Account Safety Checklist Before Buying or Selling

Accounts change hands or undergo evaluation for collateral trades more often during patch transitions. The greatest risks are residual personal identifiers, weak recovery vectors, inconsistent security posture, and lack of rollback evidence. This checklist compresses best-practice hardening into structured phases so you minimize exposure whether you are preparing to sell, evaluating a purchase, or staging a neutral escrow verification.

1. Pre-Hardening Snapshot

Before touching anything, collect a reference baseline in case you need to prove original state:

• Inventory overview (bags, bank, key currencies).
• Notable achievements & mounts list page counts.
• Current professions & specialization splits.
• Security settings page (mask sensitive data).
• Authenticator status (enabled/disabled + type).

2. Identifier Sanitization

Strip or neutralize data tying the account to personally identifying information:

• Remove public notes with emails, handles, or cross-game IDs.
• Rename storage guild bank tabs referencing real names / tags.
• Clear friend notes referencing off-platform contacts.
• Check macro text for embedded sensitive tokens or links.
• Delete UI addon saved vars containing personal messages (backup first).

3. Recovery Vector Security

Ensure control channels cannot be hijacked post-transfer or inspection:

• Unique email (not reused across marketplaces) with modern 2FA.
• Password rotation to a fresh passphrase (store securely).
• Authenticator re-seed (new seed) if previously exposed on screenshots.
• Remove outdated backup codes; generate a new set stored offline.
• Disable unneeded phone recovery fallback if redundant.

4. Environment Hygiene

Local endpoint compromise negates all upstream security:

• Malware scan (updated signatures + heuristic pass).
• Remove abandoned automation or outdated plugins.
• Patch OS + critical runtime dependencies.
• Restrict screen recording / overlay utilities not required.
• Segment browser profiles (work vs gaming) to limit token bleed.

5. Data Minimization & Logs

Reduce traceable content & prepare evidence materials:

• Export limited sanitized screenshot bundle (no email subjects / private chat).
• Record timestamped list of high-value assets (text file).
• Clear mailboxes of personal chatter; retain system mails.
• Backup interface + WTF folders (offline archive).
• Document all changes performed during hardening (simple log).

6. Transfer Staging (Seller Perspective)

If proceeding to sale or escrow evaluation:

• Create a neutral email prepared solely for transaction phase.
• Temporarily disable auto-login / saved credentials on launcher.
• Remove optional payment methods from associated platform if unrelated.
• Stage gold / materials logically (avoid suspicious scatter consolidation last minute).
• Prepare a statement: account scope, characters, disclaimers (no chargebacks, no bots historically).

7. Buyer Due-Diligence Checklist

When evaluating an offered account:

• Request recent authenticator presence confirmation (without revealing codes).
• Compare asset screenshot timestamps for editing anomalies.
• Cross-check mount / achievement totals with public third-party trackers (consistency drift indicates tampering).
• Ask for anonymized security change log (dates only) proving recent hygiene actions.
• Verify no unresolved suspension / support tickets (request status summary).

8. Post-Transfer Hardening (Buyer)

Immediately after access is handed over:

• Full credential rotation: email + account + associated platform.
• Authenticator seed replacement (previous authenticator invalidated).
• Review addon folders for embedded scripts / keylog traces.
• Change all macro text referencing old owners / communities.
• Enroll fresh recovery backups; store offline (not cloud-synced).

9. Rollback & Dispute Readiness

Even with clean processes, disputes can occur. Prepare minimal yet sufficient documentation:

• Chronological log of major events (credential change times, authenticator activations).
• Before/after baseline asset comparison (only counts, not sensitive unique IDs).
• List of security hygiene actions executed (dates).
• Segregated contact log (platform + timestamps).
• Separate encrypted archive containing evidence (shared only if escalation required).

10. TL;DR Quick Reference

Checklist offers procedural guidance only—always comply with current game terms and never distribute or solicit compromised credentials. Tailor depth to account value; higher stakes justify full logging rigor.