Forums
WARNING about hijacker!
Quick find code: 86-87-183-65821620
Jigzag
said
:
There is a hijacker that has been sending an unknown file/link to people via Skype saying it is a screen shot or meme etc
First of all, secure your skype settings if you're going to be using skype.
You can lock down your privacy settings as much as you want.
The most important thing is to disable automatically accepting incoming files.
Jigzag said :
and after being clicked it automatically downloads something onto their computer that isn't shown in the recent downloads.
I'd assume that by now most people realize the importance of having an Internet Security Suite. I personally use Kaspersky Total Security because its the most aggressive security software I've found including features that need to be manually enabled like the Kaspersky Web Protection Add-On.
Aside from this, my default Web Browser is Mozilla Firefox including security plugins such as NoScript, uBlock Origin, AdBlock Plus, Disconnect, Blur, Self-Destructing Cookies and BetterPrivacy that block JavaScripts.
And if somehow all of that security failed to block a link I made the mistake of misclicking, I also added Firefox to Microsoft EMET (
The biggest security flaw here is user error. The safest way to click on any link is to right click it > copy the link location > paste it to see the actual address before entering it. Or better yet, don't click it.
There is a hijacker that has been sending an unknown file/link to people via Skype saying it is a screen shot or meme etc
First of all, secure your skype settings if you're going to be using skype.
You can lock down your privacy settings as much as you want.
The most important thing is to disable automatically accepting incoming files.
Jigzag said :
and after being clicked it automatically downloads something onto their computer that isn't shown in the recent downloads.
I'd assume that by now most people realize the importance of having an Internet Security Suite. I personally use Kaspersky Total Security because its the most aggressive security software I've found including features that need to be manually enabled like the Kaspersky Web Protection Add-On.
Aside from this, my default Web Browser is Mozilla Firefox including security plugins such as NoScript, uBlock Origin, AdBlock Plus, Disconnect, Blur, Self-Destructing Cookies and BetterPrivacy that block JavaScripts.
And if somehow all of that security failed to block a link I made the mistake of misclicking, I also added Firefox to Microsoft EMET (
http://microsoft.com/emet
) and I use the Windows SmartScreen Filter.
The biggest security flaw here is user error. The safest way to click on any link is to right click it > copy the link location > paste it to see the actual address before entering it. Or better yet, don't click it.
10-Aug-2016 13:26:39 - Last edited on 10-Aug-2016 13:29:53 by Pescao6
Jigzag
said
:
The hijacker then takes over their Skype, email, and by-passes the authenticator into their RuneScape account and starts asking people on their friends list for Skype information so they can try and send those people the same file/link, in addition to sending it to all the contacts on the Skype account after starting a friendly short conversation.
Lol malware infections don't work that way. Lets say that you get some kind of malware via some website you clicked or a file you accepted through skype....
Assuming its a zero-day virus your antivirus failed to block/delete, you can pretty much assume that all passwords you've saved on your web browser have been compromised which is why I personally use a Password Manager which stores them on a encrypted vault. Assuming you're using unique passwords and you're not saving them on your web browser, all of your accounts should not be compromised.
Now even if they obtained your RuneScape password which you should be changing every 3 months, they can't bypass the RuneScape Authenticator to get into your account. The only thing they can do is disable the authenticator through your email. So what you need to do is secure your email with 2-step verification .
And this is why Jagex doesn't return items due to account hijacking. There are so many things that would potentially need to go wrong on your part for you to get hijacked in 2016, that Jagex can't be responsible for you not securing your PC, Email and Account.
The hijacker then takes over their Skype, email, and by-passes the authenticator into their RuneScape account and starts asking people on their friends list for Skype information so they can try and send those people the same file/link, in addition to sending it to all the contacts on the Skype account after starting a friendly short conversation.
Lol malware infections don't work that way. Lets say that you get some kind of malware via some website you clicked or a file you accepted through skype....
Assuming its a zero-day virus your antivirus failed to block/delete, you can pretty much assume that all passwords you've saved on your web browser have been compromised which is why I personally use a Password Manager which stores them on a encrypted vault. Assuming you're using unique passwords and you're not saving them on your web browser, all of your accounts should not be compromised.
Now even if they obtained your RuneScape password which you should be changing every 3 months, they can't bypass the RuneScape Authenticator to get into your account. The only thing they can do is disable the authenticator through your email. So what you need to do is secure your email with 2-step verification .
And this is why Jagex doesn't return items due to account hijacking. There are so many things that would potentially need to go wrong on your part for you to get hijacked in 2016, that Jagex can't be responsible for you not securing your PC, Email and Account.
10-Aug-2016 13:26:52
The name impersonation scam is becoming more and more common and I see plenty of players Tweet about it when i'm over helping on the Twitter side. My best advice on those impersonators is make sure your clan knows what's going on and keep them in the loop at all times.
If you think clan members could be subjected to this, ask them to place their friends list on friends only, now I know the fact that many players like to play with their friends list on because in clans you never know someone may contact you to ask about your clans recruitment as a example or for any other reason. But if you know this type of thing is happening then locking down the clan to "Ranks only" and asking members to put their PM to "friends only" for a while is a pretty reasonable way to make sure you don't get contacted by the wrong sort of people.
Another thing I will mention is that make sure your clan members know that they should never trust trade items they are not willing to loose, to anyone. I know you hear this a lot but keep reminding your members of that, it doesn't matter who the person is, don't trust trade items you are scared to loose because there is a possibility it might get taken, even by a close friend/high clan rank, you just don't know.
With this matter it really does come down to awareness and prevention is better then dealing with the aftermath of the situation, however there is always that in game report option for item scamming which can easily apply to situations like this, so even though there isn't really a rule against "Player Impersonation" as such, as players are allowed to have any name they want, this is a potentially a way of item scamming so can be reported it as such and Jagex will review the evidence and take action where required.
I hope this information helps
.
A Jagex Verfied Community Helper
Tech Issues? Click Me!
If you think clan members could be subjected to this, ask them to place their friends list on friends only, now I know the fact that many players like to play with their friends list on because in clans you never know someone may contact you to ask about your clans recruitment as a example or for any other reason. But if you know this type of thing is happening then locking down the clan to "Ranks only" and asking members to put their PM to "friends only" for a while is a pretty reasonable way to make sure you don't get contacted by the wrong sort of people.
Another thing I will mention is that make sure your clan members know that they should never trust trade items they are not willing to loose, to anyone. I know you hear this a lot but keep reminding your members of that, it doesn't matter who the person is, don't trust trade items you are scared to loose because there is a possibility it might get taken, even by a close friend/high clan rank, you just don't know.
With this matter it really does come down to awareness and prevention is better then dealing with the aftermath of the situation, however there is always that in game report option for item scamming which can easily apply to situations like this, so even though there isn't really a rule against "Player Impersonation" as such, as players are allowed to have any name they want, this is a potentially a way of item scamming so can be reported it as such and Jagex will review the evidence and take action where required.
I hope this information helps
.
A Jagex Verfied Community Helper
Leader of Zealmania
|
A Runescape player since 2005
|
@JagexHelpL0ne
Tech Issues? Click Me!
10-Aug-2016 19:33:04 - Last edited on 10-Aug-2016 19:35:03 by L0NE DRUID
Quick find code: 86-87-183-65821620 Back to Top