Roving Posted May 20, 2012 Report Share Posted May 20, 2012  RuneScape Account SecurityRecently there have been a fair few hijackings of accounts, a few people in the clan have been hijacked too. It's not nice for anyone to see, especially the person who has been targeted as they may well have lost items which took years to get. It's an eye-opener and I don't think that a lot of us think of the devastation of what could happen if we're hacked. That's why it is of utmost importance that we're ahead of the game.Phishing EmailsPLEASE FORWARD ANY PHISHING EMAILS YOU GET TO reportphishing@jagex.com!! JMod thread on this stuff updating with latest scams: Quick find code: 275-276-0-63279193Location: Home > RuneScape Forums > Account Security > Phishing Email Player WarningsHi everyone,I have received several emails (different topics) which try to look as if it they are from Jagex, but they are fake of course.The emails can be about:Offering you ModSaying you have received an infraction for IRL tradingSaying your account has been bannedAsking you to 'verify your account'Asking you to confirm or deny a password recovery requestetcIf your account was banned etc, Jagex would contact you via your game inbox.The same applies to invites to become a moderator - these are via game inbox, not email or websites. Please be aware that these fake emails can come from Jagex Ltd with high priority.and the fake email could be from noreply@jagex.comPlease don't click on the link if you get an email like this. Be safe everyone! Rae EXAMPLE OF HOW PHISHING EMAILS WILL LOOK IN YOUR INBOX Hotmail is probably one of the worst for these emails, especially now that they're creeping into your inbox instead of your spam folder. Gmail is much more secure.EXAMPLE OF ONE FAKE EMAILDear Player,We regret to inform you that your account has received an infraction due to a Major Macroing offense. Please visit the appeal section under Account Management to view evidence of your infraction(s) and to appeal any infraction(s) that you feel were unjustified.To view the evidence please click here:LINK-TO-SITE-THAT-STEALS-YOUR-PASSWORD-REMOVEDPlease note: Due to a recent bug in our infraction system, some accounts may have received a void infraction. The majority of void infractions have been removed but we cannot ensure that all infractions have been removed. We urge you to visit the appeal section to appeal any unjustified infractions received due to system errors.Many thanks, Jagex Ltd.Copyright © 1999 - 2011 Jagex Ltd. Jagex, RuneScape, FunOrb, War of Legends and Stellar Dawn are registered trademarks of Jagex Ltd in the United Kingdom and trademarks used in other countries of the world. By using our service you are agreeing to our Terms and Conditions and Privacy Policy.Password Recovery request submitted for your Jagex account?4/04/2011From: RuneScape (noreply@jagex.com)Sent: Monday, 4 April 2011 12:07:10 PMTo: [email address]Dear Player,This is an automated email from Jagex Ltd., makers of RuneScape and FunOrb, sent because someone has submitted a Password Recovery request for this account.To verify your email address, enter this URL into your browser:[link removed - it looks like a secure jagex DO NOT CLICK THIS LINK!] Alternatively, copy this security code into your Account Recovery form: Your security code will expire at 13-Apr-2011 00:23 (official forum time.If you did not submit this account recovery request, and you think that someone might be attempting to hijack your account, you can let us know by completing the form at[link removed - looks like a real Jagex DO NOT CLICK THIS LINK!]Many thanks,Jagex Ltd.You do not need to unsubscribe, as we have not added this email address to any mailing lists.Copyright © 1999 - 2011 Jagex Ltd. Jagex, RuneScape, FunOrb, War of Legends and Stellar Dawn are registered trademarks of Jagex Ltd in the United Kingdom and trademarks used in other countries of the world.By using our service you are agreeing to our Terms and Conditions and Privacy Policy.Forum post in which a Jmod confirms this is a fake email: Basic RuneScape Security TipsDon't fall for scams (moderator applications etc..)Don't trust ANYONE with your password.Set a bankpin !!Don't accept an account from anyone else.Don't visit websites you without knowing they're safe.Don't accept files via MSN/Skype etc...You download files of any kind at your own risk. (trust your download)Always bank expensive items before log out.Download Windows Security Essentials.Don't use your RuneScape password ANYWHERE ELSE - fansites etc...I hope no one is but DON'T BOT - The clients CAN be used to hack you, and HAVE done very recently to MANY cheaters.Make sure you are only entering your runescape password when the http bar shows the secure green Jagex Limited GB signature. Beware of fake Jagex websites.Check the last IP logged in your account when you log in. If it's different from your own, print screen it and post the IP into the RSOF thread "I've lost control of my account" (it's an autohide thread).I've been h(ij)acked!!!Now is the time to cover your bases, follow this list in order:Run a full Virus and Malware Scan.Don't log into the game, log into the forums and post on this sticky in Account Help: 250-251-727-63596056If you can't get into your account...but have control over and can access your registered email address ,CLICK HERE.and have lost control over or access to your registered email address, or don't have a registered email address, CLICK HERE.If you can get into your account just fine, change your password and security questions as well