RuneScape Wiki

Jagex Certified

Phishing - more information

This template is being phased out. If you have found it, please remove it from the page.

Phishing is used to acquire personal information such as usernames and passwords by posing as the RuneScape website or an email from Jagex. In almost all cases the source appears to be legitimate, and usually looks professional however the intent is always malicious.

Phishing is illegal in the UK under the Computer Misuse Act 1990, and in the USA under the Computer Fraud and Abuse Act 1986, as well as equivalent legislation in many other countries around the world.

Phishing attempts can appear to be official and relating to RuneScape and Jagex. These range from near identical websites and emails promising free membership, moderator status and Beta invitations for upcoming Jagex releases. They can also threaten to take action against your account unless login information is provided. Remember that Jagex will NEVER ask for your account information.

How to Spot a Phishing Website

There are a number of people who will create fake websites to try and trick you into giving out your RuneScape username and password. Don’t worry Phishing websites are easy to spot if you know what to look for.

For more information click here

Forum Phishing Sites

Some phishing sites can appear to be the RuneScape forum as our security measures are based on the login pages.

These forums commonly ask you to post a message to join a clan or offer free items if you post. For you to be able to do this you must first login using your RuneScape details. It’s at this login page where your account information can be phished. The hijacker is hoping that you have been drawn into the scam with the forum so you won't be vigilant with your security checks on the login page.

This information is all you'll need to identify a phishing site and keep your account safe. If you don't see a SSL Certificate then please don't use the site.

How to Spot a Phishing E-Mail

Phishing emails are very easy to spot if you know what you are looking for. Jagex rarely contact players through their personal emails, the exceptions are newsletters, billing support, and password requests, otherwise we use the in game mail box. If you do happen to receive an email from Jagex, you will be able to tell it's genuine by looking for the following points;

Click here for more information

Phishing E-Mail examples

1. Subject - Your account is under our suspicion participating in Unusual Account Activity!

Click to see information

2. Subject - RuneScape Account – Notice

Click to see information

3. Subject - Your account received a infraction

Click to see information

How to Identify "Spoofed" E-Mail Addresses

If you do receive an official looking e-mail from Jagex still be cautious, there are ways to change the appearance of a sending address in the "From" field of an e-mail. This process is called "spoofing" and may make an email look official. There is a way to check the actual sending address of an email and this can be done by looking within the emails header information.

The header information contains a report about who sent the message, and how it got to your inbox. It's a great way to help determine malicious and safe e-mails.

Most e-mail providers will have the ability to view an e-mails header information. We have included instructions about how to do this for the more popular providers below. If your provider is not mentioned here, please review the help documentation that is available within the application for more information.

Click here for more information

What the Jagex Header Looks Like

If you receive an e-mail from us, hopefully the header information should look like the below;

Received: from

From: "RuneScape"

How to Spot Hidden Links

Hijackers often try and hide links to their phishing sites behind legitimate looking links in their e-mails. You can add a link to any site on any text like this. But this means you can also pretend it's going to the RuneScape site like this As you can see it looks like it's going to, but it actually goes to (don't worry, it's not dodgy :))

To stop this happening, hover over any link with your mouse before clicking it. Your browser will show you the link in the bottom left. If the site looks dodgy then don't go there.

How to Report Phishing

The best way you can help us and your fellow players is to report any malicious looking websites and emails direct to us. There are several ways you can report phishing depending on how you come across it;

  • If you see a phishing website being advertised in game, you can report that to us by using the report abuse button. Please classify this under the advertising website offence.
  • If you should happen to come across a site out of game, then please report the link via email to

It is advised that you run a virus and malware scan on your computer before logging into the forum.

  • If you have received a phishing email, you can report it to us via email. To do so, follow these simple steps:
    • Make sure you include the email header in your report as it contains information about who sent the message, and how it got to your inbox. For more information in this please see the "How to Spot a Phishing Email" section at the top of this page.
    • Forward the phishing email, along with the email header information to
    • Remember not to copy and paste the email as this will mean vital information is lost.

Once we have received your report we can then work to remove the phishing sites as quickly as possible.

More information about ways you can helps us in our fight against Phishing can be found on the main Phishing page.

Report a wiki page

If you have identified content on the wiki that breaches the wiki policies or RuneScape rules it is possible for you to resolve this by editing/updating the content.

However if you feel that a user has seriously breached our rules or editing policy and this requires urgent attention from a member of staff, then please specify the issue from the below categories: