Jump to content

Anyone hacked lately?


@Dan3HitU

Recommended Posts

Oddly enough, I checked my junk folder in my email and found one of those "it looks like you're trying to sell your runescape account" messages. The weird thing is, it's from five days before I renewed my membership. Meaning that these guys have been trying to get at my account in my year+ of inactivity. Startling to say the least.

Previously known as Monkeybeast0.

Walkman1022.jpeg

Link to comment
Share on other sites

  • Replies 141
  • Created
  • Last Reply

Top Posters In This Topic

Oddly enough, I checked my junk folder in my email and found one of those "it looks like you're trying to sell your runescape account" messages. The weird thing is, it's from five days before I renewed my membership. Meaning that these guys have been trying to get at my account in my year+ of inactivity. Startling to say the least.

 

I received the same message not three days ago, only it was on a noob account of mine I'd only made a couple of weeks ago as I was waiting for a succesful account recovery and wanted to explore the game after years of hiatus. Not sure what they would be gaining there. Also, that email address is only linked to that account (I don't use it for anything else), so not really sure how they sniffed it out.

 

Speaking of account recovery, I supplied one yesterday evening, and not even two hours later I recovered an account I originally made in 2004 by only supplying the approximate date the account was made (as in year, without months) and the country I'm from. That was it... No recoveries, no previous passwords, nothing. I'm a bit baffled at how easy that went. :mellow: The login screen did mention I last logged in some 2730-odd days ago ago, perhaps the fact the account had been idle for so long has something to do with it.

The Only Thing Necessary for the Triumph of Evil is for Good Men to do Nothing. (Edmund Burke)

Link to comment
Share on other sites

Everything that's said on this thread about the Appeal System is just speculation. Jagex keep it top secret so Hijackers can also only speculate on the best way to get accounts.

 

No doubt they have ways to decided how likely the appeal is to be from the owner of the account.

 

Then there's the time in takes to investigate each account considering they probably get a few thousand appeals a day. I sent an appeal in to test how secure my account was and got a response in less than a minute. Tell me of another customer service department that has that response time?

 

These guys are only human, they do the best they can with the tools and info they are given.

 

I'm sorry you got hijacked man, it happens. The question is, what are you going to do now?

-- 2001 Starter --

moki.png

Link to comment
Share on other sites

I sent an appeal in to test how secure my account was and got a response in less than a minute. Tell me of another customer service department that has that response time?

 

That would suggest a fully automated system which is not a good thing. I would rather wait a few days knowing that my submission is being looked over by a human and carefully considered than have a script process it within minutes.

Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Link to comment
Share on other sites

Imagine it like this:

 

90/100 details correct: Auto-accept.

60/100 details correct: Manual accept.

40/100 details correct: Manual deny.

20/100 details correct: Auto deny.

 

Put about half your details in and you'll find the email being delivered in 5 minutes or longer. Though they've sped up the process recently.

zuzmo.png

collio.png

[hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide]

Never gonna give you up.[/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide]

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

  • 2 weeks later...

Two fresh phishes arrived over the weekend, the first since the unfortunate events of last week.

 

#1:

 

