Jump to content

Phishing; The Silent Enemy. The Dos and Don'ts

RuneHQ Robot

Recommended Posts



Well as you know since the dawn of RuneScape, people have been trying to phish players accounts. I for one, am taking a stand. Listed below are a few of the new and most updated phishing methods that Phisher's are using to steal your accounts. Look at them in detail because odds are they will try to find and steal your account.

Method 1: Distraction/Website

This method is the most recent of the phishing attempts. The way this method is introduced to the player is by a message being spammed over and over in the chat box. Most of the time they will advertise something to get your mind off the actual phishing. For example: "11b give away! Search Torva96 on YouTube!" Now what they want you to do is to obviously search Torva96 on YouTube. You will watch his video on the 11b giveaway. This is the "lure" of the entire phish. It's what gets your attention off what is going to happen next. He will explain that you need to post something on the RuneScape forums. He will tell you to follow the link in the description. Now since the "lure" has taken your attention you do not see that the URL in the description is a fake RuneScape website that was designed to trick you into logging into it. Something that is the number 1 factor in understanding whether the site is fake or not is to look at the URL. It should be HTTPS not HTTP. NEVER ENTER YOUR PASSWORD INTO A RUNESCAPE LOGIN WITHOUT CHECKING THE URL FOR THIS PICTURE! jfvklc.png

Here is a video I made explaining how the phish works:

Here is a video the phisher made trying to phish the accounts:

Method 2: Social Engineering

This method is the more common phish of today. This phish is what you call "Social Engineering". Meaning, they try to manipulate you by using there words with there inevitable goal of convincing you that you have received an application form to become a Player Moderator. Here is an example of what it the "Social Engineer" will try to accomplish.


Hello. May I have a moment of your time, please?


As you can probably see, I am in the staff world.
More information on this world can be found in the game manual.
Now that I've cleared that up, may I speak with you?


We've been monitoring your recent chat logs and actions-
-and we have noticed maturity and responsibility.
We would like to offer you a moderator application.
This is just an application, and doesn't confirm your position.
If accepted, your account will be upgraded to player moderator.
Do you wish to proceed?


Please grab a pen and paper, to write down some info.


Okay - Just write down the following two lines of information:
Application Url Id: 4418.t35.comx
Referral Id: 28871


Okay - Now I need to ask you a few routine questions.
A. If accepted, will you devote time to your position?
B. Will you abuse your moderator abilities (ex. Mute player)?
C. Do you think you would make a responsible moderator?

-a yes, b no, c yes

Okay - You now qualify to proceed to the application stage.
Simply enter your Application Url Id to the address bar of any-
-web browser. Remove the 'x' from the Url.
Kindly let me know when you have reached the web page.

-im at the page

Okay - Please briefly read through the text on that page.
Kindly let me know when you have finished reading.

-done reading

You may now click "Apply as Moderator", below.
After logging in, you will be prompted for your "Referral Id".
Simply enter that, and fill the rest of the form out as needed.
Let me know when you finish, or if you have any questions.

-i finished

One moment please.
Okay - We have recieved your application.
Now, simply log out of the game, then log right back in.

-ok !

Now that you have seen what this would look like, you will be aware of the factors a phisher will use to try to attempt to phish your account.

Method 3: E-Mail

This one is a new and growing one. Some people have already experienced this type of phishing method but, since it is a rather new method I will collaborative as much as possible. First, you will receive an e-mail about how your account has either received an infraction or that your e-mail has been registered to your account. REMEMBER! This is fake and they will steal your account.

The E-Mail will look like this:


The E-Mail Itself:


The Fake URL Inside the E-Mail:


As you can see, the URL is not secured. Some people are so desperate to earn free cash in this game, that they will go to almost any lengths of getting it. Now that you have obtained this knowledge on how phishers work, the RuneHQ Community will be much safer.

Go and play safely my friends!

Remember! itsFantastic!


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...