By Scott Dale (Customer Service Manager)
and Linda “Brasse” Carlson (Director, Global Community Relations)

Every day, thousands of game accounts are stolen. Tens of thousands of credit cards are compromised. Most of you know someone who has gone through this traumatic experience. Maybe it has even happened to you.

Sony Online Entertainment has joined together with a number of high-profile game companies under the umbrella of the Gamer Safety Alliance to bring you Gamer Safety Week, running from February 6th to 12th, 2012.

Our goal is to raise awareness of online security concerns, and to provide some suggestions for our players to keep their accounts safe. These principles apply regardless of whether you sign up for a game, buy some shoes, or donate to a charity online.  In this article, we’ll share some actual experiences from our customer service files and how to avoid these nightmares.

Over the past year, SOE has redoubled its efforts to continually improve our company’s online security on all levels. Keeping your information safe and secure is one of our top priorities. Even with our evolving security measures, it is still too easy for scammers and hackers to work around all security by counting on the trusting nature of players and the sheer volume of places where information may be shared.

Scott Dale - SOE Customer Service Manager - SOE

Scott Dale, guarding against fraud and wrongdoing.

AN ALL TOO COMMON SCENARIO

It’s 2:00 a.m. Friday morning—you are fast asleep, resting up for your big raid on Saturday. While you dream of rare loot drops, a person utterly unknown to you logs into your account and starts to strip it. If you’re lucky, they only sell off your equipment and broker items. It’s more likely that they will attempt to collect everything you have, even packing up your house items, and then sell it all to the broker. Then they use your Station Cash to buy a character transfer token, transfer your character to a new server, and give all your plat to some low level character named Ureiwoeri (or something similar - we apologize if there is an actual character out there named Ureiwoeri). Sometimes they delete your character, whether this is done for spite or just to attempt to cover the trail, we really don’t know. Years worth of personal investment is simply gone.

The clock starts ticking - you need to contact SOE Customer Support to verify your account ownership. We’ll assign a GM to investigate and restore all of your items. A full character restore is not a one-click fix. Finding and restoring your character and all of your levels is a time consuming, manual process that takes several hours. With luck, we’ll have you sorted out before your raid begins that evening.

If you are now a little paranoid about your account, that’s good—keep reading!

The good news: there’s a very good chance that SOE’s Customer Service had already noticed unusual behavior on your account and put a stop to it before too much damage was done, locking your account to prevent further attempts against it.

Even better news: there are a few very simple things you can do to prevent this from happening at all.
Ensure that your account has a strong password by using a combination of numbers, symbols, and upper and lower case letters. Don’t use the same password across multiple accounts or services, and change your passwords regularly. Click here for more tips on password security.

If that seems like too much work, then the fraudsters have already won. Incredibly skilled hackers take advantage of our human tendency to use the same username and password everywhere simply because it’s easier. Remember that highly motivated scammers and hackers work tirelessly, day and night, to obtain your account information across the internet. This is big business and hugely profitable around the globe, especially in places that our laws cannot reach. The perpetrators are highly organized and professional criminals.

A common path for criminals is to quietly and expertly hack the forums on a small fan site or a tiny (possibly even defunct) game company’s login information. They then take that list of logins and passwords and start to hammer all of the major online games. Even though some of the information they access can be years old, some people have not changed passwords in that time. The compromised sites themselves usually remain utterly unaware that the data was stolen. Only companies with significant security protocols would even know that it was breached, because the vast majority of hackers for profit do not leave a calling card or brag about their efforts—they’re in it for the money.

It’s not just game accounts that are at risk. All transactions, online and in person, are potential routes to loss. As Brad Wilcox, head of SOE’s Customer Service department was famously quoted a few years back, “We’ll get calls from a grandmother in Wisconsin asking what the heck is EQ2 and why do I have $15,000 charged to my credit card?” Where did the scammers get her card information? It’s anyone’s guess. While many people are leery of making online purchases due to fraud, they seldom think twice about giving a credit card to a shopkeeper who makes a manual receipt, or restaurant worker who then disappears with it for several minutes. The paths to loss are many and we all have to help ourselves keep our information safe.

