Jump to content

5 Tips For A Secure Account

Roving

By Roving
in News & Important Information

 Share

Recommended Posts

Roving Arianwyn Master

Roving

Posted
Posted

 

RuneScape Account Security

Recently there have been a fair few hijackings of accounts, a few people in the clan have been hijacked too. It's not nice for anyone to see, especially the person who has been targeted as they may well have lost items which took years to get. It's an eye-opener and I don't think that a lot of us think of the devastation of what could happen if we're hacked. That's why it is of utmost importance that we're ahead of the game.

Phishing Emails

PLEASE FORWARD ANY PHISHING EMAILS YOU GET TO reportphishing@jagex.com!!

 

JMod thread on this stuff updating with latest scams: Quick find code: 275-276-0-63279193

Location: Home > RuneScape Forums > Account Security > Phishing Email Player Warnings

Hi everyone,

I have received several emails (different topics) which try to look as if it they are from Jagex, but they are fake of course.

The emails can be about:

  • Offering you Mod
  • Saying you have received an infraction for IRL trading
  • Saying your account has been banned
  • Asking you to 'verify your account'
  • Asking you to confirm or deny a password recovery request
  • etc
If your account was banned etc, Jagex would contact you via your game inbox.

The same applies to invites to become a moderator - these are via game inbox, not email or websites.

 

Please be aware that these fake emails can come from Jagex Ltd with high priority.

and the fake email could be from noreply@jagex.com

Please don't click on the link if you get an email like this.

Be safe everyone!

:hugs: Rae

 

EXAMPLE OF HOW PHISHING EMAILS WILL LOOK IN YOUR INBOX

bUUFk.png

 

Hotmail is probably one of the worst for these emails, especially now that they're creeping into your inbox instead of your spam folder. Gmail is much more secure.

EXAMPLE OF ONE FAKE EMAIL

Dear Player,

We regret to inform you that your account has received an infraction due to a Major Macroing offense. Please visit the appeal section under Account Management to view evidence of your infraction(s) and to appeal any infraction(s) that you feel were unjustified.

To view the evidence please click here:

LINK-TO-SITE-THAT-STEALS-YOUR-PASSWORD-REMOVED

Please note: Due to a recent bug in our infraction system, some accounts may have received a void infraction. The majority of void infractions have been removed but we cannot ensure that all infractions have been removed. We urge you to visit the appeal section to appeal any unjustified infractions received due to system errors.

Many thanks, Jagex Ltd.

Copyright © 1999 - 2011 Jagex Ltd. Jagex, RuneScape, FunOrb, War of Legends and Stellar Dawn are registered trademarks of Jagex Ltd in the United Kingdom and trademarks used in other countries of the world. By using our service you are agreeing to our Terms and Conditions and Privacy Policy.

Password Recovery request submitted for your Jagex account?

4/04/2011

From: RuneScape (noreply@jagex.com)

Sent: Monday, 4 April 2011 12:07:10 PM

To: [email address]

Dear Player,

This is an automated email from Jagex Ltd., makers of RuneScape and FunOrb, sent because someone has submitted a Password Recovery request for this account.

To verify your email address, enter this URL into your browser:

[link removed - it looks like a secure jagex DO NOT CLICK THIS LINK!]

Alternatively, copy this security code into your Account Recovery form: Your security code will expire at 13-Apr-2011 00:23 (official forum time.

If you did not submit this account recovery request, and you think that someone might be attempting to hijack your account, you can let us know by completing the form at

[link removed - looks like a real Jagex DO NOT CLICK THIS LINK!]

Many thanks,

Jagex Ltd.

You do not need to unsubscribe, as we have not added this email address to any mailing lists.

Copyright © 1999 - 2011 Jagex Ltd. Jagex, RuneScape, FunOrb, War of Legends and Stellar Dawn are registered trademarks of Jagex Ltd in the United Kingdom and trademarks used in other countries of the world.

By using our service you are agreeing to our Terms and Conditions and Privacy Policy.

Forum post in which a Jmod confirms this is a fake email:

 

Basic RuneScape Security Tips

  • Don't fall for scams (moderator applications etc..)
  • Don't trust ANYONE with your password.
  • Set a bankpin !!
  • Don't accept an account from anyone else.
  • Don't visit websites you without knowing they're safe.
  • Don't accept files via MSN/Skype etc...
  • You download files of any kind at your own risk. (trust your download)
  • Always bank expensive items before log out.
  • Download Windows Security Essentials.
  • Don't use your RuneScape password ANYWHERE ELSE - fansites etc...
  • I hope no one is but DON'T BOT - The clients CAN be used to hack you, and HAVE done very recently to MANY cheaters.
  • Make sure you are only entering your runescape password when the http bar shows the secure green Jagex Limited GB signature. Beware of fake Jagex websites.
  • Check the last IP logged in your account when you log in. If it's different from your own, print screen it and post the IP into the RSOF thread "I've lost control of my account" (it's an autohide thread).

