Forums

Account looted

Quick find code: 408-409-964-66107059

of 2
Conqie
May Member 2019

Conqie

Posts: 55Iron Posts by user Forum Profile RuneMetrics Profile
Hello fellow scapers

Over 3 days ago my account got hijacked resulting in loss of all items. I have since then not played for a single minute to keep data showing the attack from being overflowed by own data I would create to try and recover. The loss is around 1b gp including a santa hat I am the first owner off.

Iím a returning player after 5 years of break. I did not even know you could activate 2FA. I use that all day and heavily use a paid password manager.

I have an active paid subscription to an up-to-date anti-virus, which scans incomming traffic. I have a paid firewall system and a paid anti-malware system.

After clicking on a link below a YouTube movie (using my phone) i got redirected to a phishing website (which is extra hard to see the url on a mobile phone). I there entered my password and username.

Then suddenly my internet connection of my pc drops, no anti-virus warning, no malware detected, no firewall alerts. I immediatly knew what was happening but I did not know how to boot/lock, how even could you know that after 5 years in activity. Upon logging in my account was looted. Most emotionally attached items I lost was the santa hat and 175k incandescense energy I collected myself in a rush to 99 divination.

How can someone log you out of your active playing connection without being nearby and with all those active up-to-date software in place? Just bad luck?
What else can I do to never have that problem again? (I now have new passwords, activated 2fa). The only thing I can still do is using a VPN i guess?

Arenít rare items easier to track? If they would only spend some resources on the one santa, I would allready be a happy man, all other things I can go without.

Should I start playing again resulting in interferring with the data trail the hijackers left behind? I quit playing so I would not compromise the data.

Thank you for guidance.

23-Jun-2019 08:52:20

333333333

333333333

Posts: 26,320Sapphire Posts by user Forum Profile RuneMetrics Profile
First off, you entered the phishing website, it also gave away your IP!
Next, you gave away your account details there! Upon entering, it may also included a trojan which the hacker gained control of your computer and account! Antivirus didn't recognize because it essentially happened on your own computer from the hacker's side via a trojan!
You can also follow this guide for more info!
My goals and achievements on F2P accounts! ---> Thread! <---

23-Jun-2019 09:32:59

Malua
May Member 2006

Malua

Posts: 32,219Sapphire Posts by user Forum Profile RuneMetrics Profile
Conqie


Have you reported the incident to Jagex?
Report by email to: tipoff@jagex.com

You can continue playing your account. Jagex will be able to see the activity of the other day as long as you report within sixty days.

"How can someone log you out of your active playing connection without being nearby and with all those active up-to-date software in place? Just bad luck?"
No, not bad luck.
We don't do technical explanations in this forum about how to gain unauthorized access to another players account but Samora Kiba posted the closest you will get to an explanation in the other thread you posted in.

"What else can I do to never have that problem again?"
You were being offered something enticing which made you want to click on the link.
Don't be so trusting.
Be suspicious of any freebie type offers.
Forum Community Helper -
Information about the Community Helper Team

23-Jun-2019 09:33:15 - Last edited on 23-Jun-2019 09:34:08 by Malua

Conqie
May Member 2019

Conqie

Posts: 55Iron Posts by user Forum Profile RuneMetrics Profile
I did file a report.
Its good to know its safe to continu playing without compromising the data or making it harder to backtrace some things.

For future reference, this is what tricked me, do not get tricked the same way:

1) I was crafting battlestaves at GE varrock
2) A player was spamming the chat saying he did a giveaway of items, i saw that happening before and always ignored it
3) Another player (now i think they belong together) asked me if the giveaway was real, this player is the one who really tricked me into an investigation
4) I told the player who asked if the giveaway was legit I was going to check it out for him. I took my mobile phone and went investigating if it is legit or not
5) I couldnít find the advertised youtube account very fast, but finally found it. It contained a video saying to leave your runescape name behind on the forum, not the youtube account, the link was a shortened link (a tinyurl).
6) I clicked the link, it brought my to the runescape forums...allthough it looked like that, the url started right but he full url is not right away visible in a phones addressbar
7) The thread on that fake forum showed the giveaway with right below it a (fake) mod confirmation of the legit giveaway by only leaving your rs name behind below the thread.
8) Allready many entered there name, so I thought, he thread contained multiple names
9) I thought...nothing can happen by just leaving your name behind so in the reply box I entered my name
10) I pressed the ďPostĒ button, then I got to the forums loginscreen because I was a guest user and not logged in to reply. So then the biggest mistake happened, I entered my credentials...still thinking I did nothing wrong...i really thought i wasnt getting tricked at that moment, i checked the url...but not far enough
11) I logged in, it said loading forum (a spinner showed, which looked legit as well)
12) 30 sec later, account emptied

23-Jun-2019 11:28:29

ToP†BaSS
Apr Member 2009

ToP†BaSS

Posts: 17,691Opal Posts by user Forum Profile RuneMetrics Profile
Conqie said:
I there entered my password and username.

Sorry to be blunt but you breached your T&C user agreement at this point.

Your account and license
You agree to keep your password safe at all times and not to disclose it to any other person. You are responsible for the activities of all persons who use your password to gain access to your account.


No mention of you having either Authenticator or a Bank Pin. Any items are not replaceable by Jagex as they may have been legitimately purchased by someone else.

Change ALL of your account security details including your email.

23-Jun-2019 12:24:15

Conqie
May Member 2019

Conqie

Posts: 55Iron Posts by user Forum Profile RuneMetrics Profile
ToP†BaSS said:
Conqie said:
I there entered my password and username.

Sorry to be blunt but you breached your T&C user agreement at this point.

Your account and license
You agree to keep your password safe at all times and not to disclose it to any other person. You are responsible for the activities of all persons who use your password to gain access to your account.


No mention of you having either Authenticator or a Bank Pin.


You are not being blunt, I do get what you say. But I do not feel Iíve broken the T&C. If youíre on a website looking identical to this one with only a small difference in the URI only noticable of you view the entire link (hard on first sight on a mobile phone where you only see the very first part of the link), then this cannot be called delibiratly breaking the T&C. This is being tricked into breaking it without knowing you do so.

I also did mention authenticator in my first post. I talked about 2fa (two factor authentication). I did not know that I could set up two factor authentication until I logged on to my account because I was looking around where messages from Jagex are sent to regarding the hack, then I saw you could enable it there...which I did offcourse.
Bank PIN is a new concept as well, that wasnít set up, setting it up should be obligated before continuing play.

I recommend to create an island like tutorial island but to learn the account protection features. Perhaps you get that info upon starting a new account, but my account is over 17 years old. I havenít played around 5 years. Those security features are all new and unknown to me.

I suggest not having to use the same credentials for the website as well as the game. If I couldíve done just that, i wouldíve not been hijacked. Without needing to create a seperate account because I want to see my messages and membership on the site.

24-Jun-2019 08:42:06

Malua
May Member 2006

Malua

Posts: 32,219Sapphire Posts by user Forum Profile RuneMetrics Profile
Jagex introduced the Bank PIN into Runescape in 2005.
Authenticator was introduced in 2014.

You might have been unaware of Authenticator but you cannot claim to have had no knowledge of the Bank PIN feature.

I will say though that the hijacker used the one guaranteed method that passes right by Authenticator and Bank PIN. It didn't matter if you had them or not with this particular hijack method.
The key is to be vigilant and suspicious while using the internet - Jagex cannot protect a player from their own unsafe usage of the internet.
Remember, you were not here on the Runescape website, you were on another website and Jagex cannot protect you while you are using other websites.
Forum Community Helper -
Information about the Community Helper Team

24-Jun-2019 09:10:07

ToP†BaSS
Apr Member 2009

ToP†BaSS

Posts: 17,691Opal Posts by user Forum Profile RuneMetrics Profile
Conqie said:
But I do not feel Iíve broken the T&C.


ToP†BaSS said:
Conqie said:
I there entered my password and username.

Sorry to be blunt but you breached your T&C user agreement at this point.

Your account and license
You agree to keep your password safe at all times and not to disclose it to any other person. You are responsible for the activities of all persons who use your password to gain access to your account.


At the risk of labouring the point this is not about what you 'feel'. You did reveal your password, it is up to everybody to make themselves aware of account security and not partake of any poor internet and RS account practices. The blame rests squarely, as agreed, on anyone who can not fulfil that.

24-Jun-2019 12:01:07

Samora†Kiba
Jan Member 2008

Samora†Kiba

Posts: 7,951Rune Posts by user Forum Profile RuneMetrics Profile
Conqie said:
I recommend to create an island like tutorial island but to learn the account protection features. Perhaps you get that info upon starting a new account, but my account is over 17 years old. I havenít played around 5 years. Those security features are all new and unknown to me.

Do you mean something like the Stronghold of Security, which is F2P and was released in 2006? It consists of 4 levels, each with a reward chest that requires you to answer 3 questions about account security, including bank pins and not clicking silly things.

Next to that, in your PoH and all general stores you can find a security book. It covers authenticator and password tips. While we're at it: If you log in and you don't have authenticator enabled, you will see a warning sign in the top right of the lobby window.
In the top right corner of this very page, you can also click 'Support' and look up fake websites, which includes tips on how to prevent e.g. your phish.
Since 2015 Jagex makes an annual event in October to reward players for answering security related questions.

There is only so much Jagex can do. They offer information, rewards, security barriers, tips and support, but if a player is simply not being security-minded, they are still likely to get hijacked. Going to third-party websites based on strangers advertising it in game, clicking shortened links in said website and lastly, entering your login info without checking the site address.... You can't just pin this one on Jagex for not forcing Auth / bank pins on you. Even before bank pins, security minded players would recognize this as a very bad idea.

Sadly, in some cases players simply don't mind their online security until it is too late. This would be such an example.
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

24-Jun-2019 13:24:56

Conqie
May Member 2019

Conqie

Posts: 55Iron Posts by user Forum Profile RuneMetrics Profile
@malua, Yes it is possible not to know. Maybe I have witnessend the release of the bank PIN, maybe not, i do not remember.

@samora, you give usefull information there about the stronghold and stores and stuff. This shows perfectly that returning players should be treated as new players. Yes i must have known about the stronghold, but then again I didnt play for a long time. Iíve quit playing a while before divination was released, I got triggered by a friend saying a new skill was being released and got 99 dIv short after its release and then quit playing again untill now. When was stronghold released? I do not remember nor how it works or what it does. I just skill.

About the fact you now seem to insinuate I donít mind about online security. That statement you are very wrong about. You assume that because I made a mistake on this game account. On my work and at home and even with friends Iím the most heavy user of a password manager having unique passwords for all websites. Relying heavily on 2FA as well using authenticator and yubikey. I would not say I donít mind about online security and privacy. I think iím above average on that part :-P.

Anyway, this thread can be closed, my initial questions have been answered. I tried to give info about how It happend to warn other users (just helping), i tried giving solution for future prevention. But just trying to prevent and giving solutions seems to result in being called insecure or being told itís my fault or being told I should know about a bank PIN 14 years after its release? Pls mod, do close this thread without further conclusions, Thank you for moderating.

25-Jun-2019 21:28:14 - Last edited on 25-Jun-2019 21:32:20 by Conqie

Quick find code: 408-409-964-66107059Back to Top