as noting down the IP Address on the lobby screen for future reference.Email accounthelp@jagex.com detailing the situation and your username, IP address and what you think has happened. Antivirus & Malware SoftwareAnti-Spyware and Key Logger SoftwareSpybot Search and DestroyMicrosoft Windows DefenderAd-Aware AdAwareMalwarebytesAnti-Virus SoftwareMicrosoft Security EssentialsAVGAvastFirewall SoftwareZone AlarmESET Smart Security How Secure Is YOUR Account?This is a little thing where you add up your score from the answers to your question then check the advice for your score! Please *don't* post your score.Password1 - Your password is a pet name or something that people know about you OR you haven't changed your password in the last 6 months.2 - Your password is the above plus some numbers on the end.3 - Your password is a mix of the above (my23dog92is92so2834awesome).4 - Your password is super ninja and is something completely random that you got from a generator. Bank PIN1 - Your PIN is your IRL Bank PIN Number or your house number or Postal/Zip Code.2 - Your PIN is something meaningful, a birthday of a family member.3 - Your PIN is a bit random, mixed with some of the above.4 - Your PIN is something random that you thought of once upon a time. Security Questions1 - You haven't set Security Questions OR you've forgotten them.2 - You set your Security Questions but haven't changed them in the last 6 months.3 - You changed your Security Questions in the last 6 months. Email Validation1 - You haven't validated your email2 - You have validated your email DO NOT POST YOUR SCORE PLEASE. Answers - Click to unhide! 4 - 6You've answered at least a 1, as people trying to hack others are ever increasing it's a really good idea to change your password to a 'strong' password frequently as well as having a hard-to-guess Bank PIN, a frequently changed set of security questions and a validated email.7-9Your account is somewhat secure, but it could be better. Think about adding numbers to passwords or changing your password to random characters and changing your security questions frequently.10-12Yay, your account is pretty secure! For the questions that you answered lower than the top score, think about upgrading your account security by taking advice from the top scoring answer!13Carry on your awesome security skills!   More HelpJagex's Safety & Security Support CentreRuneScape Forums: "Lost control of my account!"RuneScape Forums: "Phishing - Scams and Info" Quote Link to post Share on other sites More sharing options...
Gythux Posted August 30, 2015 Report Share Posted August 30, 2015 (edited) 5 Tips For A Secure AccountWe all heard stories about close friends being hacked, keylogged, robbed from their most valuable items and achievements. Don't be one of those stories. If you follow these tips, a hacker will have to be damn good to get your stuff. 1. Bank PinNever, ever disable this. It's the last line of defence between a hacker and your bank. A bank pin is the only protection you have that is time-limited. It will take days for a hacker to remove it, which gives you the time to recover your lost account. Entering it only takes a couple of seconds and is always worth it. 2. AuthenticatorI'm well aware some people prefer JAG over the authenticator, especially those who don't have a smartphone. If you do have one, please set it up. Hackers will need to get hold of your smartphone to get past it. If you don't have one, you can also install an authentication program on a flash drive like a USB stick. It's better than nothing! 3. E-mailAuthenticator is useless if you don't secure your e-mail. If they get your e-mail, they can disable all your security in no time. I really recommend to have a separate e-mail account just for RuneScape. 4. 2-Step VerificationThis is probably the most important thing to do with your e-mail account. Add another line of defence to it, ensuring getting your password isn't enough to get in. It'll prompt you to enter a security code you get per sms or via an authentication app. Whether you add it to just your RuneScape e-mail or all your accounts is up to you, but it only takes a few seconds to verify your identity when you're logging in on a different computer.  5. Change your password regularly!It can always happen that someone accidentally sees your password. Or even worse, when you are being keylogged. Whether you were aware of it or not, changing it regularly helps to keep your account safe. If you are keylogged however, don't change it right-away or it won't help at all. Scan you computer with MalwareBytes or a similar program first and when you're 100% sure all spyware and malware is gone, change your password and bring your security back. Also, don't be that person who has 1234 or a1b2c3 or runescap3 as password. Keep it personal, use numbers, be creative. Sadly capital letters don't work in RS passwords.It can be helpful to keep track of your old passwords to recover your account should you need to. Be safe. Edited August 30, 2015 by Joo Quote Link to post Share on other sites More sharing options...
Princess Rae Posted August 30, 2015 Report Share Posted August 30, 2015 Very good advice, thanks Jo. Â Quote Link to post Share on other sites More sharing options...
Scotty Posted October 11, 2015 Report Share Posted October 11, 2015 Top notch advice Quote Link to post Share on other sites More sharing options...
Gythux Posted October 21, 2015 Report Share Posted October 21, 2015 Bump, as I heard someone got hacked =/ Quote Link to post Share on other sites More sharing options...
