How Matt Almost Lost 22000 Gold

OLYMPUS DIGITAL CAMERA

I forgot I had this post sitting in my drafts. It was written a few weeks ago. Here it is now with an important message to guild masters everywhere.

It was a warm and breezy Tuesday. Raid invites had been sent out. It’s the grace period where players are busy wrapping up their affairs and getting prepped for the raid. I slammed down a Coke because I had a feeling it was going to be one of those nights. Groups were organized during the preparation period with players specifically assigned to their vehicles and their roles.

Quick work. Next!

After toasting Flame Leviathan, the pull was set up for Razorscale. A quick countdown ensued and the Dwarven expedition team began placing their Dwarven engineering skills at work charged with getting harpoon turrets up quickly.

This is where the fun happened.

A level 1 Gnome Rogue messaged me.

“hey, its maddawg. can i get a ginvite?”

“Standby. Doing Razor.”

“o, ok.”

A few minutes later, we wrecked him and started opening up on Ignis trash.

“you guys all done in there?”

“Yeah, Razor down. Hop on vent for a sec, need to ask you something.”

“sry cant. at a friends house right now.”

I thought nothing of it and wired out the invite.

Of course, when you give an inch…

“hey, can i get promoted to officer? need to organize some stuff for the bank.”

This was followed by one of the swiftest guild kicks in the history of guild kickingness.

The vault of Conquest would not be breached today! We had around 22000 gold. That amount is just in hard currency and in the main bank (Offshore guild bank accounts? I wouldn’t be that paranoid. Right?) Including various raiding materials such as flasks, enchants, gems, and other things, the amount would have been colossal. It would have been enough to request a bailout anyway.

So what gave it away?

In one of the most failed social engineering tactics of this century, the Maddawg impersonator made several mistakes. More importantly, I had various defenses in place to protect against such infiltration.

Bad target

He didn’t exactly pick the most ideal target. I am perhaps the most paranoid guild master on the planet. That would be a result of Criminology program I’m enrolled in.

Restricted bank access

Freshly invited players do not get access to the bank. They can see everything but they can’t withdraw out of it. No cash, no flasks, and not even a single grey item can be pulled out without an officer signing off on it.

Authentication fail

The first warning sign I received was when he said he was unable to get on vent. Yeah sure there’s a multitude of reasons for that. Policy is still policy. I get instantly suspicious if I don’t hear a player asking for an invite.

Officer alt policy

No alts of any of the leadership including myself are promoted past a social rank for any reason. They are all aware of this and they agreed to it.

What was even funnier was just minutes ago Maddawg had said he was going to head out and to not expect to see him on for the rest of the evening. He wasn’t able to raid that night.

Image courtesy of woodsy

20 thoughts on “How Matt Almost Lost 22000 Gold”

  1. Wouldn’t it be better to require that people wanting to be added ask on their mains who are already guilded? “Hey, in a minute, I’m going to log on as Banklooter and ask you to invite me to the guild.” A little annoying, but how often do people get invited to the guild?

    Reply
  2. The sad thing, is the people who actually DO fall for this social engineering. There are a few stories of such events happening back in BC to a bunch of guilds. One actually made a video of himself ninja looting the top raiding guild on the server’s gbank.

    This would never happen to me, I am severely cautious about things. I even question people on their actual toons sometimes due to them saying things they don’t normally. So far, it’s all just been paranoia, but I like to be safe.

    Xylchs last blog post..Off Topic: Project Natal

    Reply
  3. It’s always been one of those things for me, really. Why would an officer want to get bank access on an alt when they already have bank access on their main? They could grab whatever they wanted, then mail it to the alt, thus negating the need for the alt to be past, as you put it, a social rank. Silly, silly scammers.

    Yet people don’t pay attention to details every day and get scammed.

    Beejs last blog post..The Worth of Franchise Fiction

    Reply
  4. All of our officer’s alts are promoted, but we do it the way Xylch mentioned – let one of the Officer’s know about it before you log on. Plus most of us keep our alts sequestered away until they’re a decent level.