I've been h(ij)acked!!!

Now is the time to cover your bases, follow this list in order:

  • Run a full Virus and Malware Scan.
  • Don't log into the game, log into the forums and post on this sticky in Account Help: 250-251-727-63596056
  • If you can't get into your account...
  • but have control over and can access your registered email address ,CLICK HERE.
  • and have lost control over or access to your registered email address, or don't have a registered email address, CLICK HERE.
  • If you can get into your account just fine, change your password and security questions as well as noting down the IP Address on the lobby screen for future reference.
  • Email accounthelp@jagex.com detailing the situation and your username, IP address and what you think has happened.

 

Antivirus & Malware Software

Anti-Spyware and Key Logger Software

Anti-Virus Software

Firewall Software

 

How Secure Is YOUR Account?

This is a little thing where you add up your score from the answers to your question then check the advice for your score! Please *don't* post your score.

Password

1 - Your password is a pet name or something that people know about you OR you haven't changed your password in the last 6 months.

2 - Your password is the above plus some numbers on the end.

3 - Your password is a mix of the above (my23dog92is92so2834awesome).

4 - Your password is super ninja and is something completely random that you got from a generator.

 

Bank PIN

1 - Your PIN is your IRL Bank PIN Number or your house number or Postal/Zip Code.

2 - Your PIN is something meaningful, a birthday of a family member.

3 - Your PIN is a bit random, mixed with some of the above.

4 - Your PIN is something random that you thought of once upon a time.

 

Security Questions

1 - You haven't set Security Questions OR you've forgotten them.

2 - You set your Security Questions but haven't changed them in the last 6 months.

3 - You changed your Security Questions in the last 6 months.

 

Email Validation

1 - You haven't validated your email

2 - You have validated your email

 

DO NOT POST YOUR SCORE PLEASE.

 

Answers - Click to unhide!

 

4 - 6

You've answered at least a 1, as people trying to hack others are ever increasing it's a really good idea to change your password to a 'strong' password frequently as well as having a hard-to-guess Bank PIN, a frequently changed set of security questions and a validated email.

7-9

Your account is somewhat secure, but it could be better. Think about adding numbers to passwords or changing your password to random characters and changing your security questions frequently.

10-12

Yay, your account is pretty secure! For the questions that you answered lower than the top score, think about upgrading your account security by taking advice from the top scoring answer!

13

Carry on your awesome security skills!

 

 

 

More Help

Jagex's Safety & Security Support Centre

RuneScape Forums: "Lost control of my account!"

RuneScape Forums: "Phishing - Scams and Info"

 

Link to post
Share on other sites
Gythux Arianwyn Master

Gythux

Posted
Posted (edited)

5 Tips For A Secure Account

We all heard stories about close friends being hacked, keylogged, robbed from their most valuable items and achievements. 
Don't be one of those stories. If you follow these tips, a hacker will have to be damn good to get your stuff.

 

1. Bank Pin

Never, ever disable this. It's the last line of defence between a hacker and your bank. A bank pin is the only protection you have that is time-limited. It will take days for a hacker to remove it, which gives you the time to recover your lost account. Entering it only takes a couple of seconds and is always worth it.

 

2. Authenticator

I'm well aware some people prefer JAG over the authenticator, especially those who don't have a smartphone. If you do have one, please set it up. Hackers will need to get hold of your smartphone to get past it. If you don't have one, you can also install an authentication program on a flash drive like a USB stick. It's better than nothing!

 

3. E-mail

Authenticator is useless if you don't secure your e-mail. If they get your e-mail, they can disable all your security in no time. I really recommend to have a separate e-mail account just for RuneScape. 


4. 2-Step Verification

This is probably the most important thing to do with your e-mail account. Add another line of defence to it, ensuring getting your password isn't enough to get in. It'll prompt you to enter a security code you get per sms or via an authentication app. Whether you add it to just your RuneScape e-mail or all your accounts is up to you, but it only takes a few seconds to verify your identity when you're logging in on a different computer. 

 

5. Change your password regularly!

It can always happen that someone accidentally sees your password. Or even worse, when you are being keylogged. Whether you were aware of it or not, changing it regularly helps to keep your account safe. If you are keylogged however, don't change it right-away or it won't help at all. Scan you computer with MalwareBytes or a similar program first and when you're 100% sure all spyware and malware is gone, change your password and bring your security back. Also, don't be that person who has 1234 or a1b2c3 or runescap3 as password. Keep it personal, use numbers, be creative. Sadly capital letters don't work in RS passwords.
It can be helpful to keep track of your old passwords to recover your account should you need to.

 

Be safe.

Edited by Joo
Link to post
Share on other sites
Princess Rae Arianwyn Master

Princess Rae

Posted
Posted

Very good advice, thanks Jo. :up:  

Link to post
Share on other sites
Mad Muffin Advanced Elf

Mad Muffin

Posted
Posted (edited)

Great advice! Thanks Roving & Joo.

