- RuneScape Wiki
Support - Phishing
- Support - Phishing
Protecting yourself from Phishing
You can drop by here any time, to find your one–stop–shop for all your Phishing questions. Take your time to have a browse through our information – more often than not, your answer is just a few clicks away - you’ll be wading back into the adventure again in no time!
If you are on a tight schedule then simply remember to perform the following checks on emails that are purporting to be from Jagex.
You can find more information about how to complete the above steps in the “what is phishing” section of the Wiki below.
Remember we will not contact you about your account being suspended, being in the danger zone, or that you are attempting to sell your account.
We have a video explaining Phishing here.
What is phishing?
Phishing is the illegal practice of tricking you into willingly handing out your personal information, such as passwords and account usernames. In the majority of “hijacking” cases a player would have received a legitimate looking email, which appeared to be from Jagex and directed them to a malicious website asking them to enter their account information.
How to spot phishing emails
Sender and Header Information
So you think you have an email from Jagex. Are you sure, 100%? Email addresses can be spoofed, meaning that it is possible to make an email appear that it was sent by Jagex, even if it wasn't. To make sure the email you are receiving is in fact from Jagex you can check the email header information.
The new header (source) will now read: (the asterisk are because the front string can change from email to email)
Received from: ******.bluehornet.com
The email addresses that we are currently using are:
These are the only two email addresses RuneScape will contact you via email from. Any other email addresses are not ours so please remember to always check the sender and add the above addresses to your address book so you don’t miss any important messages!
Remember: Email addresses can be spoofed so even if it looks correct be careful. If you're unsure - don't click on any links!
If you are registered for Jagex Account Guardian, please note these emails will come from email@example.com.
We now include your display name in all RuneScape emails for added peace of mind. If you have received an email you think is from us that doesn’t contain your display name, please forward it onto firstname.lastname@example.org and do not click on any links.
We have included instructions about how to do this for the more popular providers below. If your provider is not mentioned here please review the help documentation, which is available within the application, for more information.
When reading an email that appears to be from Jagex, check that it makes sense! We don’t want to make a bad impression, so when we contact you through email, we will always use the correct spelling and grammar. If it looks to be written by a 5 year old then don’t trust it.
Pretty much every phishing email you see will have a hyperlink which will direct you to a malicious version of the RuneScape website.
NEVER click on these links!
If you are unsure, you can hover over the link with your mouse and your browser will display the actual location of the URL at the bottom of your screen. If this address differs significantly from what is shown in the email, do not visit the site.
Jagex will not contact you...
As you all should know, if we need to contact you about your account for any reason, we will do so through the in-game Message Centre.
There are some occasions where we will want to reach out to you through your email address and when we do, I can promise we WILL NOT contact you about the following:
- Offering you Moderator status
- Verifying account details/requesting identity that you are the account owner
- Your account being suspended, muted or banned for any reason
- Your account being about to "receive an infraction"
- To recover your password (if you haven't requested it)
- Confirm a change of e-mail address if it was not requested
- Selling your RuneScape account, real world trading or that Jagex has a lawsuit against you
- Passwords expiring or being wrongly entered
- Account intrusion/unusual activity on your Account
- Eligibility for a free gift
On occasions we will send out details of offers we may have but we will ALWAYS have confirmation of these promotions/events on the homepage of our website, so check it out first.
If we send you an exclusive offer, we will always send a copy via your Message Centre so you know it is sent by a member of the team.
How to spot in-game phishing
Phishing can also occur in game. The most common example is a player impersonating a Jagex Mod or Player Mod. They might tell you that you have a “problem” with your account, or that you have been selected to become a Player Moderator. Remember if you are talking to a J Mod they will have the Gold crown in the chat window and their name will ALWAYS start with "Mod", if you are talking to a P Mod they will have a Silver crown.
You can find out more about Mods in the Moderators section of the wiki.
