Talk about a sucky way to make a living. No, not me. I mean the people who invade other people’s accounts, steal everything they’ve worked hard to accomplish, turn it into virtual cash, and then sell the cash to someone who wants it.

This is why I simply cannot abide people who buy gold in games where buying gold is against TOS. Where do you really think it comes from? Even if they had nothing but bots farming it up in every single game out there, there’s no way in hell these companies can realistically supply the demand from people who want their MMO time to be easier. (C’mon. Easier? Really? I like harder MMOs. Perhaps I’m just an aberration.) So they invade people’s accounts, strip their characters, empty their banks, sell everything, transfer the cash, then leave the empty husk behind for the owner to recover.

Sure, I grok that everyone has to feed their family, but damn. Really? These people don’t aspire to make something more of themselves than to steal someone else’s stuff from a game? I can’t even imagine the ethical mindset of people involved in this trade. Does it ever make them stop and think that they’re taking someone’s time, not just their stuff? Do they really think this is a victimless situation?

For example, my friend Petter M. just got his account hacked in World of Warcraft. Now, knowing what I know of Petter, there’s no way in hell you’ll convince me that he’s ever purchased gold – he loves gaming way too damn much, and gold is crazy easy to come by in WoW. When he mentioned it to me, his concern? It wasn’t over getting the easy-to-get current level gear. That stuff drops like candy in raid instances that are easy enough to find groups for over and over. No, it was the loss of the 7/8 set pieces from Molten Core. Why? Because getting that gear, at level, with 39 other people who were all paying attention and had their shit together is a mark of Doing It The Hard Way. Things like that represent a very real investment of time and effort, and those pieces become sentimental to some of us. (This is why I say I like my games to be more difficult.)

Another friend of mine got his account hacked before and what did he want back? His Dungeon 2 set. Not because he’d ever use it again, but because attaining it in slow stages represented a spread of time when a small group of friends worked together to achieve something that was, at the time, very difficult. It’s also a chain you can’t run again, so once it’s gone, it’s gone.

I guess I will never understand gold buying – not the sellers, nor the buyers. I find the sellers to be of questionable to non-existent ethical fibre, and the buyers to be deluding themselves as to the real genesis of their purchased cash. Sorry if that seems harsh, but it’s how I feel about the practice.

Welcome to my blog.

This is why I do like microtransaction games. If you want something, you just buy it from the game company. The fact is that there will always be people who want a shortcut because they’re busy working people and would prefer to drop $10-$15 on in-game items to make their time easier, make them look cooler, etc. Trust me – the older I get, the more I realize how valuable time is. I really do. I have no problem with dropping cash to make your game time more fun.

I do, however, have a big problem with people making back-alley deals with third-party companies who employ shaky methods of procuring whatever it is you want. If you want to buy gold and items, great. Play a game that supports that by having gold and items available for purchase through the game itself, or their official partner. If you want a high-level character, play a game where you can buy one through that game’s market, above board and out in the open.

For example EVE Online has a brilliant set up – you buy a time code from CCP or another official partner, you sell it as a PLEX in game, another player buys the PLEX and gives you in-game ISK for it. You get a few hundred million ISK, they get 30 days of paid game time. In the end, CCP keeps both players, nobody gets screwed over, and ultimately, the money goes back into their coffers so they can fund more game development. It’s a win/win. SOE, for all that they catch hell, have a really great marketplace where you can buy pretty much whatever you want.

Like it or not, having those stores cuts down on the unethical shit people are doing anyway. As much as I hated the idea of stores going into EverQuest, I have to admit that’s what they’ve done – and I’ve got two big thumbs up for anyone hurting gold sellers’ bottom line, ultimately.

Anyway, to make this post have something of a point other than spouting my own personal bile about gold sellers, here’s how you spot a fake email for the untrained eye:

When you get an email that looks fishy (account changes, bans, etc.) look at the header. I’m using gmail here as I know a lot of folks have migrated to it, but the important thing is to see the full, original header.