X-Apparently-To:	 [obscured] via 209.191.91.167; Mon, 17 Oct 2011 07:26:49 -0700
Return-Path:	 <[email protected]>
X-YahooFilteredBulk:	 222.236.46.145
Received-SPF:	 none (domain of yahoo.com does not designate permitted sender hosts)
X-YMailISG:	 UFYnx70WLDtp.QjYOxxip79DQHl3gV1B7CNV6uSIBer0lg91 XGpSROTSFy6Em_6PnCYUZS2xjCdVHQQtqljSK0L9305QVsYy6hTwfJgsc9t9 g3x7lwHdI6_YHAnXd1PTujheG4gXeVgwH1_0wFBCMR7gCzsVHJMgtnvdyBCH UUcOxyR1byWVdodIaE0ARfTFdjrYQ3taeOSlmEWD_.JS7c.Hjzsf7ktsfby8 CphVyaIH1dcjk1jULr6bmh7NS7mrw9P7xGCcUPsclwg795mc7GUUFw9KLLxK bihqa0.xbl2CyjyEMt4Sq1uLDxbkYkI5yqXzocIN2kpubf19coNl1WpCT0fL 7K_jPKhN8SmIYn2l7V.trqyKeeiMOgWaZ46yr8WcyUbgpwmZOhK5Kpi3ct2q wlceqrdv6b04z.P0um.qNW2u54hOvPoc9arXHSU.Ly.vsXbti7ZHeGvaUy8. bNIHcg6LSS1Oiaz6HFk9veJisIRotlS5WK7569EPuR5U1fjybxD2PNj25n5Y OmmkafCucVu3gHTpCwg8UXalJfYKak2WzygEOqKPFDXCUHRR_VHYtQ.ZH8VW veYKWO.uXGoucRYzwCZTr8slfsO253QxV9thU7rzQOgqIMgU_gHrvUa7pwoe Zh4cJdU1Uc1IxWJmv5pHPaP2Xj4367I7eVo4dDYF_2O1x_cYWEuUcJTVVxNx _4afFboGQ4GBJsVXyU.YB9d4yAm6kDruHTbWV5IfPTzXIbz7XaPimKGn2CCR lJ_608bR54nruCXRyMyUA7xj0BCLw5dGCW.QC8joIZs_tePFe56pP.4mTF5w V2rHye3JBqP1D3NDRRydzEVtf9sG_fFz0Y9C25yHrzoCxU7OGhjnCYTq5zRg qSvvfMUOvFy0Zk5YH2Cz5JvdorD7XqmrFyU8ZM2iCn2LfEP.0TABi7kys0Bh zb1x4VfugTCfKOPJvBV2L6KM.XnDGCs7y3Sy.o8WWAU9ev4q9QXN5R.XJSO3 P5Yf_czG5h1T.8mJF3yBowC7FX6X_90c91BmWI7lSN4c9_YahaMaduDApohS T6iA3wKcqkm2N1dp.y287t9TFdfe_0x.PsHgZ6lIO4mBXWRMx_sDm6BgnC5L fXHuRe4Oc64O.j3Aisc5HnawcAQroK2c9O5_tfREz8Pm6GrSmSsKhkW.I8iU KqtgMHCD_CbXZf4IABFzPBoqxv2GKQcvi6Kd6xh_6F.jrRybOqMPbaDn7kEa .5AquOrWwubBwIQR3uGMug--
X-Originating-IP:	 [222.236.46.145]
Authentication-Results:	 mta171.mail.sp2.yahoo.com from=runescape.com; domainkeys=neutral (no sig); from=runescape.com; dkim=neutral (no sig)
Received:	 from 127.0.0.1 (EHLO orwd.net) (222.236.46.145) by mta171.mail.sp2.yahoo.com with SMTP; Mon, 17 Oct 2011 07:26:49 -0700
Message-ID:	 <[email protected]>
From:	 "RuneScape" <[email protected]>  Add sender to Contacts
To:	 [obscured]
Subject:	 RuneScape Account-Notice
Date:	 Mon, 17 Oct 2011 22:27:42 +0800
MIME-Version:	 1.0
Content-Type:	 multipart/alternative; boundary="----=_NextPart_000_0FDD_015F89E3.1F60EE20"
X-Priority:	 3
X-MSMail-Priority:	 Normal
X-Mailer:	 Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE:	 Produced By Microsoft MimeOLE V6.00.2900.5512
Content-Length:	 10438

 

WHOIS of the offending fake link: http://whois.domaintools.com/au.tc

Received from the ROK: http://www.ip2location.com/222.236.46.145

 

 

#2

X-Apparently-To:	 [obscured] via 209.191.91.168; Sun, 16 Oct 2011 14:05:39 -0700
Return-Path:	 <[email protected]>
X-YahooFilteredBulk:	 98.138.229.165
Received-SPF:	 none (domain of yahoo.com.br does not designate permitted sender hosts)
X-YMailISG:	 ClmglqkWLDvtCLXD9nDm4IXZ8iftTlcnbYbYv7QAueOx7nI2 mobBkdHmq_Y_tuBtbNe5bFBtU9DaE4nMtD16IGVG0yX2iyQl1y2NIQijpf6Q 5dF_6uxHy3DgTTjJVjg4CsfsVeyGlppWoOVzzhtdfL_VZJtDgKo98GrZ7V8b BSPPyqPnCiMC8TTb0ZZ10El3mSPvqvFJ7SZayZLE7Vzm6eTUJkow0AZ7ZJyA t4ESQrD8HIGooPWjGQsgk1NoK7BG7D0h7TWJvt.dZ0R8_YmjAky03Tc783TP PjJ6sTFRC1IM5RfQ6F0iXH9Y7_LZliafH5v1RhhpXYNd2WpMxygDfRPcjZ6W A.VeOSTObyS90Cva.x8iBIiK1ho3p1XD1cW6a6lDmUHw7t6eaP5Dy8T0JmoU U58iDny0PGrjQRPXPWAuWT5vqhKYqd0N7daNeRhxBx1QkxB1iZx8qMCRvJkH ylFbjAOyAs3Cesw8PF1rKwLvYTNof8ZL5I1szBEagYx_Y4S1wZZDfRovTJbL ZcgINt_ALUUQIgz9HzwYesijVt3j9KcLXw4cxVeMLBy3DSbZfCLNIWr5OaNd H3CEopHYzaT_hYIRqQuatsSCIRo_TRHvhCdQuhQDku6KLKcJ3JSWjCZmSlHU 03urTrQX7OPdNnXi8YQsQslifzWTyNEE1bTVoNfN5lXrizpe97By1wk2CWLm Zv_PcDhx_JruviQO8SHkpLvhdDpxpKhr6xsfDmgcAMF2TM6zTbxqFjZfBs9x wlz0XF2mE_2rHNnOWqcUlBUUutwcJ1ljgU_z.zupoWrppgp6h15phVyTC.VU a5PVQwt1sAb6.mnfFtSzjOsZLXDadkwzZzNhMaJkg_Ewi6IDLkUyxp2zxXzM N3I00v0v7Y8hnGpdjPhalDPIe7ztxKT_H5_x7mx8gvAYNHtRsuenM6mh4OYh APwSZ8RPe1dnNg.73t5XrDbFEZ_.9OspSHZ.JYaGo5ynYR_q9brXDWlUcuS0 Ckq4tuv7sqjEsvm62AfWoyhRh_kaNpNIPda0Utq5Tl0k9Q7kQD.WMYx4r7Kv iAY5GK9x6wnFX7wZIAKT2966jNtEXUKNhQ.6gwrDv1q4frxuecPy_IwSlWZ6 T45hSuRBgwQS6XOLaJxLNQ--
X-Originating-IP:	 [98.138.229.165]
Authentication-Results:	 mta1038.mail.mud.yahoo.com from=yahoo.com.br; domainkeys=neutral (no sig); from=yahoo.com.br; dkim=pass (ok)
Received:	 from 127.0.0.1 (HELO nm39-vm5.bullet.mail.ne1.yahoo.com) (98.138.229.165) by mta1038.mail.mud.yahoo.com with SMTP; Sun, 16 Oct 2011 14:05:39 -0700
Received:	 from [98.138.90.57] by nm39.bullet.mail.ne1.yahoo.com with NNFMP; 16 Oct 2011 21:05:36 -0000
Received:	 from [98.138.226.129] by tm10.bullet.mail.ne1.yahoo.com with NNFMP; 16 Oct 2011 21:05:36 -0000
Received:	 from [127.0.0.1] by smtp216.mail.ne1.yahoo.com with NNFMP; 16 Oct 2011 21:05:35 -0000
DKIM-Signature:	 v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.br; s=s1024; t=1318799135; bh=/hZfEiE6NLV86ByrrW3QW4U1K/1jBtqv4KrrN6RR3Y4=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Reply-To:Sender:Message-ID:From:To:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE; b=vD/tYzeM/WIKuEc5GynuTkB2F4eIB5RSVWW24huXrg4Fqhz6OzdzCWz6wUp24LxLuO5fvTNHiPi5hVqCqPwBHqMJx1DewmiEsLhwV8+z7iUG0ijY3z94Dwcg7oM2SmOUXQyqullMrF0POI3kus9ST+fwnXipj1Jw7S0zR5cEcBI=
X-Yahoo-Newman-Id:	 [email protected]
X-Yahoo-Newman-Property:	 ymail-3
X-YMail-OSG:	 ohIKnlgVM1kntjG1oAe8bdSuicDUMvPq11UBYDST1nlpTm9 y3kCLwlmA6qtPlMz1V5XBUaYnNUbIOVM4d__CWzqcxNlDMhd_IkMrg7MCdtQ IgTlIqkCEI1gn8xQyfvauRhd5JXZJDKtJk77ayujSPsTRYOdvpUK3waxtmKU cItBdLUxlGowPE7Es_6.VMNDowM2cpWjsLG2kkBtmebJcVVYTqAKbnNWNGmy 4gK5uFXZI8yTG6U4D1UFmIYx1jlNBHDSIjJtHUvBuAgqbCHpKBNSDyrzYI0o Rq8wJaiXFlJmSsORRAC.4B6uPb_uSaNdkKrjHwHg43slmIovmjHA5_acbyLf o49TmCItEE4gA2rbNlVLfoTCCjRge0HBc8ZezhjhLZoZQsu2tnsOcP2dhxie SnuCD8GEt1b7yM7iuCf_y85mxjI5ixxNiZK_ypX0J1lus4vXCqH3YkHfs.22 mwIrA32Pd0Ve6SR72ssXluS_9PhBycmd_qM1GYHwk5YhxpCnJU0UI42DVo9j Fvl7UouavEUT.zzQetBQKhncphG6fohnaRMN8.GB9.WM6_vLS4da7n1QZHJ3 3pe00OpSFS.0pSCiYXO_JVWyHKV6LPrD7w5BTGcwZIJM3JenwYdWehoKkoaw rb1fGYyQqZj2MLKF2Til6n_KUQFqebfqlkkzKzKvNy_HmFZ0MuU8bPlnmlJH n7327iowOpSxw6NtTn1p.Q6vM_I9.luh5dCXWW7Qtoe6WwZx16yrC3RTq
X-Yahoo-SMTP:	 18yDlhiswBABQzagoMaxlECyN_E-
Received:	 from hrdrtjmuz ([email protected] with login) by smtp216.mail.ne1.yahoo.com with SMTP; 16 Oct 2011 14:05:31 -0700 PDT
Reply-To:	 <[email protected]>
Sender:	 [email protected]
Message-ID:	 <C7DBF0A654B959F1CEE55ACF97759FE3@hrdrtjmuz>
From:	 "RuneScape" <[email protected]>  Add sender to Contacts
To:	 [obscured]
Subject:	 RuneScape Account-Notice
Date:	 Mon, 17 Oct 2011 05:05:28 +0800
MIME-Version:	 1.0
Content-Type:	 text/html; charset="utf-8"
Content-Transfer-Encoding:	 base64
X-Priority:	 3
X-MSMail-Priority:	 Normal
X-Mailer:	 Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE:	 Produced By Microsoft MimeOLE V6.00.2900.5512
Content-Length:	 11856

 

WHOIS of the offending fake link: http://whois.domaintools.com/jjlogin.com

Received from Liaoning Province, PRC : http://www.ip2location.com/119.116.42.220

 

