RuneScape Wiki

jagexCertified

Phishing

Protecting yourself from Phishing

You can drop by here any time, to find your one–stop–shop for all your Phishing questions. Take your time to have a browse through our information – more often than not, your answer is just a few clicks away - you’ll be wading back into the adventure again in no time!

If you are on a tight schedule then simply remember to perform the following checks on emails that are purporting to be from Jagex.

Check the email header information
Check the hyperlinks before you click on them
Check the spelling and grammar

You can find more information about how to complete the above steps in the “what is phishing” section of the Wiki below.

Remember we will not contact you about your account being suspended, being in the danger zone, or that you are attempting to sell your account.

We have a video explaining Phishing here

What is phishing

What is it used for?

Phishing is the illegal practice of tricking you into willingly handing out your personal information, such as passwords and account usernames. In the majority of “hijacking” cases a player would have received a legitimate looking email, which appeared to be from Jagex and directed them to a malicious website asking them to enter their account information.

How to spot phishing emails

Sender and header information

E-mail content

Hyperlinks

What we will not contact you about

As you all should know, if we need to contact you about your account for any reason, we will do so through the in-game Message Centre.

There are some occasions where we will want to reach out to you through your email address and when we do, I can promise we WILL NOT contact you about the following:

Your account being on the hiiiighwaaaay tooooo the “Danger Zone”
Your account being suspended for any reason
Selling your RuneScape account

Recently we have started to send promotional emails such as 14 day membership trials and beta invites for the Evolution of Combat, so I won’t say we will never contact you about this, but we will ALWAYS have confirmation of these promotions/events on the homepage of our website, so check it out first.

How to spot in-game phishing

Chat

Malicious sites and downloads

Take the phishing quiz

Below are 4 example e-mails. One of them is a real e-mail sent by Jagex, the other three are phishing emails.

Can you spot the real one?

Click on the example text to see a larger version (click again to hide it)

Once you've studied each example, you can choose whether you think it is a real e-mail, or a fake and the answer will be displayed. Simply click your choice again to hide the answer so that you can look at the next one.

Click here to expand the below example	Click here to expand the below example	Click here to expand the below example	Click here to expand the below example

RealFake

RealFake

RealFake

RealFake

Example 4

Correct! This one's fake!

Although it might look like it this isn’t one of our emails. It's a phishing email designed to steal your RuneScape account.

Here are the clues to look out for:

*Clues*
1. All Beta invites will include the display name of the account, this one doesn't.
2. You cannot view the email online
3. If you could see the actual email, you'd notice that the "claim your spot" button doesn't lead to the official RuneScape website.
4. In real Jagex emails the email address in the "please add us to your address book" section is a link, it isn't in this mail.

If you get an email and you’re unsure whether it’s from us or not try hovering your mouse over the link to display the real URL that it’s actually linking to. Any of our links should start with either email.runescape.com/ or secure.runescape.com/. If the link contains runescape.com.xyz/ then it will not link to our website.

Example 4

This one's fake!

Although it might look like it this isn’t one of our emails. It's a phishing email designed to steal your RuneScape account.

Here are the clues to look out for:

*Clues*
1. All Beta invites will include the display name of the account, this one doesn't.
2. You cannot view the email online
3. If you could see the actual email, you'd notice that the "claim your spot" button doesn't lead to the official RuneScape website.
4. In real Jagex emails the email address in the "please add us to your address book" section is a link, it isn't in this mail.

If you get an email and you’re unsure whether it’s from us or not try hovering your mouse over the link to display the real URL that it’s actually linking to. Any of our links should start with either email.runescape.com/ or secure.runescape.com/. If the link contains runescape.com.xyz/ then it will not link to our website.

Example 3

Correct! This one's fake!

Although it might look like it this isn’t one of our emails. It's a phishing email designed to steal your RuneScape account.

Here are the clues to look out for:

*Clues*
1. It doesn’t contain the display name of the account the email relates to. We're not currently offering free spins but if we were and e-mails would be addressed to your display name.
2. Some of the links at the very bottom of the email are also yellow rather than blue, specifically the ones for the privacy policy. These links will almost certainly lead to the correct pages, even in a phishing email, but they will be blue if the email is from us.
3. Bear in mind that if you receive an email with an offer that appears too good to be true then that might just be the case. Try checking our official website to see if the offer is announced in a news post.

If you get an email and you’re unsure whether it’s from us or not try hovering your mouse over the link to display the real URL that it’s actually linking to. Any of our links should start with either email.runescape.com/ or secure.runescape.com/. If the link contains runescape.com.xyz/ then it will not link to our website.

Example 3

This one's fake!

Although it might look like it this isn’t one of our emails. It's a phishing email designed to steal your RuneScape account.

Here are the clues to look out for:

*Clues*
1. It doesn’t contain the display name of the account the email relates to. We're not currently offering free spins but if we were and e-mails would be addressed to your display name.
2. Bear in mind that if you receive an email with an offer that appears too good to be true then that might just be the case. Try checking our official website to see if the offer is announced in a news post.

