Account Suspended

#0 - Jan. 21, 2010, 9:16 a.m.

I have two accounts and all of my characters from both accounts are in a personal guild and both are merged with my battle.net account.
Last month I received an in-game whisper on one of my accounts from a lvl 1 character posing as a GM.
Message stated:
"[Yvqavrydu]: hello!
[Game Master] GM: Your world of warcraft account has been temporarily suspended. go to [web address] for further information."

I did not respond to the message nor did I go to the website listed...basically just ignored it. A few days later I tried to log on to my accounts and my password wasn't working.
I checked my e-mail and I had 2 messages from blizzard. One requesting a password change, and the other (1min later) stating that my account had been suspended due to unauthorized access.
I changed my Battle.Net password and logged in to the non-suspended account and checked my guild roster. It showed that two of my chars from the suspended account had logged in that day.

That account was suspended for 24hrs. After the 24hrs, I logged on to that account and nothing was missing. One week later at around the same time I received the same two e-mails from blizzard. I changed my battle.net password yet again, and the same account was suspended for another 24hrs.

I scanned my PC with 4 different malware, adware, and virus scanning software. Nothing was on my system.

I'm posting this because I have now received the same in-game whisper (twice in one night) on the other account that had not been suspended. I have yet to receive an e-mail regarding any suspension, but I did however go ahead an change my password again.

What is going on with this? How is someone getting my information from a whisper that I do not respond to? Are these two even linked?

Orlyia

#2 - Jan. 21, 2010, 9:30 a.m.

Q u o t e:
No one got your information from a whisper you never responded to.

It sounds like you are being attacked from multiple directions, and the coincidence is just that, a coincidence.

I'd guess that your bnet email address is compromised, and you may have fallen for a phish at some time in the past.

Also, and quite importantly, to avoid spreading further phishing attempts to curious (and stupid) players...

please remove the address in your post and title...

Brugh is correct. There is no way any ingame whispers or correspondence can compromise a player unless said player hands over information - goes to the website, etc.

What are the suspensions for - is it because we detected malware - or for something the offender was doing?

Finding the source of this is going to be vital to putting an end to this cycle. If you haven't already reviewed this sticky, I'd suggest you do.

Computer Security Recommendations
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

I'd also recommend doing your scans with the launcher open and some junk entry in the account ID. We've seen some nasty keyloggers pop up lately that don't want to show on scanners unless the launcher is active.

I also highly recommend changing your email password once you are certain your system is secure. They don't need into a system once they can dip into an inbox.

Also, if you have used the same password/ID anywhere else, that is a very dangerous practice - especially on websites, or social sites like Facebook or MySpace. Please do not reuse the same password you've used anywhere else.

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep anyone else out of your WoW account. Not to mention core hounds make adorable pets!

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109