Sign In
Register
Help
Posted 25 April 2004 - 09:33 AM
(This is the Second version of this document.)
How avoid being Hacked or Scammed on RuneScape
By: KorbUzam
Edited: Cave Dogg (blame him for errors!)
Over the years of playing RuneScape, I have seen many of my friends lose huge amounts of gold and effort due to workings of hackers and scammers. Each time this happens I get more irritated that the staff of RuneScape (RS or R.S.) refuses to do anything more then place a band-aid on the problem. Sure, you can report a scammer or a hacker… but not until they have done irreparable. You can even actively attempt to prevent a scammer but all they do is pick up and try again somewhere else. So, I’ve decided to do something about it. Perhaps with some REAL education the population of RuneScape will be able to defend it’s self a little better.
If you’re reading this because you’ve been hacked, check another article at runevillage:
http://runevillage.n...pic.php?t=51194
Section One: How To Avoid Being Hacked
There are a number of ways people are typically hacked. What never happens is a compromise of the security of RS’s databases. If you are hacked, it means you made a mistake with out knowing it.
1.1 - Password Smarts
A large mistake people make is with the creation of their password. When you make a new password you should:
- Not use a word that is in the dictionary
- Mix numbers and letters
- Make the password more then 6 letters or numbers
- Change your password often (once ever month or more)
The second biggest mistake is actually TELLING the hacker what the password is. I can’t stress this enough. If someone claims to be your girlfriend/boyfriend DEFINATLY don’t give him or her your password. That’s a very common way to steal passwords. People have attempted this on me more then once in my career. If you do decide of
The third point I wish to make here is about using your RS password in more then one place. The short of it is don’t. This is never a good idea. There was a famous case of a RuneScape forum that was hacked and the password database was taken. Many of those who had used their RS passwords on that forum ended up missing items on their accounts. Encryptions are breakable. That is a fact of computer security.
Check out this site when choosing a password for more tips:
http://www.bcentral....ecurity/102.asp
1.2 - Password Recovery Questions
A very common way to break into someone’s account has been to befriend them and over time find out the answers to their password recovery questions. Again, this has been attempted on me. It can happen in more then one way. Be weary of anyone who private messages you out of the blue and starts to ask personal questions. There are some ways to prevent this kind of attack though. First, of course is to be careful what you tell strangers about yourself on the Internet. Second you can change your PW Recovery questions to gibberish answers. Just copy down the gibberish answers you gave and save it an odd place that you will remember. Remember to copy them down somewhere…. How useless is the password recovery system if you can’t use it?
1.3 - Websites and “Spyware”
Never, never believe someone when they say, “Blahblah.com has the best RuneScape cheat codes!” You can substitute “Cheat Codes” or “Auto Spammers” or any program really. As a general rule, if someone is advising a website on RuneScape, it’s a scam. It’s also your duty as a law abiding RuneScape citizen to report the scammer immediately.
Besides avoiding scam sites like the plague, you should download a program made to kill “Spyware” (including key loggers) such as SpyBot Search and Destroy ( http://security.kolla.de ) or Ad Aware ( http://www.lavasoft.de/ ). Both are free and will do an excellent job in protecting you if you use them often. Also, I would suggest installing a firewall such as Outpost ( http://www.agnitum.c...oducts/outpost/ ). Outpost is also free. Along with a good virus scanner, you should be very well protected from key-loggers and other general spyware. A good free scanner is AVG 6.0 ( http://www.grisoft.com ).
Also… Never ever type your password in anywhere other then runescape.com websites. Anywhere else and your just asking for trouble.
Section Two: How To Avoid Being Scammed.
Help the world and report scammers when you see them. The main rule is to use common sense. If you don’t know the person, don’t trust them. Trust is something to be earned, not given freely. In the following, I’ll list most of the common scams.