Mad Muffin Posted January 10, 2016 Report Share Posted January 10, 2016 (edited) Great advice! Thanks Roving & Joo.Here are a few more tips & updates I'd like to add to this thread:Don't reveal your login username or email account to anyoneIf you use a display name that is not your original username, don't reveal your original username. This acts like another layer of security; I know many people may use same or similar passwords for numerous accounts they own (even if told not to ), and not having the full login credentials can prevent access to the RS website, at the very least. Microsoft has admitted that the goals of their basic windows essentials security has shifted and no longer is cutting edge in anti-virus definitions, and many of the above noted antivirus programs have faltered in effectiveness. Hence, I recommend these anti-virus/anti-malware/anti-adware programs:I recommend installing one Anti-virus and one anti-malware, and every other tool listed below, but you may wish to have fewer to minimise system resource usage:Anti - Virus Programs: (exist primarily to remove standard malicious software, such as trojans, keyloggers, rootkits, worms, ransomware and spyware, with many bundling in additional tools for safe browsing and safe banking)Avira (Free)Avast (Free)Bitdefender (Paid)ESET Nod32 (Paid)Kaspersky (Paid)Anti - Malware Programs: (whereas anti-virus programs usually look up virus definitions, anti-malware programs target zero-day exploits and similar security holes)Malwarebytes (Free)Malwarebytes (Paid)Adware cleaner applications: (these programs don't protect against viruses, but may help removal of PUPs (potentially unwanted programs) like toolbars, or bloatware)Pcdecrapifier (Free)Adwcleaner (Free)CCleaner (Free)Browser plugins: (these browser addons prevent insecure connections, unsafe scripts and unwanted tracking)HTTPS everywhere (Free)Privacy badger (Free)uBlock Origin (Free) - Note: this is an adblocker that has additional anti-phishing security, be considerate and turn off the adblocker on websites you support.Maintenance applications: (these applications are great to run to ensure your pc runs smoothly)Ninite.com (Free): When installing or updating applications, it is worth using this website to make the process seamless and also skips installation of bundled PUPs, like toolbars.Unchecky (Free): When installing programs, unchecky deselects all extra checkboxes in the installer to prevent install of adware and PUPs.Defraggler (Free): To be used as a better defrag program compared to the inbuilt windows one - for use with HDDs only and NOT SSDs. Lastly, be sure to keep all software up to date to ensure the latest security patches have been applied. Edited January 12, 2016 by Mad Muffin Quote Link to post Share on other sites More sharing options...
Roving Posted January 15, 2016 Author Report Share Posted January 15, 2016 Hey @Mad Muffin, great advice! Â Quote Link to post Share on other sites More sharing options...
River Frye Posted May 8, 2016 Report Share Posted May 8, 2016 I know the last reply to this was a few months ago, but this is very helpful. Thankfully I never received any kind of those emails, but if I do, I know what they look like, thank you. I found Mad Muffin's post the most helpful for me, thank you. I am going to use those extra security features mentioned. Quote Link to post Share on other sites More sharing options...
Gythux Posted July 17, 2016 Report Share Posted July 17, 2016 Repost, as someone got hacked again, with *no* security. Don't think you will never ever need it, because when you do you'll be happy you had it.  Spoiler  5 Tips For A Secure Account We all heard stories about close friends being hacked, keylogged, robbed from their most valuable items and achievements. Don't be one of those stories. If you follow these tips, a hacker will have to be damn good to get your stuff.  1. Bank Pin Never, ever disable this. It's the last line of defence between a hacker and your bank. A bank pin is the only protection you have that is time-limited. It will take days for a hacker to remove it, which gives you the time to recover your lost account. Entering it only takes a couple of seconds and is always worth it.  2. Authenticator I'm well aware some people prefer JAG over the authenticator, especially those who don't have a smartphone. If you do have one, please set it up. Hackers will need to get hold of your smartphone to get past it. If you don't have one, you can also install an authentication program on a flash drive like a USB stick. It's better than nothing!  3. E-mail Authenticator is useless if you don't secure your e-mail. If they get your e-mail, they can disable all your security in no time. I really recommend to have a separate e-mail account just for RuneScape. 4. 2-Step Verification This is probably the most important thing to do with your e-mail account. Add another line of defence to it, ensuring getting your password isn't enough to get in. It'll prompt you to enter a security code you get per sms or via an authentication app. Whether you add it to just your RuneScape e-mail or all your accounts is up to you, but it only takes a few seconds to verify your identity when you're logging in on a different computer.  5. Change your password regularly! It can always happen that someone accidentally sees your password. Or even worse, when you are being keylogged. Whether you were aware of it or not, changing it regularly helps to keep your account safe. If you are keylogged however, don't change it right-away or it won't help at all. Scan you computer with MalwareBytes or a similar program first and when you're 100% sure all spyware and malware is gone, change your password and bring your security back. Also, don't be that person who has 1234 or a1b2c3 or runescap3 as password. Keep it personal, use numbers, be creative. Sadly capital letters don't work in RS passwords. It can be helpful to keep track of your old passwords to recover your account should you need to.  Be safe.   Quote Link to post Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.