The Dangers of Buying Plat and/or Power Leveling services

Hello again,
For those that don't know me, my name is Rich Schmelter and I am the customer service manager for the EverQuest product line (EQ, EQII, and EQOA).
Before I get into the main point of this post, I wanted to make it clear that buying plat, items, characters, power leveling, etc, from 3rd party websites is against our policies and we remove any plat, items, exp, or characters from accounts that buy them and take further disciplinary action on accounts that continue to do this or are severe offenders.
Now back to the topic at hand...
I wanted to take a moment to bring to light a concern that myself and our GMs have regarding a growing issue we are seeing occur more and more every day; Compromised Accounts.
"Compromised Accounts? WTH is that?" you say to yourself, head tilting to the side a bit.
Let me explain. When someone logs into someone else's account and takes all their items, their coin, deletes characters, spams obscenities, loots the guild bank, and performs any other manner of maliciousness, CS refers to that account as a Compromised Account. Customers often petition us saying, "My account was Hacked, hepl pls!". In a nutshell, what basically happened is that the account login and password was not kept secure by the account owner or they did not protect their computer properly from malicious access.
As many of you may know, sharing your account information (login/password) is against SOE policies and keeping your account information secure is the responsibility of the owner of the account. I've been with SOE CS for over 6 years now and I couldn't tell you how many times I've seen a customer's ex-wife/husband/girlfriend/boyfriend, brother/sister, mother/father/grandparent, roommate/guildmate, child/dog/cat (yes, people have claimed their pets deleted stuff on their account ‘accidentally'), log into an account and have a field day of revenge for some unknown wrong that was done to them. That in and of itself, should be warning enough to keep your login info to yourself and not to write it down where others can find it or post it on your super-secret guild website that only a few friends have access too.
"So how does this relate to Buying Plat and Power Leveling services?" you ask.
Very simple, and here is the crux of the concern we want to bring to the attention of our customers: The plat selling and power leveling websites are now actively compromising accounts, stripping them of everything (and stripping guild banks too), and using the plat they gain from this malicious access to sell to players. We've been seeing more and more instances of this over the last several weeks.
We even had a case recently where an account purchased plat from a website plat seller, the account was later accessed and stripped of all items by that very same plat seller, and on the next day was sold back the same plat that was taken from their account.
How does CS know this? When we investigate these issues, we can track where the money goes. Sure the plat sellers use different techniques to try to mask what is actually happening, but our logs record what they do and with some time we can see exactly what happened and take action from there.
The plat sellers and power leveling services are likely obtaining account information in a number of possible ways, be that in a clandestine manner such as virus's, worms, and keystroke loggers imbedded in their websites, or as obvious as saving your account info for later exploitation when you give it to them for power leveling your character.
I'm sure you are thinking, "What is CS doing about the plat seller/spammer issue?"
This is a bigger topic and can best be addressed in a different forum post or blog entry, but in short, CS is constantly working with our Dev, QA, and Platform teams to come up with new ways to track, remove, prevent spammers, plat sellers, etc from doing the disruptive things they do. As the bad guys adjust their tactics to try and avoid detection, CS responds in turn and counters their activities. Heck, we even have a team of GMs specifically dedicated to investigating and removing plat selling/spamming/hacking/illegal farming accounts from the game.
As for this specific issue, when CS receives a petition from someone that has had their account compromised and is missing all their hard earned coin, items, etc, we do our very best to assist with restoring characters and guild banks back to the way they were before they were accessed maliciously and then we go after the culprit. These investigations can take a significant amount time to do and we cannot guarantee that we can return you back to the exact point you were before this happened. These types of issues also take time away from answering customer petitions for other important issues involving bugged quests, items, etc.
The bottom line is this; the plat sellers and power leveling services, while never trustworthy to begin with, are now actively double crossing the very people that trusted them and have taken this problem to another level. This also means that if you have shared your account information with anyone at any time in the past, you have put your account at risk for losing the rewards of your long hours of game play. In my experience with seeing Compromised Account issues time and time again, no one you share your account information with will treat it with the respect it deserves and this situation almost always ends with a petition for help.
If you have ever shared your account information with anyone in the past or have ever bought plat or used a power leveling service, I strongly suggest you do the following:
- Change your account password immediately and change it often.
- Update your security question.
- You can do both of these by going to www.station.sony.com
- Mouse over the My Account link at the top
- Click on Update Account Information
- Log in
- Click on the Change Password button on the right
- The Secret Question/Answer options are at the bottom of the page
- Never share your account information with anyone again.
- Use anti-virus software, run regular virus scans, and keep your anti-virus definitions up to date.
- Never, ever, visit a plat selling / power leveling service website.
These suggestions will help you keep your account information secure and will go a long way towards preventing your account from being compromised. Also, not buying plat or power leveling will help reduce the problem as a whole, as without a demand, they will not be able to operate.
While it is our current policy to assist with these issues and to restore characters and guild banks to the best of our ability, please remember that we may not be able to assist with repeated occurrences of compromised accounts and that we cannot guarantee that we can restore you back to exactly where you were when your account was compromised.
Thanks for reading and I hope that I was able to answer some questions and help prevent this issue from growing further.

Rich "Greeblen" Schmelter
SOE Customer Service Manager
EQ-EQII-EQOA

If you are interested in finding out more info about our EULA or Account Security Policy, please see the links below.
EULA:
http://help.station.sony.com/cgi-bi...p?p_faqid=12248
Account Security Policy:
http://help.station.sony.com/cgi-bi...p?p_faqid=16231
Edited to disable smilies. Twice. =P

Hi, I play EQ1 on Quellious. I've sent petitions, /reports that are time-stamped, bug reports, and emails, complaining about the spam to buy plat. I always get back the canned reply saying "we're working on it." All you have to do is log a char on thats not anon or RP, and you will soon get a spam tell. I've found that going anon or RP stops this. It seems like someone has some kind of a program to tell who's online. I sometimes put them on friends list then see its usually a level 1 char in the tutorial. Its gotten so I just about believe that Sony is doing this to make extra $$. I can't imagine how Sony wouldn't catch these people just by logging a char on and waiting. This happens to me almost every day and sometimes several times a day, if I'm not RP or anon. I normally don't want to go RP or anon, its a pain in the axx having to do so. I really wouldn't think sony would stoop this low, but it would be so easy to catch these people, and they seem to have a way to know who's online, that I really have no reason to think otherwise. I'm sure it would take 1 person a little time, but sony could log 1 char on numerous servers and just wait for a tell. Thats all ya gotta do to catch them. Please convince me that sony's not doing this.
Curee
Gatere and others
Doug452

Since it is becoming more clear exactly how these accounts were compromised, can we get confirmation that:
No SOE site that requires our accountname/password (forums, guide program, etc) was compromised and has been checked against the malicious code?
Without this confirmation, we are taking a risk every time we log into the forums.
SC

Here's your "official word":
At this time, I've heard NOTHING about official SOE sites being hacked with any means to find out private information.

~Gnobrin!

After all the finger points from the users it makes me sad to see SOE do it. I had a friend who's account got hacked and believe me when you tell you he is as straight as they come and never purchased plat or power leveling. So try and push the blame all you like the truth is normal people had this happen too.

Yes 'normal' people are being affected by this recently. Alot of the times from logging into other sites associated to EQ2. It seems to me it might be suspicous that the same person/people who were DDOS'ing all the sites may also be responsible for this latest little development.

Greeblen isn't pointing the finger at all players. Greeblen is simply warning people about the dangers of those particular services. They also go on to explain basic security principles such as not sharing your account and using antivirus programs and so forth. Though they may be finger pointing at all the idiots dumb enough to risk account bans and so forth in using power leveling or play buying services they aren't pointing the finger at everyone.

They are just trying to help.

One of the things that is irking me about the plat spam is that just yesterday i rolled a new toon and on the queens colony there was a nice little froggy stood by his lonesome,so i nipped on my wifes account and sure enough within a few moments a /tell came through from this toon,now of course the spam filter caught the message and it was blocked,but IIRC didnt SOE ban any communication from the starter islands a while back?

It just seems a shame that while the spam filter is a good and welcome addition to let them spam willy nilly from the noob islands kind of defeats the object of it all.

dawy wrote:

Unfortunately they banned it from the Trial of the Isle accounts. This was done in response to plat spammers making 25-50 accounts a day to spam people from. However this does not stop them from getting fresh accounts and spamming people before the accounts are basically permabanned.
The worst problem is players new to the MMO genre may get the impression buying plat/power leveling is alright. They don't read the forums considering it a waste of time and end up being jacked.
Personally to me the biggest problem right now are the Plat spammers/sellers that are now "Hacking" into beloved EQ2 fan sites injecting malicious code into them. Personally it is that right there where I believe the FBI needs to get involved.

Amana wrote:

At least you cleared it in my head there Amana i thought i was losing it there for a moment

But yes something has to be done but how any law inforcement agency can combat this is well mind boggling to say the least,as for your other point you are of course correct if people didnt buy the plat then they wouldnt have a market to sell to its a shame that these parasites exist becuase all they do is spoil our enjoyment of our game

Gnobrin wrote:

TY (and I appreciate the necessity of your fudge factor)
SC

Plat sellers or not, you put your account at risk every time you join another site or forum and use the same username and password. Personally, I use a different password for every forum, website, game, online banking etc etc that you can possibly think of. Can't remember them all? Add them to a spreadsheet (passworded too if you share computers, oh and you do have a startup password and windows password too, don't ya?) In the end if you sign up to a lot of websites, with the same details, somebody will eventually turn out to be a crook and will attempt to use those details on other sites they think you might be using. I'm globally known as magnamundian, it doesn't take much of a google search to find the other locations that I currently/used to visit. If I was daft enough to use the same password on other sites they would easily google that I have a EQ2 account, at it doesn't take long to test a password on eq2players. So regardless of plat sellers, please please please think about using different passwords for different sites. Oh and try to avoid using character names/girlfriends name/pet dog etc...

