Jump to content

Help!

AnneFrank

By AnneFrank
in Tech and Computers

 Share

Recommended Posts

pryomancer

pryomancer

Posted
Posted

Sorry, unfortunately your account has been stolen.

 

 

 

We've had this link posted around the forums for a few days now, we keep banning people but more come.

 

The scammer disguises the link to pretend it's going to the official forums, but it actually goes to a fake RuneScape site which steals your account after it tells you to log in.

 

 

 

The best thing you can do is try to recover your account and change the password immediately.

spacescenev24.jpg
Link to comment
Share on other sites
123_x_pac

123_x_pac

Posted
Posted

Virus scan your comp, try and get rid of the virus if there is one THEN do recovs and change pass.

League of Legends Referal link: http://signup.leagueoflegends.com/?ref=4e55a571778d2633364408

"Life is short, and shortly it will end, Death comes quickly which respects no one, Death destroys everything and takes pity on no one"

Drops: 8whips, 28dboots, 1hand cannon, 2 dmeds 3dskirts 2 dbows

99s(in order): Attack Constitution Defence

Link to comment
Share on other sites
123_x_pac

123_x_pac

Posted
Posted

Then it could be a keylogger. And then he would want to do the above steps to make sure it doesn't happen to anything else that requires a password.

League of Legends Referal link: http://signup.leagueoflegends.com/?ref=4e55a571778d2633364408

"Life is short, and shortly it will end, Death comes quickly which respects no one, Death destroys everything and takes pity on no one"

Drops: 8whips, 28dboots, 1hand cannon, 2 dmeds 3dskirts 2 dbows

99s(in order): Attack Constitution Defence

Link to comment
Share on other sites
123_x_pac

123_x_pac

Posted
Posted
Then it could be a keylogger. And then he would want to do the above steps to make sure it doesn't happen to anything else that requires a password.

League of Legends Referal link: http://signup.leagueoflegends.com/?ref=4e55a571778d2633364408

"Life is short, and shortly it will end, Death comes quickly which respects no one, Death destroys everything and takes pity on no one"

Drops: 8whips, 28dboots, 1hand cannon, 2 dmeds 3dskirts 2 dbows

99s(in order): Attack Constitution Defence

Link to comment
Share on other sites
Nadril

Nadril

Posted
Posted
Then it could be a keylogger. And then he would want to do the above steps to make sure it doesn't happen to anything else that requires a password.

 

 

 

No, I'm pretty sure it just stores what you entered into the sites field, not a keylogger. Sure he can scan (and should) to be safe but the only bet is to use Jagex's built in recovery system.

Link to comment
Share on other sites
urbestfreind

urbestfreind

Posted
Posted
Then it could be a keylogger. And then he would want to do the above steps to make sure it doesn't happen to anything else that requires a password.

 

 

 

It's not a keylogger. They have the output of the textboxes box sent to a database on the server of the scam site. Then, they read the data from that database at a later time and get the account info. No keylogging needed, it's just a standard verification routine (without the verifying, since everyone has a valid account according to their scripting, if that makes sense). It's quite easy to do actually, it's getting the look that's the hard part about scams like this.

 

 

 

Go perform a recovery, and make sure the link you are visiting is what it seems next time. Get WoT (Web of Trust) for FireFox, and/or McAfee SiteAdvisor (FF or IE). If you are in doubt, go to whee the link was mentioned, and copy it into the address bar manually. Sure, it takes a few seconds longer, but it's a sure way to stop redirect scams.

[hide=Funny Quotes]

So you sucker punched a kid in the back of the head? Good job.
What scares me is that you're like 10 years old.
-.- im not that freaking young
You were a couple years ago.
It's not racist if its true.
Hmm... I wonder how one goes about throwing someone out a window in a mystic fashion :-k

 

The mental image for that is freaking awesome.

[/hide]

- I dont need to "get a life." I'm a gamer - I have LOTS of lives!

Link to comment
Share on other sites
sloter

sloter

Posted
Posted
Then it could be a keylogger. And then he would want to do the above steps to make sure it doesn't happen to anything else that requires a password.

 

 

 

It's not a keylogger. They have the output of the textboxes box sent to a database on the server of the scam site. Then, they read the data from that database at a later time and get the account info. No keylogging needed, it's just a standard verification routine (without the verifying, since everyone has a valid account according to their scripting, if that makes sense). It's quite easy to do actually, it's getting the look that's the hard part about scams like this.

 

 

 

Go perform a recovery, and make sure the link you are visiting is what it seems next time. Get WoT (Web of Trust) for FireFox, and/or McAfee SiteAdvisor (FF or IE). If you are in doubt, go to whee the link was mentioned, and copy it into the address bar manually. Sure, it takes a few seconds longer, but it's a sure way to stop redirect scams.

