forums.rs

Forums

Is this a Jagex email? [Info] Thread is locked Thread is sticky

Quick find code: 408-409-117-66094339

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
Did you check your email recently and found an email from Jagex that looks a bit unusual? Are you unsure whether it’s legit or not?
Do NOT click on links.
No matter how urgent the email sounds, you have time to check this thread first!

Since the release of OSRS mobile, there have been several waves of phishing emails going out. The sending email can be spoofed to appear like a Jagex email address , so some emails can look very realistic. In this thread I will explain how to spot the phishing emails and cover the current phishing emails that are going around. Note that the exact phrasing might vary between different emails, but the general idea remains the same.

Once you've determined it's indeed a phishing email, you can report it to the Phishing Report Centre . It's possible that you get quite a lot of them, in that case your email address is on one or multiple mailing lists. Creating a new email address with authenticator, registering that for your Runescape account and not using that email for anything other than Runescape should fix that.

Do you prefer to read the support centre pages on the matter? No hard feelings, here they are:
Phishing websites and suspicious emails
Suspicious emails

If you clicked on a link in a phishing email, scroll down (or jump down quickly) to the 6th post on this page.

If you are still unsure after reading this thread, or you are otherwise encountering problems, either create a thread or tweet @Jagexsupport.
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

07-Apr-2019 21:31:12 - Last edited on 31-Jan-2021 05:01:57 by Samora Kiba

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
Phishing emails come in two types:

Generalised mass phishing emails:
These are the emails that are sent to e.g. a list of emails from a leaked fan site database. You can recognize them by:
- Lack of display name in the email (‘greetings, we detected..’)
- Topic (Jagex doesn’t email about account locks, infractions or bans!)
- Purpose (Jagex will never email to view evidence or prevent changes, only to confirm changes)
- Spelling errors or mistakes in the signature
- Pressing on urgency (‘I’m personally awaiting your response’, ‘If you don’t respond we will take action’, 'Press this button immediately!')
- Being sent to an email that is not the current registered email

Individual targeting:
These emails are sent by hijackers to one specific player on whom they already have some information with the purpose to gain more, such as recovery information, bank pin, the current registered email, etc. The email would be directed to one player only and will contain a display name . The hijacker is in such cases usually blocked by the Authenticator, JAG or bank pin when trying to log in and is hoping to get past that through this email.
Several of the factors of the mass emails apply for these emails as well, but you can also be on the lookout for:
- Asking for bank pins (Jagex will NEVER ask your bank pin)
- Asking to log in on another account to recover
- Asking to reply to the email with recovery information
- Asking for passwords
- Asking for players you recently spoke to / people on your friends list
- Asking for previous & current registered emails

If you received an email of the individual type, I strongly recommend to scan your pc and set a new password + Authenticator on your Runescape account. After that, create and register a new email account with authenticator on your Runescape account and use that email account for Runescape only.

Report emails of both types to the Phishing Report Centre '.
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

07-Apr-2019 21:32:09 - Last edited on 12-Feb-2020 03:20:36 by Samora Kiba

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
Are you confused or still not sure?
The following examples are all phishing emails
that are going around at this moment and should be reported to the Phishing Report Centre and/or deleted.

1)
Your account has been banned for macroing

Example text:
Dear player, we regret to inform you that your account has received an infraction due to a major macroing offence. Please visit the appeal section under Account Management to view evidence of your infraction(s) and to appeal any infraction(s) that you feel were unjustified. To view evidence, please click the link below: Check Status’

&

2)
Real world trading offence

Example text:
To Player, We have received highly incriminating evidence that you may have attempted to trade items outside of the game, using real world money. All of your accounts are now on our watch list, which will be monitored for 6 months. If left unchallenged, your account will be permanently banned. [Appeal]’

Facts:
Jagex never emails a player to inform them about a ban. If you’re caught RWT’ing or macroing, you won’t end up on a watch list – you’ll get banned and receive an account message centre message.

3)
Important notice, Cival action

Example text:
Case number: 10379385702804
WHY ARE WE BRINGING CIVIL ACTION AGAINST YOU?
Jagex is suing some players who choose to disregard the terms, conditions and agreements entered into by them but it is also offering them a one-time amnesty. Jagex is right now in the middle of filling a civil proceeding against these players in the Central District of California. PLEAD THIS DECISION?’