Greeblen,
That's a good post and I'm confident that you guys are working hard on this problem, but these plat farmer/hackers are far more sophisticated than I think most people suspect. Mine is one of the "compromised accounts" you guys are working on right now. I don't buy plat or power leveling services. My EQ2 login name and password is different than any login info I use for any other site and I have never given them to anyone. I use an award winning spyware program and a top-rated antivirus and I scan my hard drive at least once a day, but somehow, they still managed to get into my account.
After my account was stolen, I found another trojan that these premium antivirus and spyware programs didn't pick up. I reformatted my hard drive, abandoned my old email account and changed my login info for every site I use, but I'm still terrified by the fact that I haven't a clue where that trojan came from and the fact that my antivirus/spyware didn't find it. Every time I visit another site, I wonder "is this where those bastards got me?"
This is going to be really difficult problem to solve. I'm sure you guys have some creative solutions in mind, but if it were up to me, I'd simply try and eliminate the market for plat. You might be able to do this by coming down like a hammer on the buyers. If the word gets out that people who buy plat are having their accounts cancelled, I suspect the market would dry up in a hurry.
Anyway, good luck to you and your team Greeblen. I suspect these guys are just getting started.

GrutusBrutus wrote:

I've found that these "premium" anti virus and spyware programs are far less effective than those that are marketed less. I've used Norton, etc. over the years. But, I've found that Avast Anti-virus which is free, does the job 100 x more effectively than these "premium" software packages.

Anyways, I checked out one of the sites that had this "trojan" and my anti-virus caught it before the page even stopped loading. I feel bad for people who are victims of situations like this. But, I've been virus free for over 10 years. And I've only had one account compromised.. and that was an ex-wife who still had login info for the bank we had our savings at. My bad there for not changing the login info after the divorce. :/

That's interesting. You're the second person that recommended Avast to me this week. I'd never heard of them before monday. I'm just not sure I'm comfortable relying on an antivirus from a source that has no legal obligation to me. Furthermore, it looks like Avast only updates once or twice a day. The one I use (NOD32) loads new viruses every 30 minutes or so. Then again, I'm the one with the problems that don't seem to want to go away. So maybe I'll look into it.

Spyderbite@Venekor wrote:

I used to use Macafee *sp* anti-virus scanner and bought an off the shelf anti-spyware scanner. However Those were swapped out when I put my computer in the shop to be repaired. Right now I have Trend Micro Anti-Virus scanner and Webroot Spyware Sweeper.
So far they've caught alot more things than my other programs would have caught.
Another thing people must always do is setup a bi-weekly if not weekly scan of their computer systems. Usually what I do is once a week or every 2 weeks is unplug my computer from the internet doing full scans. First I do an anti-Spyware scan then I do an anti-virus scan.
So far thx to those efforts i've had little problems and caught 1-2 malicious bugs. One thing that does keep me safe which some people may not be able to do is I have 2 computers. My desktop which is my gaming/work computer I only go to "Trusted" website. This means i've visited them on my other computer, checked them out thoroughly and decided they are alright. If all of a sudden I go to the site and my computer acts funky I never go to that site again.
Now for those people out there that have Nintendo Wii's I highly recommend doing your internet browsing/searching using that. I'll poke/prod/search/surf the web all I want on that and using that Nintendo WiFi thing i've rarely had a problem if ever on my laptop.

I Have Been Soe Games for so many Years i.ve lost count to how many games of there's And not once have i got hacked yet alone i run 2 Sweepers Also run my games on a Seperate Area of my system then my browser Cause most figure you have one hard drive i use old school split The system drive use system Utilities on that drive have D: with games and other junk

The situation I have seen over these "hacked" accounts, that I have never seen explained is this -
Many people who reported what happened when their accounts had been hacked, found themselves kicked off the game, and then unable to log back in because their password had been changed.

When they went into this with CS they were told that a password change request had gone through in the last 24 hrs.

Now I thought in order to change the password on an account you need the answer to your "secret" question. Which means the hackers have somehow picked up the answer to this question. If this is truely the case, and this information is being "picked up" by trojans or keyloggers, then surely, if you haven't been hacked so far, the *worst* thing you can do now is to rush and change your password now, because this will allow the trojans to pick up the answer to that question, if you have such a trojan and don't know it yet?
Is there any tally between accounts that have been "compromised" in this way (ie. been hacked and had their password changed so the original owner could not get back in and disturb the process), and the rightful owners having changed their password and answered the secret question in the last few months?

mindygoth wrote:

Well the problem is some people just don't set their "Secret" question because they find it a pain. Personally to me what needs to be done is when a password request goes through a phone call should be sent to the owner of said account.
If the phone number of the account is being changed then the account should be suspended/locked and the person should have to call SoE about it.
The main problem is not the people who get hacked by accident, but the morons that continue to use plat selling services and get hacked through those means.

The only way you can 100% eliminate RWTers is by placing a value on items and limiting by level the amount of value which can be traded between player and player. Of course nobody wants to see that happen.

NakedChef wrote:

Wouldn't work to well either I am sure the gold sellers have some accounts with 80's they use for farming they could just as easily use them to do trades.