How can you remember all of your logins and passwords then? Consider writing them down on paper and storing them in a safe place. It seems old-fashioned, but it works. A small, fireproof safe is a very valuable one-time investment. Not only will it keep your account information safe, it can protect your most precious documents, including passports, social security cards, and car and home titles, from loss, flood, or fire. If you ever have to deal with identity theft or replacement of documents, you’ll find that the safe was a much less expensive option. The chances of someone breaking in and stealing your safe are infinitely smaller than the ease with which they can access data online.

Linda 'Brasse' Carlson - Director, Global Community Relations - SOE

Linda “Brasse” Carlson, defender against evildoers and stray trolls.

NO MATTER WHAT YOUR PARENTS TAUGHT YOU ABOUT SHARING…

Never, ever share your account information or password. Friends and guildmates all too commonly become ex-friends or ex-guildmates, after cleaning out the accounts of a great many people who trusted them. Even ex-spouses and relatives have been known to betray trust for the sake of profit or revenge, selling or deleting items and characters. It is an incredibly painful thing to watch people go through. If you have ever shared your account information, go in and change your password immediately to something very safe and secure.

Never buy plat, gold, or powerleveling services. You may even end up buying your own plat back! We know from our own investigations that the scammer that stole all your items in our case study is very likely the same one that sells your plat in game. In fact, the main goal of many online currency and powerleveling services is to obtain your account information in any way they can. Even if they do not use the information themselves in an effort to look legitimate, they will very likely sell your information to yet another company. Remember, they have already proven that they have no regard for rules, and your trust is merely currency for them.

Keep in mind that when SOE investigates accounts that have been selling currency in violation of our EULA and ToS, the team can track where it went and it will be removed—the company you bought it from isn’t going to give you a refund just because you got caught.

Hundreds of thousands of accounts selling in-game currency have been shut down over the years and the investigation team, called “NUGIT,” is always watching for new cases. What does “NUGIT” stand for? We’re glad you asked! It’s the Norrathian Underground Gnome Investigation Team—they have branched out to cover all of our worlds, not just EverQuest and EverQuest II. The name may be lighthearted, but this team takes its task very seriously and works hard every day to stamp out scammers, gold sellers, and others who violate game rules and endanger the account safety of our player base. This is a problem that is not going to go away any time soon. As long as players keep buying plat, items, and powerleveling from third parties, these businesses remain highly profitable and they’ll keep ruining play experiences and finances for everyone.

The prevalence of credit card fraud is staggering. The moment SOE bans a hundred accounts that were purchased with stolen credit cards (together with their ill-gotten items and coin), the scammers buy a hundred more with new stolen credit cards. We can easily tell when they are bought in bulk – let’s face it, no normal person buys thirty accounts at once, or repeatedly tries to exceed the daily limit for Station Cash on a credit card. Here’s another sobering thought—around the world, credit card information can be bought for under a dollar a piece. 

Last year, SOE introduced login authenticators. Invest in an SOE Authenticator for your account. If you have one of these on your account, any login attempt will require the user to enter the PIN currently on the authenticator. A few extra seconds to log in is a small price to pay for the peace of mind you’ll get from knowing no one is logged into your account, cleaning out the guild bank. You can use one authenticator to secure all of your accounts—you don’t have to buy one per account. You can read more about our authenticators here.

Sony Online Entertainment is committed to doing everything within our power to help keep your information and data safe. The fine folks of NUGIT comprise only one of many layers of security and fraud-busting we bring to bear each and every day. We can’t tell you about all of them because we don’t want any criminals getting the heads-up!

Keeping your play experience fun, safe, and secure is our primary goal. Become our partners against online crime by following these basic steps:

  • Use strong passwords, changed regularly
  • Never share account information, and if you have, change your password immediately
  • Don’t support online currency sellers or power levelers, they cost everyone in the end
  • Consider using an SOE Authenticator – a small investment for peace of mind
  • Apply the same smart security measures to ALL of your transactions, online and offline

Check out our SOE Knowledge Base article on Gamer Safety Week as well!

Be strong, be safe, and enjoy the many worlds of SOE!
~ Scott and Linda