    Adgamorixs last blog post..Arena fun

    Reply
  5. and here I thouhgt this was going to be a story of how someone stole your credit card, bought a bunch of gold, and then you ended up with it after all.

    that would have been way more exciting, get on that!

    Reply
  6. Same style attack happened on my guild last week, but they were more sophisticated. They first asked one officer for a invite claiming to be an alt. The way it went down it was a little fishy, but no big deal, they were invited and left at our lowest rank where there was nothing they could do to harm us. But then after a bit of time had passed, they contacted the GM who hadn’t been on when they were invited claiming to be another officer’s bank alt and needing access to the guild bank to sort some things and do some AH tasks.

    See how insidious that is? They have the look of a bank alt, because they are in the guild and low level. They know who all the officers are because of the rank listing on the Armory. It seems semi-legit. Luckily the scammer choose to impersonate the GM’s brother. Gkick.

    Reply
  7. It happened to me and I fell for it, being busy and trustworthy and all sorts of things a Mum is 🙁 I wrote about it on my blog…. http://guildmum.com/2009/03/guild-bank-robbery.html

    Was a horrible experience and I would encourage all guilds to be aware of it. Very pleased you didn’t fall for it. One “good” thing was that we have a limit on the amount of cash even Officers can take out, so we only lost 500g – the rest of the stuff was returned by a GM.

    Sephrenias last blog post..LOL – up go the Web Stats

    Reply
  8. I’ve implemented similar Guild Bank protections that others have mentioned: each player has only one “main” with Guild Bank access, no matter what guild role they fill. Upon reflection, however, I think I need to make the reasons for this more clear to the officers so they understand the importance of being very intentional when promoting players.

    Slimwits last blog post..Mag10 delivers a beating to Kologarn

    Reply
  9. Same thing happened to my guild a while back, except we hadn’t set limits on withdrawals, just limited some tabs. The guy made a killing with our lowest tabs.

    Blizzard did give us some back, though… And the real Officer who ninja’d the bank a few weeks later hurt us a lot more.

    We now have a strict policy: only the Mains of Officers have access to the higher tabs, and for limited daily withdrawals.

    Reply
  10. The number of attempts to gain access in WoW just pains me. The latest one we’ve seen is an in game mail allegedly from a Guild Officer indicating a link you should click on – the result is a keylog. The hacker will create a character with an Officer’s name includes an “i,” but the “i” is italicized thereby creating a different character. The italics is hard to pick up in the ingame mail.

    On the other hand, we had our Gbank wiped out completely in TBC. We were working through Black Temple and had acquired an enormous number of hearts of darkness. One week later, we would have crafted all our SR gear.

    An officer’s account got hacked. We had a limit on the number of withdrawals a character could make, but the officer’s alts (8 or 9 of them) all had the same level of access and we got wiped out.

    Blizz eventually reinstated everything, but it was about 4 weeks later, killing progression at a key moment. Also had a leadership blow-up with 2 officers (neither the hacked officer) and 1 other raider leaving due to things that were said. More of a last straw issue, but still hurt a ton.

    So the lessons are to, first, limit access to secured tabs to only officer mains, second, to restrict the number of withdrawals anyone (even officers) can make within a 24 hour period, and third, to get the keyfob and protect your hardearned virtual work product.

    Reply
  11. Yea we have had alot of attempts via in game mail and links but they have been somewhat frustrated by the fact that our guild officers name was short and not suitable for italics. So a his alt(and he isnt that young) starting off the very first round of mais with Hey Bro’s ….. clued us in pretty quickly.

    Had a few members get hacked and hit the withdraw limit. but are our only serious loss was between 3.0 and wotlk. Plan was to give free acess to all the crafting items that used to be restricted like plans/vortex/hearts for a week and then AH what was left before its value fell to close to 0. So within 12 hours somebody got hacked and cleaned it out… the amusing part was eventually we got it back by which time its value was fairly close to 0.

    Reply
  12. This did actually happen to us. An officer invited what he thought was my alt and promoted the scammer to officer, whereupon he nicked some gold, a couple of items, and (worst!) scammed some guildies out of a few thousand gold (“Can you lend me some cash, I don’t want to relog right now?”). Blizzard were excellent at sorting it out, but since then, people must ask on their mains to get an invite for their alt.

    Fayres last blog post..Oh, what horrors await you?

    Reply
  13. I encountered a similar situation with my ex-guild mid-BC.. sometime late at night I got a whisper from a Lvl1 Warrior claiming to be a fellow officer (‘Hi, it’s me N., my main seems to be buggy, can’t log in. Can you inv me, there is some stuff I have to organize..’)
    After a bit of exchange and a lot of pressure from his side ‘well GM, is sure gonna be mad, if het gets to know you don’t trust your fellow officers etc.’ I almost caved in and just to be sure decided to ask about a piece of personal information I picked up about him chatting on Vent… naturally he failed and I realized what could have happened if I had just sent out an invite and promoted the imposter.
    After this we noted down a set of questions and their answers in case of another attack on our precious belongings.

    Reply
  14. I’ve set up our guild so that no one has full access to anything but me. Officers have access to all tabs on their mains and all Officer Alts go into a rank that has no permissions for anything except /o chat. Additionally, all requests for alts to join absolutely must come over Vent without exception, even for the lower ranking members. I’ve been accused of paranoia as well but they quickly understand once I explain the damage that can be done when you’re careless with your guild security.
    .-= Wowmomma´s last blog ..Observations =-.

    Reply
  15. in a similar scam, don’t only (mis)trust guild mates/alts. but, remember that hackers know the innerworkings of the game well. and they know that people have friend’s lists. and they know that you can put notes on friends lists.

    i got a whisper from a RL friend the other day, on his main, and i’m fairly certain i know what was contained on my note on his friend’s list.

    this wasn’t an odd hour for this friend to be on, and it wasn’t on a night when he wasn’t supposed to be on [i.e. vacation].

    my friend whispers me, “hey, what’s up?”
    “not much, doing the tourney dailies. you?”
    “nothing, except this huge deal. i know i still owe you 2200 for the chopper, but can i get like 3000 more real quick? i’ve got a farmer here in IF about to dump me XXX stacks of saronite and titanium WAY CHEAP so that i can prospect/make titansteel/arrows/whatever”. [obvious paraquote there, but you get the point]

    so, i trust this friend. i’ve lent him gold before [i.e. see the chopper balance lol]. he’s always paid me back. i pretty much piss gold and making it in WoW is a hobby of mine. 3k is less than 1.5% of my gold [do the math, i’m not a goblin :), just efficient. ]. as i finish up the tourney dailies, and am preparing to port into IF, he’s pestering me.

    radar up. this is not like him. he’s my RL friend and i said i’d be there in a minute after the dailies. he wouldn’t pester me about to port in and give him gold. normally, he would: wait, small talk, port dala and come help me finish dailies, etc. he knows my fondness for pets…..

    then, at one point he calls me “mate”. a term NEVER used by him/us. radar not only up now, but pinging very loudly.

    so i say, “hey steve, i’m on my way to IF. oh, hey, are we still going to andrea’s on friday night for drinks?”

    [a] my friend is not named steve
    [b] we don’t have a friend named andrea
    [c] we don’t live in the same city any more and can’t get drinks together friday night 🙁

    his response: “yeah, i can’t wait.”

    “reported, get what you can from his account now”.

    before i even have a GM ticket open, my friend’s account goes offline and via my friend’s list i see all of his alts get online for about 2 minutes each. presumably selling/mailing on each toon :(. talk about feeling helpless.

    anyways, long story. moral is. in today’s cyber pirate world. you can’t even trust your friend’s accounts. your hacker knew your guild order based on armory. and knew to talk to you first. and knew the name of a toon to use that was also highly ranked and not currently online. savvy. my hacker knew me and that gold exchanged hands between us because of a note on a friend’s list. so, be wary of even your friend’s accounts and pay attention to their speaking style/wording. sad sad days.

    as you can see, his note for me on his friend’s list, as you can guess, was “still owe for chopper-2200.” he would do dailies and such and mail me like 100-200 per day to pay back a loan from last month for the last mats for his bike. each day he’d just update the note on the friend’s list with the new balance.

    Reply

Leave a Comment