1) Use an authenticator if you can. Mobile or Dongle only. Dialup and WoW will not work
2) Move any valuable items you have onto the 2nd page of your stash, and cover the first page in junk. Items you wear and in your inventory will be destroyed when you are hacked and are not safe. You will lose your gold no matter what
3) When logging off after a sesson, log into a smurf character, a level 1 monk for example. This will make him your active character, so he is the one the bot logs onto instead of your valuable one. This will not protect you if you are hacked while online (on your good char)
4) Do not attempt to fight the hackers for control of your account. If they kick you offline, do not try to keep logging in, or they will change your password. Be passive and wait 15 minutes to make sure they are done.
5) File a support ticket as you can on the bottom of this website's page, which may rollback your account. Rollbacks may not save all your progress, because they could be up to a week old and restore you to less gold/items than you had before being hacked. After the first rollback, you cannot use the RMAH until you get an authenticator, and after the second rollback, you cannot use the RMAH permanently
6) Do not join/create public games. The hackers looking for accounts to target by searching public games; you can be targeted for simply being in the same game as one of their bots.
7) Do not be on your friends friends list. Likewise, do not put him on yours. If one account is compromised, they will be able to see a network of accounts on friends lists spanning off from it and target those in turn.
8) Store your liquid assets in other forms than gold. You will lose your gold if you get hacked, so investing in items or materials can be a safer method.
Phishing, keylogging, malware, session hijacking, etc all have nothing to do with this exploit at all, and avoiding user error will not protect you whatsoever. The safe method to avoid being hacked right now is to use a valid authenticator, and there are no guarantees that this same exploit can't be expanded to bypass authenticators too, however I view that as improbable. If you cannot get an authenticator for whatever reason or have to wait to set one up, use the simple methods I have outlined to minimize the damage you will experience.
----not my post just a copy/paste
Sounds like a same I want to play...