Post by Admin on Jan 25, 2016 11:45:38 GMT
Phishing is the act of tricking a player into divulging their login details, particularly their username and password. Once a scammer has access to a victim's account, they can then steal all of the victim's items and money. Players should never enter their login details into any website except runescape.com, and should never tell anyone else their login details, in-game or otherwise. Note that scammers can run websites that appear to be the official RuneScape website; for this reason, it is important for players to carefully check the address bar at the top of the web browser to ensure that the website is, in fact, runescape.com.
Phishing site scam
There are multiple forms of the phishing site scam. All of them involve the scammer attempting to get the victim to enter their RuneScape account's login details into his or her website, which may or may not resemble the official RuneScape website. The scammer then logs into the victim's account and takes all of their items.
Scammers will often offer victims incentives to login to the fake website, such as membership in a clan, or being given a valuable item. Some scammers will also pose as Jagex staff and tell their victims in private messages that they are being considered for a position as a player moderator, which they will receive if they verify their account details on the (fake) website. Another way is scammers will send out fake emails telling players they have been banned, and need to log-in to appeal their ban. However, Jagex staff will never contact players in-game, and will instead use the Message Centre. Anyone who offers a position as a player moderator in-game should be reported for impersonating Jagex staff.
YouTube scam
Some scammers will stand at the Grand Exchange with Spam Bots and claim that if players search YouTube for a specific phrase or player name, they can watch videos that teach them how to easily make money or promise a giveaway of items. Instead, these videos attempt to phish victims' login details by telling them to log into a third-party website controlled by the scammers or find the username's details and use a password cracker to compromise the account. These third-party sites may resemble a site controlled by RuneScape. For example, the scammer may provide a link to a "post on the RuneScape forums" which is actually a third-party site disguised as the forums which then prompts you for a password.
Some scammers also stand at the Grand Exchange telling you that you can be in a YouTube video they're making when you follow them. If you follow them they will take you to a dangerous place like the Clan Wars red portal and eventually kill you when you're in the dangerous zone. Always lookout if there is a second person following the person who has invited you. He will act like he is also participating in the video but will eventually help the other person kill you and eventually get a part of the loot.
Password phishing
A scammer will attempt to get a victim to say their password aloud. One possible way to do this is to say "Look, Jagex changed it to where you can't say your password backwards anymore! See, mine is ********." However, the asterisks are actual asterisks; while RuneScape does censor passwords in chat, it will not censor variations of passwords, such as passwords said backwards. The scammer will then log into the victim's account and take all their items.
Another variant of this scam is to tell players to change their password to something specific, then log out in order to receive free items. This will simply result in the scammer logging into the victim's account and stealing their valuables.
This scam will not work on members who have set a character name at least 28 days prior, as such players must use their original account names to log in. Also, this scam will not work on free players who have their accounts created after the 24th of November 2010, as such players must use their e-mail address to log in. Therefore, this scam may have lost popularity.
Membership scams
Sometimes scammers will log into free-to-play worlds and start offering to buy membership for anyone who gives the scammer their password. Rather than upgrading the victims' accounts, the scammers will simply steal all their items. Scammers may also offer membership in exchange for coins or valuable items, with which they will simply run away. This is a form of trust trading.
Furthermore, there are websites that claim to upgrade players' accounts to members status for a smaller fee than what Jagex charges. These sites will simply take the victim's fee, then log into their account and take their in-game items as well.
If you wish to purchase membership with your in-game wealth, the safest way to do so is by purchasing a Bond on the Grand Exchange.
Phishing site scam
There are multiple forms of the phishing site scam. All of them involve the scammer attempting to get the victim to enter their RuneScape account's login details into his or her website, which may or may not resemble the official RuneScape website. The scammer then logs into the victim's account and takes all of their items.
Scammers will often offer victims incentives to login to the fake website, such as membership in a clan, or being given a valuable item. Some scammers will also pose as Jagex staff and tell their victims in private messages that they are being considered for a position as a player moderator, which they will receive if they verify their account details on the (fake) website. Another way is scammers will send out fake emails telling players they have been banned, and need to log-in to appeal their ban. However, Jagex staff will never contact players in-game, and will instead use the Message Centre. Anyone who offers a position as a player moderator in-game should be reported for impersonating Jagex staff.
YouTube scam
Some scammers will stand at the Grand Exchange with Spam Bots and claim that if players search YouTube for a specific phrase or player name, they can watch videos that teach them how to easily make money or promise a giveaway of items. Instead, these videos attempt to phish victims' login details by telling them to log into a third-party website controlled by the scammers or find the username's details and use a password cracker to compromise the account. These third-party sites may resemble a site controlled by RuneScape. For example, the scammer may provide a link to a "post on the RuneScape forums" which is actually a third-party site disguised as the forums which then prompts you for a password.
Some scammers also stand at the Grand Exchange telling you that you can be in a YouTube video they're making when you follow them. If you follow them they will take you to a dangerous place like the Clan Wars red portal and eventually kill you when you're in the dangerous zone. Always lookout if there is a second person following the person who has invited you. He will act like he is also participating in the video but will eventually help the other person kill you and eventually get a part of the loot.
Password phishing
A scammer will attempt to get a victim to say their password aloud. One possible way to do this is to say "Look, Jagex changed it to where you can't say your password backwards anymore! See, mine is ********." However, the asterisks are actual asterisks; while RuneScape does censor passwords in chat, it will not censor variations of passwords, such as passwords said backwards. The scammer will then log into the victim's account and take all their items.
Another variant of this scam is to tell players to change their password to something specific, then log out in order to receive free items. This will simply result in the scammer logging into the victim's account and stealing their valuables.
This scam will not work on members who have set a character name at least 28 days prior, as such players must use their original account names to log in. Also, this scam will not work on free players who have their accounts created after the 24th of November 2010, as such players must use their e-mail address to log in. Therefore, this scam may have lost popularity.
Membership scams
Sometimes scammers will log into free-to-play worlds and start offering to buy membership for anyone who gives the scammer their password. Rather than upgrading the victims' accounts, the scammers will simply steal all their items. Scammers may also offer membership in exchange for coins or valuable items, with which they will simply run away. This is a form of trust trading.
Furthermore, there are websites that claim to upgrade players' accounts to members status for a smaller fee than what Jagex charges. These sites will simply take the victim's fee, then log into their account and take their in-game items as well.
If you wish to purchase membership with your in-game wealth, the safest way to do so is by purchasing a Bond on the Grand Exchange.