[WIP] The Most Extensive Runescape & Email Security Guide

[Piu]

Introduction/Background

 

Hi, I'm Piu. Some here know me, most here however do not. I used to be a e-mail hacker, back in 2008, and let me tell you,

your RuneScape account and email account are both more vulnerable than you think it is

. Until in 2010, I've got myself into some legal troubles, and had to stop my online theft. By composing this guide and sharing my knowledge as an ex-hacker with everyone else here in TIF, I hope to pay off for the things I did to the online community many years ago.

 

What you can expect in this guide you will find almost no other site. I won't be here to tell you what phishing links are, and what they do, and what you should do when dealt with one. I expect readers of this guide to minimally know their security basics.

 

E-mail Security:

 

In this section I will be covering on how to keep your e-mail safe, for people using Gmail, Hotmail and Yahoo.

 

Usually there are 3 ways to recover/break in an email account:

1. "Send my password to secondary email"
   
   
2. Security Question
   
   
3. Customer Support
   
   

 

In my experience in hacking, Hotmail accounts are the most vulnerable and have terrible account security and a flawed recovery system. As such, I will be using Hotmail as an example throughout the guide.

 

"Email me a reset link"

 

Usually when trying to break in an account, this method would seem obsolete to hackers. But how this can turn into their favor is that

they will get to know your secondary email

. Before sending the confirmation mail, Hotmail/Yahoo will show you a partially censored email of the one they are sending the confirmation mail to. So if my secondary email is

[email protected]

, it would show as

Pi******@Hotmail.com

. Usually people use the same username logins for different domain emails, so it's pretty easy to guess based on the first 2 characters.

 

What this means is that if the hacker fails to break in the primary email, he has a secondary email to break into. In my experience, secondary emails are dormant and rarely logged into, as such, the recovery process and details required is much less compared to an active email account.

 

What you should do:

- Create different usernames for your secondary and primary account. (e.g. [email protected] & [email protected])

- Log in your secondary email account frequently, or at least once in awhile.

 

 

Security Question:

 

Hotmail and Yahoo tend to have stupid guessable questions as their security questions. People in real life with malintents would easily break into your email account if your security question isn't guarded correctly. I won't be here to give tips and such to have to a strong security questions. Instead, I'm telling you -

verify your phone with your email domain

.

 

On Hotmail, this can be done by clicking on "Options" on the top-right corner of the screen, and scrolling down to "SMS." Now, what this does is that in the recovery system, if you have a phone linked to your email account, the security question option for recovering an account would instead be replaced by a "Send a code to my mobile phone" as shown below.

 

That way, hackers don't even have a single chance in infinity to crack your account with the second option.

 

Customer Support:

 

This is one of the most favored method of breaking in an account by many hackers, due to the flawed recovery system of Hotmail and Yahoo accounts. When someone chooses to recover an account via the customer support option, they will be faced with this page

http://img834.imageshack.us/img834/9621/watpy.png

(Image is quite large, so I decide to leave it in a link)

 

As you can see, simple things such as your first and last names, birth date, country & region and previously sent emails are included in the recovery system. These information are easily social engineered and researched on certain websites (which I will not name), even if the person does not know you in real life.

 

What you should do:

I wouldn't recommend anyone to put in their actual birth date and full name for their email addresses. These can be changed by clicking on "Profile" on the drop down menu on the top right corner (hotmail). Also, do not reply emails sent by people whom you are not familiar with, as the reply message and recipient's email can be used in the recovery process.

 

Other security measures:*IMPORTANT*

 

1.

Search for the word "Password"

in your e-mail search box. Delete any emails that contain passwords which you used to sign up for other things, i.e. YouTube, Groupon, Blogger etc. In my experience, these passwords people use are either 1. Their current RuneScape password or 2. A previous password they used. Even if it's a previous password, you run the risk of your RuneScape account being recovered. You'd be surprised how many emails that contain passwords in your inbox.

 

2.

Search for the word "Jagex"

in your e-mail search box. You will find either of the two:

• Loyalty points
  
  
• Billing information
  
  

Delete all the emails related to the above. Loyalty point mails include your display name

at that current time

, which is crucial information that can be used to recover your RS account. Billing information emails contain the full information of your membership purchases, from date of subscription to the transaction ID code. This is

very, and I emphasize VERY

vital in a recovery process, holding up to 15-20 of the 60 points required to pass a account recovery.

 

WORK IN PROGRESS

[Piu]

I'll be heading out for an hour or two. I'll be back to complete this.

 

I realized that there is twice is much security info the community needs to know compared to email security, many that I've never seen mentioned before.