EDIT - A third phish has already arrived

 

X-Apparently-To:	 [obscured] via 209.191.91.166; Mon, 17 Oct 2011 08:56:15 -0700
Return-Path:	 <[email protected]>
X-YahooFilteredBulk:	 98.139.212.174
Received-SPF:	 none (domain of yahoo.com does not designate permitted sender hosts)
X-YMailISG:	 xA6XuK8WLDvFpQnzziqeb4k_BUzuI4a8vePePV.tjotjPLLy eJFR1Qk1vj3es881EKnlDG6MjaGr_QIC9zeZnBvIzuAPSx56oG7JmUlDXPjA z_3hiXKZ3woElEDHUXgr7eh3.AjJLwU5dGz2z.6076QsySrxdf8jLlR0x1Pt ruGNnQNhqPD.9ljmQ68X0WCR2K50nMdan42RGpCy9AD272lJxhQ7HVC88FEA gBeS0CAVmcnwUpLtwtqhXBmyCQkaGkZ7qIOebq5bDrJD782tFbzqN.T6AE_M kHZPn015W8qs2CSBF483xt.wg2uoziD7smlXRULogUMnSqp_ZZsX12hI4e7o AdATqvLu8AWIm.txT7LUvD3FsOXVvqfHEqd2cgQZRrqMa8QRgz.Wz60xPuiJ 2GakCuI24YsvZYE1omPLIJiASOwuONEphxj9hsgYlKxokKOOc_LUzgWfsQlm QNFMnI_5k7vWYMyot4uhkieafgBy6nxkRSb6uhY4AHZ_dUeWdHHfO2fVXbRm Fv74mcTXB6R2pM5Ej.u6tDkvM6DVXbUY2HxSOL1qbF3PlJP5h7xAAa9ZZoSj MwLnEjeuyGeVVrGzZ1tMszAcWWCXodGxe1i9DHYhLKvVVQvSwsYDuYlvTbr7 pcaCpFhdirn.QRkyTQF.Ctk0j6zoBTElwYbo7xnPLCIwI4CmbopDYxfAZQP5 wbJ1DhvzkLBDEKRrn3RO65d6UKKriePDTYeDWTercPxhM7cOwVL5P.fAIe3b TBHoShTvS93d8A4OjWJxuWWpBSLr351UwgDVc1HNvAwlecrcZ_pXpG43iN.M Fmluar7hhhMde66YAuUFJshYzaera6iUGmmn8t2zSaFGsN2plFpmatZudETF 02wxNUFRTMttNYnv2ezoaCuAK_w1DOg5CfIPRzUuF30DyFSaUzt0xq6qtW5j oNq83ijFyUJCH3Rn6U5AjcbdOQNHCB91B2eOOMGiApi.rSXHkukh.8BYKVgd eCPixrJVRjP8r8bASOtDygiFE9xpZSxlTXhUo3Kit_D.S2wSQ7FkEfHdex4q p4x5L8Z58BlDDHuWiV.qzewZ74lAtmgdjVnMwjEx.NY7ia2tkzwgW97CCGN8 praP5roZWkntExWz0srGvkKu8BZeOUeuKKlZC2f6SBgt67xnu4VKFTklsSAZ egR5uWc6D8RtdzYj
X-Originating-IP:	 [98.139.212.174]
Authentication-Results:	 mta1061.mail.bf1.yahoo.com from=runescape.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok)
Received:	 from 127.0.0.1 (HELO nm15.bullet.mail.bf1.yahoo.com) (98.139.212.174) by mta1061.mail.bf1.yahoo.com with SMTP; Mon, 17 Oct 2011 08:56:15 -0700
Received:	 from [98.139.212.147] by nm15.bullet.mail.bf1.yahoo.com with NNFMP; 17 Oct 2011 15:56:14 -0000
Received:	 from [98.139.213.7] by tm4.bullet.mail.bf1.yahoo.com with NNFMP; 17 Oct 2011 15:56:14 -0000
Received:	 from [127.0.0.1] by smtp107.mail.bf1.yahoo.com with NNFMP; 17 Oct 2011 15:56:14 -0000
DKIM-Signature:	 v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1318866974; bh=+1pi56A3Evx0/q/WI9h1BYfgt5JhoT/pNNgqIafCDvs=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:From:To:Subject:Date:MIME-Version:Content-Type:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE; b=kel74ka7xrEOJqAMG5heIURgmlXVmACRZro9QIoIf5tUDxiK5KDdSPdtbAqrkp98vzpteeZoxRjGO/rxyY/aOPjTBWEnZDueqYGEqMw7pH00B/AH7jsU8WQ+sAiRUIrC/YF9U9JxGX3KbQkp31ryZYVVXr8pjleYCQsjpqE15RQ=
X-Yahoo-Newman-Id:	 [email protected]
X-Yahoo-Newman-Property:	 ymail-3
X-YMail-OSG:	 NC19KFIVM1lVW0x.1Q8OEdwpI3s3tJLDRLbqS4KMYs4bg98 4RL.5IXcGGWYj3SiLekbYVKZesLf2giSqrd4MkemNppiZQ5S7BsfNGx47Mgi _7HFs8v3Gy2Bg8fGupw2KXg1SbsM5Bh8miO8B65ey2yLddJzUu7Mr264BtVt G7obwNB2AWHYtCoJRehvml87AX.hanMhof0NmpiT5MamFr78eld3UCKR_.H5 AKvGj9ZV_utO81LC6CvqlIuOkNJuV54HglV1twqRhcCKox6HxrVMDWZdP9dR pi0HZZ_y77sogcUtoc_7bUH19jSi8pgnHKzgpLnBTGeRVEXFVOjoQQIx68tO DrLByXxTfLDOCPZnZwyXR6ixQzKgL7h1W19tqNFHJ5ZGJizrXqxt94MIKOkG 51shLIA1P_WUPa1kZapmE12WvdoDW_sWPhMemyxJ42abt4lcy7RJ53ZWmRMv Zn_ZGuTj0xrNlxNCUpFMHf9lY1IC_Dgqh6vT64nGAmik9wDtTNuZXKMRFiDz IOuM1S73e5VaZ1COkLismZA46VrAN85UsQtmqUcoRg2gDDvZSD0.QyMUooIw Ta3HBmihvs_g7u01RtpU619pbPj9qmJ6EGtaXvDDT730I2UuTtJfUv0UI1aT IMpwWRhNtG3a9f6arebZx.VpZ2p5n8Go1QsvPf.PD77cFiD1_jVuAeSqViQt lfj4m0Ryu1h_GlrHJ0YW7_JCQ0v2Tx4c-
X-Yahoo-SMTP:	 HI_ETmqswBC72mgOAY3bEuYdQNKB8i6QrxU-
Received:	 from mc ([email protected] with login) by smtp107.mail.bf1.yahoo.com with SMTP; 17 Oct 2011 08:56:14 -0700 PDT
Message-ID:	 <D6AAD94ECB30FD76B04014338B06D242@mc>
From:	 "RuneScape" <[email protected]>  Add sender to Contacts
To:	 [obscured]
Subject:	 RuneScape Account-Notice
Date:	 Mon, 17 Oct 2011 23:55:57 +0800
MIME-Version:	 1.0
Content-Type:	 multipart/alternative; boundary="----=_NextPart_000_0D1E_012A541E.17C8AC20"
X-Priority:	 3
X-MSMail-Priority:	 Normal
X-Mailer:	 Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE:	 Produced By Microsoft MimeOLE V6.00.2900.5512
Content-Length:	 10414