In Gmail, you can accomplish this by Clicking the down arrow next to “Reply” and then selecting “Show Original”

Then you should see a screen that shows the email in it’s not-prettied-up form. (Click for the readable full-size version.)

The important stuff to pay attention to is the following chunk:

In that bubble, you’ll see “received from”, an address, and an IP. The address can be spoofed, but rarely do they bother to spoof IPs. Let’s look the IP up:

That certainly doesn’t look like NCsoft. Just for the sake of argument, let’s look NCsoft.com up. (Easily enough done in Windows: Click Start, select Run, type CMD, hit enter, type “ping ncsoft.com“, hit enter)

112.175.197.14 is not 112.111.129.44.

If you don’t want to screw around with that, look at the next little chunk, which is generally easier, although is not always useful:

Received-SPF: fail (google.com: domain of support@ncsoft.com does not designate 112.111.129.44 as permitted sender) client-ip=112.111.129.44;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of support@ncsoft.com does not designate 112.111.129.44 as permitted sender) smtp.mail=support@ncsoft.com
Received: from fn1j.com (unknown [192.168.1.102])
by fn1j.net witch CMailServer 7.5.1 SMTP;

This tells you that Google went to NCsoft’s servers and said “oi, this yours?” to which NCsoft’s server came back and said “hell no!” The important thing is to look for the fail or hardfail. Other things will also follow that, like it returning that it does not designate that IP as a permitted sender, and occasionally, the Received, which is more often than not spoofed.

For example, here’s one I got from someone who wasn’t being as sloppy on their phishing email attempt:

Delivered-To: ****************
Received: by 10.216.25.145 with SMTP id z17cs540207wez;
Thu, 21 Jan 2010 02:21:19 -0800 (PST)
Received: by 10.142.250.18 with SMTP id x18mr544683wfh.169.1264069278879;
Thu, 21 Jan 2010 02:21:18 -0800 (PST)
Return-Path: <>
Received: from blizzard.com ([58.22.162.19])
by mx.google.com with ESMTP id 2si2756078pwj.33.2010.01.21.02.21.17;
Thu, 21 Jan 2010 02:21:18 -0800 (PST)
Received-SPF: neutral (google.com: 58.22.162.19 is neither permitted nor denied by best guess record for domain of blizzard.com) client-ip=58.22.162.19;
Authentication-Results: mx.google.com; spf=neutral (google.com: 58.22.162.19 is neither permitted nor denied by best guess record for domain of blizzard.com) smtp.mail=
Received: from WorldClient by blizzard.com (MDaemon PRO v10.1.1)
with ESMTP id pd50000000002.msg
for <********************>; Thu, 21 Jan 2010 17:37:48 +0800
X-Spam-Processed: blizzard.com, Thu, 21 Jan 2010 17:37:48 +0800
(not processed: spam filter already applied to initial list submission)
X-Authenticated-Sender: support@blizzard.com
X-Envelope-From: support@blizzard.com
X-MDaemon-Deliver-To: *******************
X-MDMailing-List: Account@blizzard.com
Precedence: bulk
Sender: Account@blizzard.com
Date: Thu, 21 Jan 2010 17:36:15 +0800
From: “Blizzard Entertainment” <support@blizzard.com>
To: <***********************>
Subject: Battle.net Account – Password Change Notice

As you can see, Google didn’t get a definitive “no” and they’ve done a pretty good job of making themselves look official by cloaking the sender. Even though this email was faked, Google reported it as “neutral” so it’s by no means a guarantee. It isn’t until you note the bulk designation and cross-reference the IP address that it becomes crystal clear:

In short – be safe. Don’t buy gold unless it’s through something approved by that game company. Don’t fund people who make a profit screwing others over. Be careful about phishing. blahblahblah.

And for the love of heavens, don’t get between me and my coffee first thing in the morning.

–

Tools used:

• Spyber’s IP & Geolocation lookup tools
• DOS prompt
• Gmail
• My spicy brainmeats