2.1 Trust Tests
All ‘Trust Tests’ are scams. NEVER do them. The items will keep getting more and more valuable until they get what they want and they’ll simply refuse to give you the items back. No respectable clan requires a trust test.
2.2 “Follow me to a Drop Party!”
When you join a Drop Party train be watchful of where it’s going. If it heads to the wild, drop out. It might be leading you into a pre-planned ambush.
2.3 “Free Item Duping!”
Two things here: There is no way to dupe most items. Duping items will lead to a perm ban. The person offering duping will simply take your item and log out. Just use common sense and report anyone who claims to dupe items.
2.4 “Rare _____ For Sale!”
Spinach rolls are the common one people try to sell right now but in the past people tried to sell the little cards you get from Tourist Trap quest. Also used are the Warship Toys from Gnome Stronghold and the horses from Draynor Village. Who knows what new scams the new quests will bring.
2.5 “Trading ‘Neopet Account’ for 100k gold!”
Replace “Neopet account” for any non-RS item or account. I’ve seen people try to sell things from NeoPets, Everquest, and various other online games. One reasonable exception to this rule is the common practice of creating forum signatures. If you decide to do this, make sure the person has lots of post and a reputation to protect. Also, to reduce the risk to both parties, I’d suggest paying half up front and half on delivery.
2.6 Bait-and-Switching
This is an old trick but one that is still tried on occasion. Usually what happens is that right before the final trade is settled on the person will quickly switching the item to something worth much less. Just be aware of what is being traded. Check the item on the confirmation page to make sure what you wanted is actually what is being traded.
2.7 “Can I borrow your _____”
Say no or ask for collateral that is worth something close to the item he/she is borrowing. Otherwise, you must accept the possibility that you will lose the item in question.
2.8a “I’m a staff member and (‘I need your password’ or ‘give me ____ or I’ll ban you’)”
Anyone claiming to be a member of Jagex is a dirty scammer. Report them and then set them to ignore. I heard a rumor that Mod’s names appear in white instead of the standard Green-yellow-red that usual players use. I have yet to confirm this but it would be nice if it was true.
2.8b “Hay, you’ve won a _____! Send me your pass so I can _____.”
Variation of 2.8a. “You’ve won a free lifetime membership” or some such.
2.9 “Hay, runescape now censers psswrds! See: *******”
Runescape does not censor your password. This is just a way to get you to announce your password to the lamer.
2.10 “Drop _____ and press (‘alt-f4’ or ‘alt-cfcf’) to duplicate/upgrade!”
“Alt-F4” and “Alt-cfcf” simply closes whatever program you happen to be in at the time. If you drop an item and close the browser you won’t be able to get back in time to pick your item up. If anyone in encouraging you to hit alt-f4 for any reason then report them.
2.11 “Change your password to ____ to get free _____”
Don’t do it. Obviously a scam, isn’t it?
2.12 E-mail Scams
Never-Ever download an attachment that you are not expecting. Runescape never sends e-mails to it’s users, so don’t believe any you get. And, most forum owners won’t send out mass-updates to there users with attachments. Don’t open, and don’t believe everything you read!
My hope with this document was to heighten awareness of security and reduce the overall amount of scamming in the world. But, what I don’t want to see is complete mistrust of everyone and everything. How bad is the world where there is no trust? Actual scammers inspired a lot of the tips here. If I’ve missed anything or if you want to check if something is a scam or not feel more then welcome to send me a PM in game. I nearly always keep pm-block off. Also, anyone can copy this under two conditions: I get credit for my work and this little blurb isn’t cut off.
Special Thanks to:
Plipo, Death199, Lumme, Shadowdancer, TrendyHaz, cloudpants.
Version 2 was finished on April 26, 2004.
This post has been edited by Korb Uzam: 27 April 2004 - 03:30 AM
MultiQuote
Posted 25 April 2004 - 10:54 PM
Posted 26 April 2004 - 01:22 AM
Great guide Korb! Definitely worthy of being on the main site 