 

WHOIS of the offending fake link: http://whois.domaintools.com/co.cc

Received from the ROK : http://www.ip2location.com/218.145.31.62

 

So, WTF is Joseph Bourque?

PvP is not for me

In the 3rd Year of the Boycott
Real-world money saved since FT/W: Hundreds of Dollars
Real-world time saved since FT/W: Thousands of Hours

Link to comment
Share on other sites

I just got an email saying my account was suspended from real world trading. Of course, it's hard to believe it when it's sent to an email account which isn't attached to runescape whatsoever. I only use it for forums so perhaps the latest hacking events on fansites is making it's way to me.

 

Never really paid attention to how clever these things are, certainly looked legit saying it came from [email protected] but looking into it's properties gave it away.

 

Now doing a spyware check and then a virus scan just to make sure my main account isn't at risk.

Link to comment
Share on other sites

I just got an email saying my account was suspended from real world trading. Of course, it's hard to believe it when it's sent to an email account which isn't attached to runescape whatsoever. I only use it for forums so perhaps the latest hacking events on fansites is making it's way to me.

 

Never really paid attention to how clever these things are, certainly looked legit saying it came from [email protected] but looking into it's properties gave it away.

 

Now doing a spyware check and then a virus scan just to make sure my main account isn't at risk.

If you hover over the link in a decent web-browser you'll see the actual address it would show and not what it says in the email, exaple: runescapeb.com or something.

 

However, you could just click the link (they're safe as long as you don't enter your RuneScape details!) and you'll see you're not actually on the official RuneScape website.

 

Many websites are fake such as;

rvnescape

runescaqe

runescapeb

 

So on and so forth.

Link to comment
Share on other sites

Incredible miracle cure to prevent all fake Runescape spam e-mails:

 

Don't make your e-mail public, especially on any Runescape related forums.

trains2.png

[spoiler=I LOVE MY STATION]

 

01001001001001110110110100100000010101000111011101100101011011000111011001100101

00100000011000010110111001100100001000000111011101101000011000010111010000100000

0110100101110011001000000111010001101000011010010111001100111111

Link to comment
Share on other sites

Incredible miracle cure to prevent all fake Runescape spam e-mails:

 

Don't make your e-mail public, especially on any Runescape related forums.

 

Unless of course the email you used on a Runescape-related forum was obtained in a DB dump when the site was hacked.

Link to comment
Share on other sites

Unless of course the email you used on a Runescape-related forum was obtained in a DB dump when the site was hacked.

Yet I'm not receiving any scam mails on the address that was leaked.

ms_julie.png

jafjepediasig.jpg

 

 

angel2w.gif Tip.It Website Crew Leader

[hide=Quotes]

I love it how Jafje comes outa nowhere and answers my questions

Hehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us.

[/hide]

Link to comment
Share on other sites

Unless of course the email you used on a Runescape-related forum was obtained in a DB dump when the site was hacked.

Yet I'm not receiving any scam mails on the address that was leaked.

 

I've had some unusual new spam, no scams though and tbh my address is used wide enough it could be anything.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

Unless of course the email you used on a Runescape-related forum was obtained in a DB dump when the site was hacked.

Yet I'm not receiving any scam mails on the address that was leaked.

So far, neither am I.

 

f2punitedfcbanner_zpsf83da077.png

THE place for all free players to connect, hang out and talk about how awesome it is to be F2P.

So, Kaida is the real version of every fictional science-badass? That explains a lot, actually...

Link to comment
Share on other sites

This weeks phish:

 

X-Apparently-To:	 [obscured] via 209.191.91.163; Thu, 20 Oct 2011 18:27:33 -0700
Return-Path:	 <[email protected]>
X-YahooFilteredBulk:	 98.139.91.204
Received-SPF:	 none (domain of yahoo.com.my does not designate permitted sender hosts)
X-YMailISG:	 tVlmRLQWLDuAltHn5_yE3VxtbEa8wN2jltof9lQaBXDfKASS _fPKtPc_zJKVwRlPBWRk2D8RjbyCDZd1qZapl9DsegcyZfchfGx5y_3AFQzu N6UvK04.EIIeKsgymI8H9am_XNfgZi.e5OFf0qPbKDc0XOTGhidCmDfVL8Gk SNxjH5HgScsXjutR5Xap9Gu6uwBRtyoridRVKyJG_pqgVHv0EnL6gQcLPGRN HMxy0xa0pX3Cukbm6HCafhyRfP8T8Nc6uiLLqS9_OTUhpAP4lo5BjTIzHH_3 _mbviOnGt5RAPcflku0lXvGBl4Qhj9rO_od9t.yFz3zs9cqbRA3R7tFUYRFD yXT7C6UjHaukfwnohPsKPBa1J0dZOTyGxOpFYbs6w5O6ow23GfZBPVQJECCf xiGfN_7aRLcOpqi1wpNPpruXnmmDzCSTZZZIjwgs3regYwQtJ8sfQL1uc8vT 2E8gfNLxz0Vl_3mLxfdGqdfGl6mmVeYXG2ftW.8qd36XV4ZBrZgUhGQWKHg0 DdC4dUnoBGAb2psx6hjaOiiMD5lOsxDbFw9afDR4qh7ZYLe43Msbp7AMmiUV 2e2IRAKBP.lc.UEFM3T8ZibRkElnpwH1ypGVtycaBXAJ.aSa_H6t0C8Ut9Cz prQtW5maFO13BDiBYw_2vERiHq4XXHCdu972RY7KhNrgudI_RmSf3fksgM_e gJH7.I3wJKrkThBVx57bXI4EKQWL8WZlLAkdJfAfAxwAlgKmnSnF.FrqVcTv Ox.6ieMv7Sk6MysuFsfkMvxcb6FahvwpcIiwPPK7h82uhfv9DAxDESQ7aq1j JioqU59o294ZpNJHPLEqNWLu4krZJbYxaqCptFStFGg0pXVnH6eTxPQroLoV s1u.boRmd52IdG3vF44.2wJY1fms38heMkO3UDxFKHbmSZHgDcsYUI2Ie7ax lJt4kE4EUygnMi7ygLEcVaMWjiZNMmhdkOidEi_2RlaHxu3ZnstM8wnw_.1H EgvOZgSrfJGWM1d7tpETTdtOHTcHqEX0OOpXf9faBkb4pOiOinNiuR2kM1kt eSQW1K3NjzDZpg_hcndct2Mqxg0WrnbTdx1.xjG26dWEi2DeyqMJpNCL6dC0 lZhajLAN3a1AS906FvY_jcsI
X-Originating-IP:	 [98.139.91.204]
Authentication-Results:	 mta1241.mail.sk1.yahoo.com from=yahoo.com.my; domainkeys=neutral (no sig); from=yahoo.com.my; dkim=pass (ok)
Received:	 from 127.0.0.1 (HELO nm5-vm0.bullet.mail.sp2.yahoo.com) (98.139.91.204) by mta1241.mail.sk1.yahoo.com with SMTP; Thu, 20 Oct 2011 18:27:33 -0700
Received:	 from [98.139.91.68] by nm5.bullet.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 01:27:33 -0000
Received:	 from [208.71.42.190] by tm8.bullet.mail.sp2.yahoo.com with NNFMP; 21 Oct 2011 01:27:33 -0000
Received:	 from [127.0.0.1] by smtp201.mail.gq1.yahoo.com with NNFMP; 21 Oct 2011 01:27:33 -0000
DKIM-Signature:	 v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.my; s=s1024; t=1319160453; bh=0sXF1LxjmQ+gDiX0fnmHqOvLB/pv8crmOeWKjmg3w8U=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Reply-To:Sender:Message-ID:From:To:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE; b=VUwCq4PynZ/g2KHtPS6LwN65ucIJU6a+0u0145Sht89gAkyNGSy089WXuEUGyKQab217e99j/dKi75p6Mh7k5o26ul2lKYH1W/0ysWEjdmegvVlBn2zqBSzrT5VqozrM8kzgrtVGpQfOvtjiLANgBFGJ1M0SBRNhyTMqKApjJus=
X-Yahoo-Newman-Id:	 [email protected]
X-Yahoo-Newman-Property:	 ymail-3
X-YMail-OSG:	 234zHzQVM1kbgx6yF5O.4of_UWjxaAiACoRc6HvagDgOeZW p3.1m_u5PT54P.0qVtIFu6nflevo52SXjS4og9ta_TUz.rPhd3YN6FF8azos 3L.HpemFIYqmhylMxzs6SUuoERa8V_XAN5f1bmp22TXWSMYeC3GNTZnW5S1X IgKbxP9CZ3jtpAvVLrNz_PjAl0IbizgneLO1MYNKj2gtqJDOYcf1BRhiCj4. EDwedmi4UhjhQTCXI0RVtN7.gMbgmb_tgoeEOgWeWs7Ln0faxi2xGG2Te3X7 sJ7lWkI15bahtso3VNTcsNF6HfljZwkQat8ygt4vLDToOiXTVRp15Ac8hMwG c3qW_TMW31D6qj_kITPYB_.42US.O5xvatFbOS6Z3u32Fx5llHYSAxYqfS4K dd.thkCs3eXr.RkSbSDnwua1h1cWZVcYTbKd8exAVuq_wLYhD.kRV01ICsqS zfHZm8su6e2u8gup_c2hHKQt24VzRKquyeSK2UDVF.MwQw_OA5Pd8JmGGu0C 7TlzK2l3WXKJZtVsuGuT_WAOOM7Ie5R59rxD8fxARR6_PwFF8R4OrHPsjMyT EEPlo4NCDC4KRAxNAVGYMme5KSDgNd_CnGFXiLxwLjsnrpJr1K509w6VYrwW 17weLCIE6XKyuXFJN_dAUc3pSkSi682aausQLVURbKMGulVrH8Qn32bTMoaA PKhTIKujsX_XC_8ipptwMmT77gbthdbnpsquy4s_DU3WZlSZxDvCmg6vfldi qWAKcIgkKSfqESpQh.6FLGYA16dggDoaqisIIYtGlctqJMys1WMCMVg--
X-Yahoo-SMTP:	 Q5Rxh1iswBD5XAvyrqKfBXkt4KdbS2ZlJA--
Received:	 from wnjqb ([email protected] with login) by smtp201.mail.gq1.yahoo.com with SMTP; 20 Oct 2011 18:27:31 -0700 PDT
Reply-To:	 <[email protected]>
Sender:	 [email protected]
Message-ID:	 <1A812115A24B5B87D3E7077CD36694F2@wnjqb>
From:	 "RuneScape" <[email protected]>  Add sender to Contacts
To:	 [obscured]
Subject:	 RuneScape Account-Notice
Date:	 Fri, 21 Oct 2011 09:27:26 +0800
MIME-Version:	 1.0
Content-Type:	 text/html; charset="utf-8"
Content-Transfer-Encoding:	 base64
X-Priority:	 3
X-MSMail-Priority:	 Normal
X-Mailer:	 Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE:	 Produced By Microsoft MimeOLE V6.00.2900.5512
Content-Length:	 11856

