This serious World of Warcraft security flaw could see you robbed without even noticing it

Best MMORPG World of Warcraft

A new scam has just been uncovered in WoW that allows players to get access to your inventory and trade the items to their character without you even knowing it. In fact, unless you read on, you might even help them do it. 

Try not to get robbed in our list of the best MMORPGs

The con relies on the very makeup of the game, using the Lua script language to take over your chat window and allowing them to use it to input commands that can interact with your UI.

It all starts when someone asks you to type in one simple line of code into your chat bar, perhaps by promising you it’ll spawn a rare mount or level up your character.

Once you type in “/run RemoveExtraSpaces=RunScript”, they can then use any other command in your chat window, including a command to make it so you can’t see what they are up to.

You might wander off and wonder what just happened, but they now know exactly where you are at all times. Once within proximity, the right inputs can let them open up the trade menu with you and swipe all your hard-earned gold, weapons and more.

This could snowball, with the scammer using your interface to send messages to your friends to try and scam them too. Perhaps they will use you to convince your friends to input the line of code so they can do it all over again. Your friends might even think you did it.

These attacks could even be hidden in add-ons that you get from a third-party site, so be careful when not downloading from Blizzard.

In a Legion patch, Blizzard have added a warning message that pops up when using the Lua script, but if you agree, the message disappears forever. For now, if you get a warning message about the possible loss of gold, you’re on route to scam city and should probably nip it in the bud.

Just don’t input anything in chat that looks like code, even if it’s from a trusted friend. They might not actually be your friend.

Thanks, G Data.