Facts:
Jagex will not email you about lawsuits. Next to that, if you're caught RWT'ing, you'll get banned, not threatened with lawsuits. The phrasing of these sentences is simply weird as well.
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

07-Apr-2019 21:32:13 - Last edited on 31-Jan-2021 05:04:27 by Samora Kiba

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
4)
Your email address has been changed.

Example text:
You have successfully changed the registered email address for your Runescape and Oldschool account. Your account log-in details remain unchanged but your registered email for all future password resets will be: [random email]. If you made this change by accident, you can easily cancel it below. [CANCEL E-MAIL CHANGE]

Facts:
Note how a phishing email says the change will be made unless you click something. If someone tries to change your email, Jagex will send an email to confirm the change before any changes are made. No changes are made if you don’t confirm it.

5)
We have received a request to change your password

Example text:
Password reset instructions
Dear player, we have received a request to change the password for your Runescape and Oldschool Runescape account. We are looking into your request, this can take up to 72 hours. If you have not made this request, please cancel it as soon as possible! [ CANCEL RESET/RECOVERY].

Facts:
You can’t cancel password change requests. If you try to change your password through email confirmation, you will get a message asking you to confirm the password change. If someone tries to recover your account through a full recovery instead of email confirmation, you will not be contacted through email. That recovery method is for those who don't have access to the email so sending such an email to the original email is silly.
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

07-Apr-2019 21:32:16 - Last edited on 08-Apr-2019 11:36:55 by Samora Kiba

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
6)
Your account has been locked

Example text:
Hello [display name], this is a message from Jagex Customer Support, Mod [name] here. Our systems have detected an unusual login for your account [display name], as such we've locked the account from further access until we can contact the owner. The email address we're contacting is currently registered on the account, however you will not receive a password reset until you send us a game ticket in order to verify ownership of the account. Please use the below account to login and submit a [random manual ticket].

You need to send us the following information: The last time you had access, previous display names, any friends you have added, payment details, previous and current bank pin, new email address. I'm personally awaiting your response.

Facts:
This is an example of individual targeting.
Jagex does not send emails to tell you your account is locked. Jagex does not tell you to submit a common client issue (or other technical issue) ticket to recover and certainly not from an account that isn't yours. Jagex will NEVER ask for your bank pin and doesn't ask for people on your friends list or other in-game things. Note how the email presses on urgency by stating someone is personally waiting for you to reply.

It's possible that you will find yourself actually locked after receiving this email. In that case the hijacker would already have had access to your account, and likely got detected as unusual activity or didn't get past Authenticator. The hijacker proceeded to send this email to try gather enough information to recover it.
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

07-Apr-2019 21:32:23 - Last edited on 08-Apr-2019 16:47:08 by Samora Kiba

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
Did you click on a link in a phishing email?

Try to stay calm.

Do you have another computer?
Yes: change your Runescape password from that computer.
No: Run a malwarescan to confirm you didn't pick up any malware on the PC you used to click the link. Change your password after you secured your pc. After changing your password, go to account settings and remove all unknown social media links and click 'end active sessions'.

The easiest way to change your password is by clicking 'forgot password' on the login screen and resetting the password through your registered email. This method will kick also any hijackers offline in the process.
The alternative option is going to 'account' in the top right corner of the Runescape website and changing it through account status, but this will not kick the account offline.

It's strongly recommended to set up a bank pin and Authenticator on your Runescape account. Even if you accidentally leak your password, these barriers help a lot to protect your precious account from harm. If you need help with that, have a look at these pages:
Runescape Authenticator
Setting a bank pin
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

07-Apr-2019 21:32:31 - Last edited on 16-Mar-2021 14:51:20 by Samora Kiba

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
This was an accidental reserve in attempt to add something. *tries to look professional*
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

08-Apr-2019 11:28:28 - Last edited on 23-Apr-2019 20:48:05 by Samora Kiba

Quick find code: 408-409-117-66094339 Back to Top