If you get an email and you’re unsure whether it’s from us or not try hovering your mouse over the link to display the real URL that it’s actually linking to. Any of our links should start with either email.runescape.com/ or secure.runescape.com/. If the link contains runescape.com.xyz/ then it will not link to our website.

Example 1

Correct! This ones fake!

Although it might look like it this isn’t one of our emails. It's a phishing email designed to steal your RuneScape account.

Here are the clues to look out for:

*Clues*
1. The logo at the top of the email is our old one.
2. The email relates to offences on an account. We would never email you about this. Remember all messages to do with offences will be sent to your inbox.
3. There is no option available to view the message online
4. There is no display name included. This is not always enough on its own to prove that a mail is phishing but when combined with the other clues it's a clincher.

If you get an email and you’re unsure whether it’s from us or not try hovering your mouse over the link to display the real URL that it’s actually linking to. Any of our links should start with either email.runescape.com/ or secure.runescape.com/. If the link contains runescape.com.xyz/ then it will not link to our website.

Example 1

This one's fake!

Although it might look like it, this isn’t one of our emails. It's a phishing email designed to steal your RuneScape account.

Here are the clues to look out for:

*Clues*
1. The logo at the top of the email is our old one.
2. The email relates to offences on an account. We would never email you about this. Remember all messages to do with offences will be sent to your inbox.
3. There is no option available to view the message online
4. There is no display name included. This is not always enough on its own to prove that a mail is phishing but when combined with the other clues it's a clincher.

If you get an email and you’re unsure whether it’s from us or not try hovering your mouse over the link to display the real URL that it’s actually linking to. Any of our links should start with either email.runescape.com/ or secure.runescape.com/. If the link contains runescape.com.xyz/ then it will not link to our website.

Do you think you have been phished?

Step 1: Scan your computer

Depending on the type of phishing website you’ve visited, you may need to scan your computer to ensure nothing nasty has been downloaded onto your machine. Make sure you have a combination of Antivirus, Anti spyware, Anti Rootkit and a Firewall. Most of this security software can be downloaded for free and can be found individually or bundled together as a package.

Step 2: Change your password

As you have just entered your password into a phishing site, and someone is going to try and use this information to log in to your account, you are probably going to want to change your password sharp-ish. Just remember to always scan your PC first, before you change your password.

Step 3: Report it

There are multiple agencies that you can report the phishing scam to, us included. For more information about this read on to “What can you do to help”.

What can you do to help?

Report phishing

To your Web browser

To your e-mail provider

To PhishTank

To us

Bookmark us

At the end of the day, you will have a pretty good idea of your favourite or most frequently visited websites. Why not save yourself the job of typing the URL in the address bar and just bookmark it. This way you will always know you are visiting the official website and you can use this method of reaching the site if you don’t trust any links sent to you.

Phishing filter, enabled!

You may or may not be aware that your Internet browser does offer a built in phishing filter which will let you know you are about to visit a malicious site. Usually this is automatically enabled, but if you want to learn how to enable the filter or think you might have it turned off, take a look at the instructions below.

Web Browser	Method
Internet Explorer	Select the tool menu (cog icon) located on top right hand side of the page. Select Safety from the list of options and then "Turn on SmartScreen Filter".
Firefox	Click on Options > Options Choose the Security tab Check "Warn me when sites try to install add-ons", "Block reported attack sites" and "Block reorted web forgeries"
Chrome	Click the spanner (or wrench) icon in the top right of your browser Choose Options from the options menu at the left of the window choose Under the HOod and check "Enable phishing and malware protection"
Opera	Click on: Settings > Preferences > Advanced > Security Check “Enable Fraud and Malware Protection”.

Keep informed

Make sure you visit the official RuneScape forums for the latest news on phishing. When we are aware of a new bout of malicious emails going round to our players, we will let you know here. You can also keep an eye out for any News posts about general account security and for any updates to the Wiki as well as our Phishing Information page. The more you know the safer you will be!

Can't find what you're looking for?

You can contact us around the clock, for in-depth knowledge and advice from our Account Help Team.

Simply head on over to Account Help Contact Us to get started.

Account Security

Advice	Basic Account Security • Scamming Methods • Phishing • Security Tips • Account Security F.A.Q
Trouble Shooting	An intruder has been on my account

Direct Support

Customer Support Forums

Safety & Security

Customer Support

	RuneScape Wiki
Game Guide All you need to know, and more, about the game world. How to get started and how to develop your character. Support Centre Need help with your account? Perhaps the game won't run for you? Help can be found here. Scribbles & Sketches Artwork, fan fiction and arts and crafts are found in this section. The Community Hub Confused by templates or want to contribute but not sure what to do? Check here for details on the RuneScape Wiki editing community. Index Not sure where to start? Visit the index which lists all of the main pages in the wiki.

To your browser

While I wouldn’t recommend visiting a phishing site to anyone, if you are already on the site then you can report it to your browser. They will use your report to block the site with a warning for anyone who tries to access it in future. Below is a table of how to do this with the most commonly used browsers. If your browser isn’t listed then please review the help documentation, which is available within the application, for more information.

