What Can You Do To Keep Your Runescape Account Secure
From the desk of Mantas,
Somewhere deep in Europe.
Dear Fellow OSRS Player,
We have 16-anti-hack-steps to cover, on top of 3-most-popular hacking techniques, thus, withour further ado, let's get into...
PART-1
Methods and Techniques Scums Use To Rip Runescape Players Off
Scam Attempt #1: Phishing
For those who think phishing is catching lobsters, let me explain what it really is, and then, give a few real life examples of this perhaps the most popular scam scheme.
What Is Phishing?
Whilst there are at least a dozen of different phishing methods, the structure underlying the scheme always stay the same: a hacker sets up a website or an application or a fake Runescape client that looks IDENTICAL to Runescape’s. It could be a fake RuneLite client ...or a fake Runescape.com website ...or a fake mobile app.
Then, a schmooks uses emails or Facebook and Google ads to drive traffic to the fake entities created in the first step.
On this fake entity, you will be asked to enter credentials of Runescape account. Most common hooks used to lure gullible targets: First, anything of value - free bond or GP or invitation to test a BETA version of a new game mode. Whatever appeals to tendency of humans to go for FREE and novel stuff.
In other cases, a hook may appear as a warning - "Your account is compromised, log in and change your password ASAP - a schmook may say.:
Either way, if you go for a bait and end up entering the log in details of your account on the fake entity, your credentials will be immediately sent to the scammers.
The Real-Life Example
The most recent phishing attempt, which is still ongoing, and to which at least a dozen of my customers fell for, is a fake bond giveaway scheme.
Scammers run Facebook ad that looks similar to the one I scrapped for you below.
Then, victims who click APPLY NOW are taken to a fake website.
From there, if you click the redeem membership button, you would be asked to enter the details of your account ...and wholia...next thing you know - your account cleaned..
Scam Attempt #2: Keylogging
Whilst this is less likely to happen, the after effect of getting key logged is much more devastating, because a hacker gains access not only to credentials of Runescape account - including a bank pin - but also an email inbox, which can be used to turn authenticator off ...or even claim the account itself.
Basically whatever information you type on your screen, a hacker would see, as if he stood behind you watching.
How do you you end up keylogged?
Download and install a wrong application and you are doomed. It may be a Runescape bot client ...some sort of in-game helper like an auto-clicker ...a Runescape private server client ...etc ...etc.
On a bigger scale it can be a random game you downloaded ...or a pirated software.
How to avoid getting keylogged?
Obviously, not downloading shady applications would be a good start. Having a good, up-to-date anti-virus software mitigates the risk as well. That's about it. Your best weapon against this type of attack will be common sense. If it is too good to be true, it probably is.
Scam Attempt #3: Social Engineering
Don’t laugh this one off just yet - here is why.
First, we have to understand how this type of hack unfolds, and then, what can be done to avoid it.
Here is how hackers pull social engineering scam off.
First, hackers use social engineering techniques and database dumps to collect as much information as possible. How do they do it?
By posing as your friend of course.
They will seem friendly, hang out and talk with you in the game, then they will probably befriend you on Facebook and start asking - seemingly irrelevant - questions: like where do you live ...when did you start playing ..how old is your account ....how do you pay for membership ...what was your most disgusting password ...etc...etc.
Once a low-life-scum collects enough information about you and your account, he will try to recover your account by impersonating you, using the information you provided. And of course, in some cases, Jagex employees will indeed mistake a scammer with a legitimate owner.
How to avoid this scam attack?
Don’t leak your sensitive data ...treat every stranger you meet like an enemy.
Also, understand the issue of database leaks.
Chances are, during your Runescape career you have used the same email - perhaps even the same password - to sign up on various forums ...discussion boards and what have you.
Unfortunately, websites get hacked every day and user data end-up leaked and sold. This offers a huuuuge opportunity for scammers, as they get additional data points to use in the account recovery process. So, the first thing you want to do is keep your Runescape details separate from all your other stuff, we will touch upon this in the part-2, onto which we now move.
PART-2:
How To Secure Your Runescape Account?
Cool, so now you are aware of the methods and techniques these low-lifes employ.
...hopefully next time a scum tries to wrap his fingers around your wallet, you will immediately recognize the deceit, and cut his snaily extremities off.
What else can you do to protect your account tho?
In fact, plenty of things, let’s begin with...
Password-Hygiene
Suggestion#1: I can not stress this enough: do not ever use the same password for two different websites ...games ...what have you. One password per one account. That’s the rule. Don’t be lazy. Train your memory.
Suggestion#2: Do not keep your passwords stored online or on your computer, instead write them down on a piece of paper.
Suggestion#3: Keep your password strong ...use numbers and symbols (@, #, $, % ...make it as long as the Great Wall of China - this will protect you against brute forcing attempts.
Suggestion#4: Change your password periodically, every month, or even better, every two weeks. Also, make sure to have a list of your previous password, in case you ever get hacked, this list will serve as the master key to your account. Do not, I repeat, do not store this list online or on your PC. Rather not have it all, than give hackers access to it.
Suggestion#1: This is the most important!!!! Make sure to have two-factor authenticator activated on your email!!!!
Suggestion#2: Make sure your log in email is different from the email you have registered to your account.
Suggestion#3: As the story goes with the security of your password, you should use one email address per account.
Suggestion#4: Needless to say, use different passwords for your email and for your Runescape account.
2-Factor-Authenticator
This one is a no-brainer.
You should have an active authenticator for both your email and your RS-Account. Also, another no brainer for you - do not have authenticator software installed on your PC - use mobile instead ...duhhh. Why? Because if your PC - or if you are an Apple fanboy, your MAC - gets keylogged or ratted or virus’ed in any other way, your account will still stay safe.
Bank Pin
Change it. Frequently. This implies that you should have BP set-up in the first place.
A List of Don'ts and Be-Aware-Of’s
DON’T share none of your sensitive information online - like where you live at ...where and when you created an account ...how do you pay for membership ...etc ...etc
DON’T play private servers, those are notorious for ratting PCs/MACs and hacking Runescape accounts.
DON’T link your account to Social Media. Such a link gives another key a hacker can use to open your account
BE-AWARE-OF downloading a fake version of popular clients like RuneLite. Preferably you want to use an official client, but I understand, it sucks. So be extra cautious what client you end up downloading.
The End
So there you have it.
If you follow these precautionary steps, you will never get hacked - this I can promise.
Unfortunately, we humans carry a tendency of acting irrationally nine times out of ten.
We know what we ought to do, but ignore the thing.
Don't allow your account safety to be one of those ignored things.
Good Luck and Happy Scapping.
To Your OSRS Gainz,
Mantas
