Phishing e-mail?

[Estonian dude]

Today, I checked my regular e-mail account that I've never ever gotten phishing e-mails or anything, only official Jagex info and I got an e-mail looking like this:

 

 

From top, the addresses are From: Jagex Ltd [email protected] , To: *my email address* , Topic: Your account has received an infraction , Time: 14.01.2012 10:05

 

The link that is in there is a phishing site, according to google and I didn't check it further.

 

How the heck can they send under [email protected] address and how the heck did they get my e-mail address? I don't use it practically anywhere except for the closest and most personal stuff.

[haimonek]

It wouldn't suprise me if they go through the RuneScape facebook page looking for email adresses.

[Quyneax]

Moved to Help&Advice.

 

It's probably a phishing e-mail. The e-mail adress they appear to send from can be faked iirc.

[Sy_Accursed]

There very easy ways to mask email addresses, if you go into the details of the sender you will get a code like jumble of stuff, but in there you'll usually see some entire random email address which is the one it actually came from.

 

Also if you hover over the link and look at the bottom of your screen you'd clearly see that it would be going to a site that is not runescape.com. In html its easy to "fake" links like that to a casual observer.

 

A basic link would be:

<a>www.runescape.com</a>

You'd see www.runescape.com and it'd link there

 

A text links is:

<a href="www.runescape.com">Hello!</a>

You'd see Hello! but it links to runescape.com

 

The scam links:

<a href="www.istealurgpz.com">www.runescape.com</a>

You'll see what looks like a basic link to www.runescape.com BUT its actually a text link to www.istealurgpz.com where the the text just says www.runescape.com

[Estonian dude]

I know that you can mask the links easily, but I won't add that link here. Anyways, the domaintools on the link suggested that the server is based in Germany, but it is owned by a Lithuanian "information gathering company".

[Karvinen]

Moved to Help&Advice.

 

It's probably a phishing e-mail. The e-mail adress they appear to send from can be faked iirc.

You can choose the sender address freely. You don't even need to "hack" anything to use a fake address.

[Randox]

The easiest way to tell that this one is fake is by the title. Jagex simply don't use email for the purpose of informing you about things like offences. There is an excellent thread in the account security section of the RSOF, /g=runescape/[Please Use QuickFind Code]?275,276,0,63279193]here. That walks you through finding the real sender for the major email providers. It also goes through common scam topics, how they get your email, and there is a post on the loyalty post ones as well (which are a bit harder since Jagex does email you about that).

 

The list of common scams is worth pulling out though for everyone to see.

We will NEVER email you about:

Macroing

Selling your Account

Real World Trading

Received an Offence

Received an Infraction

Account is in Danger Zone

Account Suspension

Account Disabled

Account Hijacking

Password Expiring

Password has been Wrongly Entered

Unusual Activity on your Account

To Validate your Email Address (if you haven't requested it)

You are Eligible for a Free Gift

To Confirm a Change to your Email Address (if you haven't requested it)

To Recover your Password (if you haven't requested it)

Moderator invitation or application

[lordkafei]

It wouldn't suprise me if they go through the RuneScape facebook page looking for email adresses.

 

It wouldnt surprise me either, but thats definitely not how they got mine.

 

FWIW, I get 5 to 10 of these emails a week. I forward them to Jagex and they take it from there.

 

For most people, its probably not worth the risk of even opening the emails, because most of these emails have graphics in them. The bad guys can then check their logs to see which IPs accessed their graphics and use that information for nefarious purposes.