Social engineering

ADVERTISEMENT
From Diablo Wiki
Jump to: navigation, search

Social Engineering is a term that basically means "talking someone into something." It's not hacking or cheating, though it's often used in conjunction with such activities. Successful confidence men and used car salesmen are consummate social engineers. So are successful cheaters in online games, since the trick of succeeding at that venture isn't to find the hacks and key loggers and item droppers, it's to get other people to use them.

There are countless social engineering scams covered on the warnings page, most of them Battle.net adaptions of classic "grifts." The vast majority of these involve ways to (supposedly) get rich quick by duping items, hacking items, creating special item types, boosting your character's level or powers, etc.

The old saying amongst con men holds very true on Battle.net, "You can't cheat an honest man."


Confidence Tricks[edit]

Someone almost falling for the "drop your items and hit Alt+F4" trick.

A very common type of social engineering is a two man confidence game. One player starts this in a public game. He'll claim to have an amazing ability; a way to dupe items, or hack them to increase their stats, or something else desirable. Naturally no one in the game believes him, and the wiser players simply squelch him. His (secret) partner (the shill) is the most vocal in his disbelief, they appear to argue, and finally the skeptic throws up an item to be duped or otherwise manipulated, "Just to shut him up."

Imagine the skeptic's surprise when he receives back two of the items, or the item much improved! He exclaims in amazement, then quickly throws in more items to undergo this transformation, loudly singing their praises to everyone in the game. If anyone else there is gullible enough to fall for this act, they'll offer up their own item(s) to be improved or duped... at which point both players vanish from the game, taking the spoils with them. This basic scam has been used in countless ways on Battle.net, often in combination with duping tricks, or fake item display tricks, etc. Anything to make the con more believable.

Alternatively, and more dangerously, the original huckster isn't offering a simple item upgrade, but is claiming that he's got access to a program that will do amazing things. The second player is skeptical, but after a delay to apparently install it, he claims it works wonderfully. This is obviously meant to get other players to download it, and give themselves a virus, or a backdoor key logger, etc.

Never assume other players aren't secretly working together, and never believe anything that seems too good to be true.

Lying Beggars[edit]

Not so much a scam as an annoyance. Players will often beg for items, saying they got ripped off, hacked, scammed, etc. Maybe they did, and maybe they are just greedy and lazy and looking for free stuff. It's better to give extra gear away to real newbies, or players who are trying to fend for themselves. They deserve it more than some begging leech who asks everyone in the game for items every 30 seconds. If you give a beggar an item to shut them up, you're just reinforceming their unfortunate behavior, and ensuring they'll continue it. There's a reason restaurants near the ocean have those "don't feed the seagulls" signs posted. Don't look up.


Impersonators[edit]

Players will impersonate Blizzard employees, or even prominent members of the Diablo fansite community, if they think it'll gain them some benefit.

The usual trick is to try to get players to reveal their account passwords. Some players can hoax themselves to look just like a Blizzard representative, and they'll list clever reasons for why they need your information, etc. Never believe it, as Blizzard so often says, they'll never ask for your password or cd-key in an email, only by a Blizzard employee with the correct avatar and name, in the closed support channel on Battle.net.

Scammers will also try this via email, mailing players with addresses found on d2 forums, claiming to be Blizzard and asking for account information. Blizzard Support will never contact you unsolicited, and anytime they do mail you the return address will go to an @blizzard.com address. If it's [email protected] or something like that, it's obviously a scam, and in any event Bliz will never ask for your account password in a mail. It's easy to set up your email client so a mail appears to come from an @blizzard.com address, but very very hard to intercept a reply, so just be sure you are replying to who you think you are replying to.

Fansite Impersonators[edit]

Diabloii.net staff played anonymously.

In the busy early days of Diablo II, the staff at Diabloii.net often saw themselves impersonated on the realms, by players looking for free stuff.

We never used our semi-celebrity to ask for free things, and didn't conduct any website business over Battle.net, so anyone asking for anything in our names was running a scam.

Sneaky Game Commands[edit]

These are another form of Social Engineering, where players trick you into doing something stupid with a command you might not know about. They claim the command will do something special, usually dupe items, but it instead drops you, or incapacitates you, so they can kill you while you aren't paying attention.

There were a number of debug codes left in the final game that have been removed over time, "scrollhack1" used to cause half the screen to go black, but it's disabled now. "Soundchaosdebug" is an interesting command, just type that in and you get an incredible babble of character and NPC voices. Type it again to stop it. Alt+F4 is the basic close program command for Windows, so obviously if someone tells you to dupe by dropping all your equipment and hitting Alt F1-F5, they're trying to get you to close the game so they can run and grab your loot.

Various packet sending programs are popular now, though their only purpose is as a cheat, or way to dupe, etc. They are also used in scams, one is detailed in the Trade Hacks section, but be aware that a packet you send can mimic most any command you can do with your mouse or keyboard, and it's quite likely that what someone says a packet will do is not what it will do, and they might be causing you to crash out, or drop an item, etc.