-on sending information to any other IP, other than what the game is connecting to, and from there you can find out exactly who, and what add-on has been illegally logging and sending your information without your consent.


     


    I am also sure there are other programs out there that can monitor such, but over all AVG has the highest safety rating, and I have been with that company for 5 years. I also have the latest gaming router, and firewall installed on my router as well, and keep all my ports closed, and every single application itself on my computer has to ask consent just to use the internet for anything that all. This keeps out most viruses, and also allows me to manually bypass as an exception if I should ever need to.


     


    The only problem with AVG8 is the Toolbar itself will slow down your internet explorer a bit, however under the Link Scanner in the AVG Interface, I disable the option that says (Enable Surf Shield) otherwise it will lag a whole lot, and it still warns me about such sites when I am using Google, or any other search engine if it is an unsafe site.


     


    Also most accounts that get compromised are due to Add-On, or the user compromising their own account data.


     


    Hope this might help a bit.


      

  • CrazedBeaverCrazedBeaver Member Posts: 73

    I didn't get hacked.  I don't even have an account.  But I was in Beta.  And I did get an phishing email today pretending to be Trion.  I have no clue how anyone got that email address.  I only gave it to Trion for beta signup.  Maybe they have been compromised. 

  • Cosmonaut79Cosmonaut79 Member UncommonPosts: 175

    Originally posted by Swanea

    Originally posted by EbonHawk

    Hey fellow gamers...

    Don't know if ya know this or not but in Windows Vista and Windows 7 at least there is a little trick that can pretty much defeat any Keyloggers.

    All ya gotta do is go to your "Start" menu and type "osk" (without quotation marks) and bam! there you go an On Screen Keyboard that you use your mouse to type your password. 

    Undetectable by the keyloggers...

    Hope that helps...

    You're lucky you gave some good info there, otherwise I would have the mods ban you for such an avatar.

     

    Oh yeah, and just like with WOW, don't be silly about downloading stuff off the web and then wondering why you got keylogged!

    What's wrong with his avatar?  I like it!  Go Hawks!

  • LoktofeitLoktofeit Member RarePosts: 14,247

    Originally posted by Ad-am

    It's not really the players fault. To this day I still can't figure out how my WoW account was hacked by a gold seller. I had 2 antivirus programs on my comp too. Never ever ever bought any gold but did visit a few wow related info sites....thankfully I was able to get it recovered but totally had to change my battle net address, passwords, etc. Now I change passwords every so often. Somewhere somehow I was key logged.

    ...or you trusted the wrong friend/relative with your account info.

    There isn't a "right" or "wrong" way to play, if you want to use a screwdriver to put nails into wood, have at it, simply don't complain when the guy next to you with the hammer is doing it much better and easier. - Allein
    "Graphics are often supplied by Engines that (some) MMORPG's are built in" - Spuffyre

  • Skeeter870Skeeter870 Member Posts: 75

    There has been quite a number of Rift oriented trojans popping up on torrent sites lately as well.

  • LeemegLeemeg Member UncommonPosts: 230

    Originally posted by RiftFan

    [...]

    That is one option. Another option is have you download this awesome dps parcer I just came up with and have you do the work for me. I think Riftjunkies has maybe the only trust trust worthy one out there if you insist on using a damage meter.

     [...]

     

    So, a parser that has been out for the EQ2 community for 6+ years without any such complains, is not trust worthy?

     

    I'm refering to ACT, which is also used as damage parser for Rift.

    --
    Leemeg.

Sign In or Register to comment.