Web Browser	Method
Internet Explorer	Select the tool menu (cog icon) located on top right hand side of the page . Select Safety from the list of options and then Report unsafe wesbsite. A new window will open giving you the options to report the site as phishing, or that it contains malicious software. Select the box that applies and the language that is used on the website. For the report to go though you will also need to complete the CAPCHA at the bottom of the page. Once completed, submit the report.
Firefox	To report phishing in Firefox you can use the user form which can be found at http://www.google.com/safebrowsing/report_phish/?tpl=mozilla
Chrome, Opera, Netscape and Safari	To report phishing in these browsers you can use the user form which can be found at http://www.google.com/safebrowsing/report_phish/

To your E-mail provider

If you are certain you have received a phishing email then you can report it to your email provider. They will then kindly remove the email from your inbox and mark any future emails from this sender as spam/junk. For more information about how to do this, please view the table below. If you can’t find your email provider here, then take a look at the help documentation which should be available on your provider's website.

Email Provider	Method
Gmail	Open the email message. Click the "Report spam" button at the top of the page. (It's the thrid button from the left and has an Octagon with an exclamation mark on it).
Hotmail, MSN and Windows Live	Open email message. Click "Mark as" at the bottom of the page and choose "Phishing scam".
Yahoo	Open the email message. Click on the “Spam” button at the top of the mail. Alternatively, you can report them to Yahoo by visiting [abuse.yahoo.com abuse.yahoo.com].

To PhishTank

Reporting phishing sites to PhishTank will mean that a whole range of agencies will be alerted to the scam; this includes security companies such as Kaspersky, McAfee and the Anti-Phishing Working Group (APWG).

Company	Contact Details
APWG	http://www.antiphishing.org/report_phishing.html
PhishTank	[www.PhisTank.com www.phistank.com] Note:You will need to register for a free account to report phishing here.

To us

When you receive a phishing email or come across phishing website you can also report it to our customer support team using the reportphishing@jagex.com email address. We will then work to remove the site as quickly as possible.

If you have a general query about phishing or you are unsure about an email you have received, you can contact accounthelp@jagex.com and a mod will be happy to help you with your request.

Sender and Header Information

So you think you have an email from Jagex. Are you sure, 100%? Email addresses can be spoofed, meaning that it is possible to make an email appear that it was sent by Jagex, even if it wasn't. To make sure the email you are receiving is in fact from Jagex you can check the email header information.

The new header (source) will now read: (the asterisk are because the front string can change from email to email)

Received from: ******.bluehornet.com

The email addresses that we are currently using are:

noreply@a.runescape.com

noreply@e.runescape.com

These are the only two email addresses RuneScape will contact you via email from. Any other email addresses are not ours so please remember to always check the sender and add the above addresses to your address book so you don’t miss any important messages!

If you are registered for, or are planning on registering for Jagex Account Guardian, please note these emails will come from noreply@a.jagex.com.

Display Names:

We now include your display name in all RuneScape emails for added peace of mind. If you have received an email you think is from us that doesn’t contain your display name, please contact reportphishing@jagex.com and do not click on any links.

We have included instructions about how to do this for the more popular providers below. If your provider is not mentioned here please review the help documentation, which is available within the application, for more information.

Click here for more information

Email Provider	Method
AOL	Open the email message. Click "details" under the "To" field.
Gmail	Open the email message. Click the down arrow next to the "Reply" button. Select "Show Original".
Hotmail, MSN and Windows Live	Right click the email message. Select "View Message Source".
Yahoo	Open the email message. Click on the "Full Headers" option (lower right hand corner).
Microsoft Outlook	Open the message by double clicking it. Find the Options panel in the message ribbon (it's the fourth blue thing at the top of the message Click on the little arrow in the lower right corner of the Options panel. This should display the header box.
Mozilla Thunderbird	Open the mail message. Go to the View menu and select Message Source.

Email Content

When reading an email that appears to be from Jagex, check that it makes sense! We don’t want to make a bad impression, so when we contact you through email, we will always use the correct spelling and grammar. If it looks to be written by a 5 year old then don’t trust it.

Hyperlinks

Pretty much every phishing email you see will have a hyperlink which will direct you to a malicious version of the RuneScape website.

NEVER click on these links!

If you are unsure, you can hover over the link with your mouse and your browser will display the actual location of the URL at the bottom of your screen. If this address differs significantly from what is shown in the email, do not visit the site.

Chat

Phishing can also occur in game. The most common example is a player impersonating a Jagex Mod or Player Mod. They might tell you that you have a “problem” with your account, or that you have been selected to become a Player Moderator. Remember if you are talking to a J Mod they will have the Gold crown in the chat window and their name will ALWAYS start with "Mod", if you are talking to a P Mod they will have a Silver crown.

You can find out more about Mods in the Moderators section of the wiki.

Malicious Sites and Downloads

Some scammers may just ask for your account information directly in game, others may ask you to visit an external website to enter your login details. These players are usually offering moderator status, free items, and free spins on the SOF or require you to post on the forums to be a part of their clan. Be cautious of any sites that require you to download anything, if in doubt refuse the download and scan your computer instantly.

When asked to leave the official RuneScape page always be cautious, plus why would you want to leave anyway!

Categories: Customer Support | Account Security