I was in a meeting with our Customer Service folks recently, who gave me this statistic: Four percent of the petitions in game are taking eighty five percent of Customer Service’s time to resolve. Yes, you read that right. Four percent. Not Forty. For those of you who like numbers, like I do, that’s 4% taking up 85% of the time they have to respond to petitions for assistance.

Why is that, I hear you ask? There has been a recent increase (OK, I’ll admit I want to use the word explosion) in theft of accounts, and the subsequent stripping of the characters on those accounts. And doing the research on a hacked account is a tedious amount of work, digging through log files, matching data from here and there.

There are several ways that your account can be hacked in this fashion.

First, and easiest, is the sharing of your account information. “Hey, Bob, I can’t make the raid tonight, but if you need a tank/healer/whatever, here’s my account name and password, you can let somebody in our guild play me for tonight.” Yes, this is expressly against our Terms and Conditions. The problem is that as much as you think you can trust someone or a group of people, the fact is that often you can’t. And honestly, even if the same 25 people you’ve been guilding with for the last umpteen years are great folk (and I bet they are!), there’s always that new person, who isn’t quite as well known, and hasn’t been part of the group quite as long, or isn’t quite as careful about what runs on their computer, which is…

The second problem: Key logging applications. Call them worms, call them Trojans, call them viruses, they’re evil. And they’re everywhere. There have been several websites in the last six months that have had them embedded in their pages, or in executables that you might download, or even in images that you might look at. Some of these websites may not even know that they have them and have been spreading them! But they’re out there, and the information gleaned isn’t just the password to EQII. It could be the password to your email account, or even your online banking account. Most of the people who have this issue aren’t even aware it exists until something happens. Their character is stripped, their bank account (real life, or in game) is emptied, any of multiple things that are never good can happen. And remember that guy you just passed your account information to so that the raid could continue? They may be a great person, but they may not know that they have a key logger on their machine, and no matter how careful you have been on your PC, you just can’t know how careful they are.

So, that’s some of the bad news. But how can you protect yourself? There is a passel of free things that you can do, with only the investment of your time, and some bandwidth. And another thing that may cost you a few bucks, but is ultimately useful.

The free and easy stuff:
• Run Microsoft’s Windows Update function, and install every update labeled “security” that you can. I’d actually recommend installing everything that shows up in that process that you can, as often you’ll find some updated drivers that might help your machine speed up, or at least work better. But the security updates are the most important, as they will patch certain “holes” in Internet Explorer that these folks use to install these key logging applications on your machine.

• Don’t use Internet Explorer? Make sure your version of Firefox, Safari, Opera, whatever browser you’re using is up to date with the latest build and patches. But it is still worth running Windows update, and making sure that all the other aspects of your PC’s operating system are up to date. For better or worse, Internet Explorer is integrated with Windows in many fashions, and even if you’re running a different browser, the updates make help protect your system.

• Have a different password for the game and your email. Sure, it’s easier to have one password for everything. It also makes it that much easier once someone grabs your password to get into things you really, really don’t want them to get into.

 • Change your passwords. Frequently. And make them nonsense, or at least something that isn’t easy to guess, like your main character’s name with a 1 either before or after it. I’d be pretty foolish to use Bruce1 or 1Bruce as a password.

 • Don’t use power leveling or gold buying services. The simple fact is that these folks are unscrupulous. They’re already breaking our policies by selling plat on our servers. Just how big of a step do you think it is for them to steal back what you just purchased from them, and then hope that you’ll buy it back again since your account was hacked? And the power leveling guys….you’re already giving them the account information so that they can level the character. So they know what your password is, or what kind of style your password is in, so it’s that much easier for them to try the brute force attack against your account.

The slightly less free, but still relatively easy thing:

 • Buy and install an anti-virus program. There’s a ton of them out there. Norton and McAfee are the two most known ones, but there are others. I’m fond of two free ones in addition to the paid version I have on all my machines: Spybot - Search and Destroy, and Lavasoft’s Ad-Aware. These two, run sequentially, have been very successful in my personal life, in which I spend a lot of time cleaning up PCs that belong to friends that aren’t quite as net-savvy, and they clean up all sorts of detritus that ends up slowing down a PC. Update them with the latest information from where ever they get it, and run them!

 These are all fairly easy things, and don’t require hundreds of dollars to do, just an investment of a small amount of time, and some common sense. Just be smart about how you interact with the big world on the web, and you’ll be safe, and we won’t be adding your account to these alarming statistics.