Here are a few more tips & updates I'd like to add to this thread:

  • Don't reveal your login username or email account to anyone

If you use a display name that is not your original username, don't reveal your original username. This acts like another layer of security; I know many people may use same or similar passwords for numerous accounts they own (even if told not to :p ), and not having the full login credentials can prevent access to the RS website, at the very least. 

Microsoft has admitted that the goals of their basic windows essentials security has shifted and no longer is cutting edge in anti-virus definitions, and many of the above noted antivirus programs have faltered in effectiveness. Hence, I recommend these anti-virus/anti-malware/anti-adware programs:

I recommend installing one Anti-virus and one anti-malware, and every other tool listed below, but you may wish to have fewer to minimise system resource usage:

Anti - Virus Programs: (exist primarily to remove standard malicious software, such as trojans, keyloggers, rootkits, worms, ransomware and spyware, with many bundling in additional tools for safe browsing and safe banking)

  1. Avira (Free)
  2. Avast (Free)
  3. Bitdefender (Paid)
  4. ESET Nod32 (Paid)
  5. Kaspersky (Paid)

Anti - Malware Programs: (whereas anti-virus programs usually look up virus definitions, anti-malware programs target zero-day exploits and similar security holes)

  1. Malwarebytes (Free)
  2. Malwarebytes (Paid)

Adware cleaner applications: (these programs don't protect against viruses, but may help removal of PUPs (potentially unwanted programs) like toolbars, or bloatware)

  1. Pcdecrapifier (Free)
  2. Adwcleaner (Free)
  3. CCleaner (Free)

Browser plugins: (these browser addons prevent insecure connections, unsafe scripts and unwanted tracking)

  1. HTTPS everywhere (Free)
  2. Privacy badger (Free)
  3. uBlock Origin (Free) - Note: this is an adblocker that has additional anti-phishing security, be considerate and turn off the adblocker on websites you support.

Maintenance applications: (these applications are great to run to ensure your pc runs smoothly)

  1. Ninite.com (Free): When installing or updating applications, it is worth using this website to make the process seamless and also skips installation of bundled PUPs, like toolbars.
  2. Unchecky (Free): When installing programs, unchecky deselects all extra checkboxes in the installer to prevent install of adware and PUPs.
  3. Defraggler (Free): To be used as a better defrag program compared to the inbuilt windows one - for use with HDDs only and NOT SSDs.

     

Lastly, be sure to keep all software up to date to ensure the latest security patches have been applied.

Edited by Mad Muffin
Link to post
Share on other sites
River Frye Admired Elf

River Frye

Posted
Posted

I know the last reply to this was a few months ago, but this is very helpful. Thankfully I never received any kind of those emails, but if I do, I know what they look like, thank you. I found Mad Muffin's post the most helpful for me, thank you. I am going to use those extra security features mentioned. 

Link to post
Share on other sites
Gythux Arianwyn Master

Gythux

Posted
Posted

Repost, as someone got hacked again, with *no* security. 

Don't think you will never ever need it, because when you do you'll be happy you had it.

 

Spoiler

 

5 Tips For A Secure Account

We all heard stories about close friends being hacked, keylogged, robbed from their most valuable items and achievements. 
Don't be one of those stories. If you follow these tips, a hacker will have to be damn good to get your stuff.

 

1. Bank Pin

Never, ever disable this. It's the last line of defence between a hacker and your bank. A bank pin is the only protection you have that is time-limited. It will take days for a hacker to remove it, which gives you the time to recover your lost account. Entering it only takes a couple of seconds and is always worth it.

 

2. Authenticator

I'm well aware some people prefer JAG over the authenticator, especially those who don't have a smartphone. If you do have one, please set it up. Hackers will need to get hold of your smartphone to get past it. If you don't have one, you can also install an authentication program on a flash drive like a USB stick. It's better than nothing!

 

3. E-mail

Authenticator is useless if you don't secure your e-mail. If they get your e-mail, they can disable all your security in no time. I really recommend to have a separate e-mail account just for RuneScape. 


4. 2-Step Verification

This is probably the most important thing to do with your e-mail account. Add another line of defence to it, ensuring getting your password isn't enough to get in. It'll prompt you to enter a security code you get per sms or via an authentication app. Whether you add it to just your RuneScape e-mail or all your accounts is up to you, but it only takes a few seconds to verify your identity when you're logging in on a different computer. 

 

5. Change your password regularly!

It can always happen that someone accidentally sees your password. Or even worse, when you are being keylogged. Whether you were aware of it or not, changing it regularly helps to keep your account safe. If you are keylogged however, don't change it right-away or it won't help at all. Scan you computer with MalwareBytes or a similar program first and when you're 100% sure all spyware and malware is gone, change your password and bring your security back. Also, don't be that person who has 1234 or a1b2c3 or runescap3 as password. Keep it personal, use numbers, be creative. Sadly capital letters don't work in RS passwords.
It can be helpful to keep track of your old passwords to recover your account should you need to.

 

Be safe.

 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.