 

WHOIS of the offending fake link: http://whois.domaintools.com/jylogin.com

Received from Liaoning PRC (posing as Yahoo): http://www.ip2location.com/60.17.189.88

PvP is not for me

In the 3rd Year of the Boycott
Real-world money saved since FT/W: Hundreds of Dollars
Real-world time saved since FT/W: Thousands of Hours

Link to comment
Share on other sites

I wish there was a system that actually disabled recovery attempts. So I don't have to fear that corner, why does anyone actually "looses" a password? - Don't you store important ones?

Never. I haven't written down a pass in years. Instead, I have a system for making my passes that makes sense for me, but wouldn't to anyone else. As long as I know when I made the pass, I can normally guess what it is in 2 or 3 tries. For really important stuff like RuneScape and my bank account, I have much more spectacular passes that are memorized through sheer repetition.

 

The only exception are my recoveries, which are kept on a memory stick somewhere.I have scrambled recoveries but I have to store them someplace because (a) I never use them, so I have no memory of what they are, and (b)none of them follow my normal pass technique. Their all total gibberish as far as I'm concerned.

 

Apparently I'm not much of a target anyway. I was able to get a jmod to check how often people try to recover my account a month back, and they don't have a single recovery for my account on file (which also means their records aren't complete, since I did forget my pass once after taking a long break). I was actually a tad bit disappointed that people don't try to hijack me, though I don't want to tempt the fates either.

 

One thing I am noticing is that it seems accounts that go inactive are a lot easier to recover, probably because they realized that people who take huge breaks are going to know dick all about their old account info. I'm not even sure I could make a successful recovery, though I do know my first pass (thank god I was using a good one back then, and I don't think I ever used that one here), and I can make a pretty good estimate on my account creation date (I think I can get it down to the month actually). I also keep records of my membership payments on the flash drive with my recoveries.

 

The email my main is registered to is known to like 5 people on this planet, myself included. It's tied to my phone, so I'll always get any notification of someone trying to change it within minutes, and it has a pass that I can't remember most of the time (which I have to deal with every time I get a new computer of phone), because the computer handles it.