 

How do you know it is being saved in a database and not a file or being emailed? :P

Link to comment
Share on other sites
urbestfreind

urbestfreind

Posted
Posted
How do you know it is being saved in a database and not a file or being emailed? :P

 

 

 

Same outcome, different method. It doesn't have to be a database, but that's what I would do. Not only do many e-mail providers cap the amount of e-mails that can be sent and recieved, but it's easier to use a database because you can store username, old password, new password, and new pin, and maybe items gained as an ego boost. E-mail wouldn't be too practical for all of this, especially if you got a hold of many accounts and needed to keep track of them all.

 

 

 

There are many ways to do this, I was just stating what I thought would be used. I don't actually know what the hacker(s) used, because I didn't take part in this...I have no interest in RuneScape anymore, I play WoW and Frets on Fire. Trade bans and membership running out came about at the same time, and I didn't want to renew it, and don't regret the decision.

[hide=Funny Quotes]

So you sucker punched a kid in the back of the head? Good job.
What scares me is that you're like 10 years old.
-.- im not that freaking young
You were a couple years ago.
It's not racist if its true.
Hmm... I wonder how one goes about throwing someone out a window in a mystic fashion :-k

 

The mental image for that is freaking awesome.

[/hide]

- I dont need to "get a life." I'm a gamer - I have LOTS of lives!

Link to comment
Share on other sites
sloter

sloter

Posted
Posted
How do you know it is being saved in a database and not a file or being emailed? :P

 

 

 

Same outcome, different method. It doesn't have to be a database, but that's what I would do. Not only do many e-mail providers cap the amount of e-mails that can be sent and recieved, but it's easier to use a database because you can store username, old password, new password, and new pin, and maybe items gained as an ego boost. E-mail wouldn't be too practical for all of this, especially if you got a hold of many accounts and needed to keep track of them all.

 

 

 

There are many ways to do this, I was just stating what I thought would be used. I don't actually know what the hacker(s) used, because I didn't take part in this...I have no interest in RuneScape anymore, I play WoW and Frets on Fire. Trade bans and membership running out came about at the same time, and I didn't want to renew it, and don't regret the decision.

 

I said a file too any how. I ways just being a pain in the [wagon] and trying to show you that a database is the only way to do it. Good job on quiting! :thumbsup:

Link to comment
Share on other sites
urbestfreind

urbestfreind

Posted
Posted
I said a file too any how. I ways just being a pain in the [wagon] and trying to show you that a database is the only way to do it. Good job on quiting! :thumbsup:

 

 

 

The only way? Hardly. The smartest and easiest way? I'd say yes, but then again I've never tried it, so I can't say for sure, but I really can't see e-mail being used in something like this, it's just too much work and things to keep track of in different places. If you were just focusing on like 1-3 people, then e-mail may be fine, but this was definitely meant to get a lot of people (and it appears at least 10 or so people were duped from the announcement).

 

 

 

Was that quitting part sarcasm? Or are you actually applauding me for quitting the game? I only included that because it may have seemed like because of my posts, I could have been responsible for this, but the last time I logged in to RS was 2 weeks ago to check the character creation screen for a project (I'm in game design at the tech center, and I have to do projects in English relating to my project)...Before that, I hadn't been logged in for over 100 days....and with Wrath of the Lich King now out, I doubt I'll ever want to return.

[hide=Funny Quotes]

So you sucker punched a kid in the back of the head? Good job.
What scares me is that you're like 10 years old.
-.- im not that freaking young
You were a couple years ago.
It's not racist if its true.
Hmm... I wonder how one goes about throwing someone out a window in a mystic fashion :-k

 

The mental image for that is freaking awesome.

[/hide]

- I dont need to "get a life." I'm a gamer - I have LOTS of lives!

Link to comment
Share on other sites
Caxis

Caxis

Posted
Posted
Then it could be a keylogger. And then he would want to do the above steps to make sure it doesn't happen to anything else that requires a password.

 

 

 

It's not a keylogger. They have the output of the textboxes box sent to a database on the server of the scam site. Then, they read the data from that database at a later time and get the account info. No keylogging needed, it's just a standard verification routine (without the verifying, since everyone has a valid account according to their scripting, if that makes sense). It's quite easy to do actually, it's getting the look that's the hard part about scams like this.

 

 

 

The proper term is phishing. A fake website designed to look like the real thing, but if you look closely at the actual web address, something is wrong. In this case, there was an extra r somewhere in the http://www.runescape.com address, and it linked to a fake forum log in page. If you entered in any information and logged in, it would redirect you to the real runescape forums, and steal your account details.

 

 

 

This is commonly used to steal paypal accounts, credit card information, and other important information. If you see a link, right click it and look at the properties. If it links to a different site than listed, it's a fake. Most of these links are made with the attempt to fool you by trying to look like the real thing, so make sure each letter is correct. Or just play it safe and not click on any links :P.

Link to comment
Share on other sites
Deathmath

Deathmath

Posted
Posted

Correct. What broswer do you use?

 

If you use firefox get WOT

 

Also I got a web bar warner that warns you for sites w/ similar names (ex. off by one letter) than common sites.

Thoroughly retired, may still write now and again

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept