Safety First! How Secure are You?

Discussion in 'Official Announcements' started by Toby1kanobi, Nov 25, 2013.

Dear forum reader,

if you’d like to actively participate on the forum by joining discussions or starting your own threads or topics, please log into the game first. If you do not have a game account, you will need to register for one. We look forward to your next visit! CLICK HERE
Thread Status:
Not open for further replies.
  1. Toby1kanobi

    Toby1kanobi Guest

    General

    1. Validate your e-mail immediately after registration
    • Make sure your e-mail address is correct – check for spelling mistakes / no fake email addresses can be used
    • Ensure you have permanent access to your e-mail address
    • No "shared" email addresses should be used
    • Look here at - "How to verify your e-mail address"
    2. Choosing the right password:
    • Never use the same password as on other sites / email accounts, etc.
    • Never use your nickname as a password
    • Your email account password should not be the same as your game account password
    • Never use simple words or combinations of numbers, such as, "qwerty", "123456", "password" or something similar.
    • Change your password regularly
    • The password should contain both lowercase and uppercase letters, combinations of numbers as well as special characters
    • Never save passwords via the password reminder function in your browser
    • The longer and more complicated - the better; however, BP does have a character limit
    3. Spam and In-game Messaging
    • In-game messaging or chat (private rooms, group chat rooms)
    o Account theft by other users (e.g. I'll give you .. premium, game currency, etc., I need your password)
    o Account theft by alleged account exchange (e.g. Let's swap our accounts)
    o Account theft by fake admins (username that is similar to those of our admins, etc. ..)
    Never give your password or other account data to others
    • Spam:
    o Check the sender address when receiving messages
    o Data changes: only click on the link if it was sent by us
    o In the official emails from Bigpoint, we will never ask you for your password
    • Only add trusted people for your private messenger programs or social networks (Skype, ICQ, MSN, Facebook, etc):
    o The fraudsters may try to contact you with names that are similar to our Moderators: They may offer benefits, award positions within the team, or allegedly say they have to verify something, otherwise the account will be locked, but you should never reveal your login data.
    o Support/Moderators will never ask for your personal information!

    4. Programs/software that are not Bigpoint-verified or simply links from strangers, including bot programs, could be malicious applications (keylogger, trojan, etc). Users should, of course, never install anything.

    5. Private data
    Private data, such as your full name, birthdate or email address should never be revealed.

    6. Account sharing
    • Never share an account (it is also forbidden, according to Terms & Conditions). You never know if the person you have shared your account with will "turn" and steal the account.
    7. Phishing
    The most powerful weapon against phishing is common sense and the following rules that every user should oblige to.
    • If you are not a customer of the site delete the email immediately. Don't click on the link or reply.
    • If you are a customer and you are not sure if the email is legit do one of the following:
    • Contact the institute by phone or contact at the official website (do not use the email link of course) and ask if the mail is official.
    • Instead of using the link provided, open the website by typing in the official link there. The site should have news about the email on their starting page. (most of the time). If not, use 2a to verify the email. Thankfully though there are quite a few tools out there to aid and protect the user against phishing attacks.
    • Most web browsers these days come with phishing protection enabled. The lists that they use are usually updated several times a day. It has to be noted though that they only detect phishing websites that are already in the list.
    • Several email clients, like Mozilla Thunderbird, but also online email services, like Gmail or Yahoo Mail, make use of phishing protection as well.
    • Internet security programs do come with phishing protection as well.
    • Password managers can be an excellent aid. If you have saved the login for a website in the password manager you usually can login automatically (Last Pass for example supports that option). The password manager will only work on the real website and not the phishing website.
    The most powerful protection again is the user’s common sense. Here are a few pointers on how to detect if a website is real or a phishing site:
    • Check the url in the address bar. Is it pointing to the right website? Make sure you look close for chars that look similar, e.g. o and 0.
    • Is it an https website? Is the certificate valid?
    • Does the website look different? Open another web browser tab to enter the url manually just to be on the same side (if you have opened an external link)
    Firefox has a protection system for phishing, you can read more here:
    http://www.ghacks.net/2009/10/06/tes...on-in-firefox/
    For windows users and Internet explorer users here is info for you:
    http://windows.microsoft.com/en-US/w...-questions-IE9
    8. Liability
    The account owner is responsible at all times for the security of their account. This responsibility also includes selecting a secure password and keeping it confidential from third parties. Bigpoint cannot be held responsible for the loss of an account or account data. No data was changed, or taken, on our side and therefore we are unable to return the account to you.
     
    Last edited by moderator: Feb 6, 2014
Thread Status:
Not open for further replies.