Link to comment
Share on other sites

I wouldn't be surprised if a load of a botters suddenly found themselves hacked if the bots truly are gone, wouldn't put it past botting companies to just take as much as they can with all the passwords and even pins people enter into these bots.

Check it out, huge amount of effort has gone into this massive mod!

ODG6e0M.png

[hide=old sig]

newsig.png

[/hide]

Link to comment
Share on other sites

I was apparently hacked 2 months ago. so i realized when i checked my spam folder, and found a good old subscription has been paid for your runescape account. i had not accessed runescape for over a year since quitting at this point, nor any runescape related sites bar tip.it. . i recovered my account yesterday, set questions etc. today it's all been reverted, my account's been locked and i'm positive i can prove i'm the original owner of the account (i have the first and second billing information, which was all the time my account was ever a member before these last 2 months of hacked membership).

 

300 characters to prove it in is very little though. i can provide all sorts of information, clan chats i've been a regular in, original friends on friendslist, servers played on etc. i just hope that since not just one but 2 months of membership were bought that my stuff is still there.

 

they name of the person who paid for membership on my account was " brenda griesemer" I expect this to be the mother of my hacker, God how i'd love to get her email to tell her what's going on...

 

 

I've never broken rules, bought gold, etc. always had good software and recovery questions that make sense to me only. time will tell, what more can i do to protect my account, to avoid the hacker regaining access?

 

edit: apparently my appeal was denied because i couldn't answer my original recovery questions from 2004. the account remains locked. anyone know for how long? i did provide all the billing information etc. i don't understand jagex sometimes. who knows the credit-cardnumber of their subscription in 2006, but is not the owner of the account? tips of how to ensure i get my account back, i have 700+ unpublished screenshots. should i mail them to jagex HQ?

Link to comment
Share on other sites

I got an email telling that I was a known offender for engaging in RWTing, and should promptly log back into my account and send my details to a given email to prevent my account from being permanently banned.

 

It was talking about a World of Warcraft account. I have never played World of Warcraft in my life. Go figure.

~ W ~

 

sigzi.png

Link to comment
Share on other sites

if you went into any sites before you left and went to a website outside of rs that can clearly give them your password or you traded with someone you traded with before you took the time off its just have you took the time off if you get a guy that wanted to trade you for stuff he wanted to get rid of basiscally someone who has alot of money can put a hacking virus on one of his items and trade you it which can lead to hacking and removal from items and other stuff it was probably your last trade before you left for a while. just make sure you trust the person you trade and you are friends with

And make sure to unplug your modem at night or the bad guys can sneak in and steal your bank account kids!

Not if the computer's turned off. Lol.

 

Played since Jan 2006, haven't played for at least 6 months, just connected to check my account and everything is like it shoud. I guess my password and questions are secure. I have a 25 character long password containing letters, numbers and punctuation. That's what you need in a password to have it take days to break.

 

A password like "Password" is not secure.

Link to comment
Share on other sites

Played since Jan 2006, haven't played for at least 6 months, just connected to check my account and everything is like it shoud. I guess my password and questions are secure. I have a 25 character long password containing letters, numbers and punctuation. That's what you need in a password to have it take days to break.

 

My password was 21 characters long with numbers and letters mixed up, no way someone could have guessed it, maybe my recovery questions where "easy" to guess or find out though.

Link to comment
Share on other sites

In a recovery, they ask for:

Recovery Questions

Subscription details

- Zip Code

- Membership method

Previous passwords

Creation details

- Date of creation

- ISP's used

- Location of creation

 

Prior the Tip.It deface, the databases were already breached. I'm assuming they used the password you used here as one of your previous passwords, and only one is required to pass the previous password test. Of course, the more, the better, but really, one is enough. With the database, chances that they also got your IP, where they can pin down your location, and therefore your area's zip code.

 

Date of creation was pretty much obvious for you, as you've been semi-famous since RSC. Your location was given away at your profile, Location: England. Creation ISP would be searchable via Google. The only popular ISP that existed 10 years ago was BT Total Broadband, so hackers must've used that in the recovery.

 

With information like that already ready, an experienced hacker could just easily recover your account.

 

I might be making a fool of myself because all the information I have just gave MIGHT all be completely wrong.

zuzmo.png

collio.png

[hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide]

Never gonna give you up.[/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide]

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

You have no idea how vulnerable RuneScape accounts are. Ultimate way for a normal player to stay safe is to namechage twice, and hope none of your friends or anyone else remembers or knows your original login name.

 

Just saw this in page 2:

 

[...] They have Tip.It's database too.

Our database hasn't been leaked

 

No mods believed me. :P

zuzmo.png

collio.png

[hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide]

Never gonna give you up.[/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide]

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

After 2009 +- most hackers that succesfully hack hack with help from Jagex.

Especially if you pass is changed after the hack I guess also your hacker has had help from Jagex, this because I don't think the hacker has any reason to change your pass if he ever had it, because he doesn't care about the account anyway, just about the gp's and the stuff worth gp's on it.

If he didn't care about the gp's but about the account itself he probably would have changed the password, but then why removing the cash on it?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.