Malicious sites and downloads
Some scammers may just ask for your account information directly in game, others may ask you to visit an external website to enter your login details. These players are usually offering moderator status, free items, free Treasure Hunter keys, or require you to post on the forums to be a part of their clan. Be cautious of any sites that require you to download anything, if in doubt refuse the download and scan your computer instantly.
When asked to leave the official RuneScape page always be cautious, plus why would you want to leave anyway!
Do you think you have been phished?
Step 1. Scan your computer
Depending on the type of phishing website you’ve visited, you may need to scan your computer to ensure nothing nasty has been downloaded onto your machine. Make sure you have a combination of Antivirus, Anti spyware, Anti Rootkit and a Firewall. Most of this security software can be downloaded for free and can be found individually or bundled together as a package.
Step 2. Change your password
As you have just entered your password into a phishing site, and someone is going to try and use this information to log in to your account, you are probably going to want to change your password sharp-ish. Just remember to always scan your PC first, before you change your password.
Step 3. Report it
There are multiple agencies that you can report the phishing scam to, us included. For more information about this read on to “What can you do to help”.
What can you do to help?
To your browser
While I wouldn’t recommend visiting a phishing site to anyone, if you are already on the site then you can report it to your browser. They will use your report to block the site with a warning for anyone who tries to access it in future. Below is a table of how to do this with the most commonly used browsers. If your browser isn’t listed then please review the help documentation, which is available within the application, for more information.
Select the tool menu (cog icon) located on top right hand side of the page . Select Safety from the list of options and then Report unsafe wesbsite. A new window will open giving you the options to report the site as phishing, or that it contains malicious software. Select the box that applies and the language that is used on the website. For the report to go though you will also need to complete the CAPCHA at the bottom of the page. Once completed, submit the report.
To report phishing in Firefox you can use the user form which can be found at http://www.google.com/safebrowsing/report_phish/?tpl=mozilla
Chrome, Opera, Netscape and Safari
To report phishing in these browsers you can use the user form which can be found at http://www.google.com/safebrowsing/report_phish/
At the end of the day, you will have a pretty good idea of your favourite or most frequently visited websites. Why not save yourself the job of typing the URL in the address bar and just bookmark it. This way you will always know you are visiting the official website and you can use this method of reaching the site if you don’t trust any links sent to you.
Phishing filter, enabled
You may or may not be aware that your Internet browser does offer a built in phishing filter which will let you know you are about to visit a malicious site. Usually this is automatically enabled, but if you want to learn how to enable the filter or think you might have it turned off, take a look at the instructions below.
- Select the tool menu (cog icon) located on top right hand side of the page
- Select Safety from the list of options and then "Turn on SmartScreen Filter"
- Click on Options > Options
- Choose the Security tab
- Check "Warn me when sites try to install add-ons", "Block reported attack sites" and "Block reorted web forgeries"
- Click the spanner (or wrench) icon in the top right of your browser
- Choose Options
- from the options menu at the left of the window choose Under the HOod and check "Enable phishing and malware protection"
- Click on: Settings > Preferences > Advanced > Security
- Check “Enable Fraud and Malware Protection”
Make sure you visit the official RuneScape forums for the latest news on phishing. When we are aware of a new bout of malicious emails going round to our players, we will let you know here. You can also keep an eye out for any News posts about general account security and for any updates to the Wiki as well as our Phishing Information page. The more you know the safer you will be!
|Game Guide||Support Centre|
|All you need to know, and more, about the game world. How to get started and how to develop your character.||Need help with your account? Perhaps the game won't run for you? Help can be found here.|
|Scribbles & Sketches||The Community Hub|
|Artwork, fan fiction and arts and crafts are found in this section.||Confused by templates or want to contribute but not sure what to do? Check here for details on the RuneScape Wiki editing community.|
Report a wiki page
If you have identified content on the wiki that breaches the wiki policies or RuneScape rules it is possible for you to resolve this by editing/updating the content.
However if you feel that a user has seriously breached our rules or editing policy and this requires urgent attention from a member of staff, then please specify the issue from the below categories: