forums.rs

Forums

Password reset Emails [Info] Thread is locked Thread is sticky

Quick find code: 408-409-637-66117150

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
Hey all,

There has been a surge of reports the past few weeks that players are getting unsollicited password reset emails. If this happened to you, don't panic, and don't click on any links.

Here's what we know:
- It just takes a login name to send a password reset email. If I know your login name and hit 'forgot password', you get that email, without me having access to your account. It used to be a scare tactic.
- Most of these emails appear to be legit. This doesn't mean that you should be worried. Your password will not be changed without confirmation through email. In other words, if you ignore them, nothing will happen.
- In case they aren't legit, you can simply ignore them as well.
- Many of these emails start with 'character name unavailable'. This is possible if the account that the reset was sent for has been inactive for several years. Others will start with a display name.

Here's what you can do:
- First, scan your computer for malware, just in case.
- After that, ensure your email is safe. If your email is safe, your account is too. Ensure it has a strong password and 2-step Authentication.
- If the email made you nervous, you can always request a password reset yourself and change your password. If you do so, don't re-use a password you used for any other site.
- You can either delete the unwanted password reset email, report it in the Phishing Report Centre ' for investigation.

You're not alone, many players are affected. We have a few theories about the cause, but so far we don't have reason to believe it's associated with actual hijacks. I will let you know here if I know more.
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

20-Aug-2019 22:58:25 - Last edited on 14-Oct-2021 17:30:48 by Samora Kiba

Samora Kiba
Jan Member 2008

Samora Kiba

Posts: 9,254 Rune Posts by user Forum Profile RuneMetrics Profile
Update:

Some of these emails are sent by Jagex, others are sent by a phisher. After checking on several accounts that reported receiving these emails, it appears that those who receive only a few of these emails are getting them from Jagex and caused by someone knowing or randomly guessing the login name. Those who are receiving a lot of these emails are likely receiving emails from phishers who know the email address, not the login name.

Whether it was sent by Jagex or by a phisher, you can safely ignore these emails as long as your email is secure .

The emails caused by someone hitting 'forgot password' (the emails sent by Jagex), are usually sent to players who have a login name instead of a login email, or leaked their login name/email somewhere. A login name instead of login email is easy to randomly put in or guess, resulting in such an email. They would try this once or twice, but not usually a large amount of times.

The emails sent by a phisher are sent because someone knows the email address that is receiving these emails, and will contain a phishing link somewhere. These can come in in large amounts.

There is an easy way to see which one you're dealing with, aside from the amount of emails you're getting: changing your registered email. If you keep getting emails on your new registered email, the emails are likely caused by someone knowing your login name. If the emails keep coming in on your old email, you know they are phishing emails sent to the email address, not the account :)
~Samo

Community Helper

Member of the godless. It's not that I don't want to devote my soul to an RS god, the problem is that I can't find it.

11-Apr-2020 16:44:26 - Last edited on 11-Apr-2020 16:44:59 by Samora Kiba

Quick find code: 408-409-637-66117150 Back to Top