Forums

Comprehensive Account Security

Quick find code: 98-99-137-65630390

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Comprehensive Account Security

This is going to be a long read, so if you're not going to read it all and you're having trouble, look at the issue diagnosis post. This can be found here . If you want a rough overview, it might be a good idea to look at the index post here .

Your RuneScape account is hunted by hijackers, day in day out. They use all sorts to try and gain access, ranging from giveaways to downloads to finding personal information.
If you've been hijacked it is more than likely either due to being phished, either by email, another website, or private message - or if you've downloaded a program which steals information or grants the hijacker access to your computer.

Something people do way too much is assume that their computer is clean, their email is safe, and that it must have been something else entirely. They believe that they've done absolutely nothing leading to their hijacking. I'm sorry to burst your bubble but that doesn't really happen. There's always a reason and a cause.

Targeted hijackings are VERY rare, so you should NEVER look at them as the most likely scenario, until you've reviewed all the other options in this thread. Doing so means you're ignoring the actual cause, which could be anything from malware to poor email security to a reused pass.word.

This covers everything, from phishing to malicious downloads, to targeted hijackings. It includes computer security, things to look out for, and how to diagnose the issue. More importantly, it will provide you with the information you should know, so you can keep your account secure.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:25:50 - Last edited on 09-Jun-2015 23:33:50 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
General Account Security

Windows Security -- Click here or use QFC: 98-99-137-65630390-3-335849141
Mac Security -- Click here or use QFC: 98-99-137-65630390-4-335849143
Linux Security -- Click here or use QFC: 98-99-137-65630390-5-335849144
Email Security -- Click here or use QFC: 98-99-137-65630390-6-335849145

Different hijacking methods and how to avoid them

Phishing -- Click here or use QFC: 98-99-137-65630390-7-335849147
Malware -- Click here or use QFC: 98-99-137-65630390-8-335849148
Targeted hijacking -- Click here or use QFC: 98-99-137-65630390-9-335849149

Troubleshooting a Hijacking

Issue Diagnosis -- Click here or use QFC: 98-99-137-65630390-10-335849151
Malware hijacking -- Click here or use QFC: 98-99-137-65630390-13-335849159
Phishing hijacking -- Click here or use QFC: 98-99-137-65630390-11-335849152
Targeted hijacking -- Click here or use QFC: 98-99-137-65630390-14-335849162
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:06 - Last edited on 31-May-2015 06:18:51 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Account Security Features

Bank pins -- Click here or use QFC: 98-99-137-65630390-15-335849164
Authenticator and JAG -- Click here or use QFC: 98-99-137-65630390-16-335849166

Risks

Scams -- Click here or use QFC: 98-99-137-65630390-17-335849170
Third-party clients -- Click here or use QFC: 98-99-137-65630390-18-335849172
Third-party applications -- Click here or use QFC: 98-99-137-65630390-19-335849175
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:11 - Last edited on 15-Aug-2015 21:44:44 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Windows security


Computer Accounts
This isn't a security program, but it is a MUST!
You should have a limited user account for online browsing and gaming, its safer. You should use the limited account the most. Infected admin accounts harm the whole PC.

Malwarebytes Anti Malware
This is one of the best free security applications available. It isn't an antivirus, it is an independent scanner with regularly updating threat definitions and heuristic detection. The detection rate is very high and it is recommended, used and endorsed by technicians around the world. If someone I know has a virus, this is the first thing I turn to. Most of the time it can solve the job on its own, and for that it gets very high commendations from me.

Malwarebytes Anti Rootkit
This piece of software is still in beta, however it provides rather accurate checks for rootkit behaviour. If you think you may have a rootkit this is a good one-off scanner for that and generally a good tool to have in your arsenal.

Malwarebytes Anti Exploit
Malwarebytes Anti Exploit focuses on preventing websites from executing malicious code without your consent. In perticular this includes Java and Flash, (alongside other popular applications and even browsers themselves) all of which are extremely common. RuneScape itself functions on Java when ran in a browser environment so knowing that your Java applet is protected gives you both peace of mind and protects your computer from all sorts of threats.

Avast Antivirus
Avast is a free antivirus with automatic updates and scanning that although can be a bit rough around the edges, does the job. It actively monitors your system and can stop dangerous scripts from being executed. If you find Avast annoying an alternative is Microsoft Security Essentials, which is inbuilt in windows 8 machines and beyond. A separate installation is available from microsoft for prior machine versions (xp to 7).
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:14 - Last edited on 17-Jun-2015 01:45:20 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Mac security

Macs are generally considered safer to use online than PC's, however they are not invulnerable to online threats. Protecting them with an antivirus is always a good idea.

Avast Antivirus
Avast is a free antivirus with a lot of reputable reviews and test results. It similarly to the windows version can detect code execution and stop it from happening as well as the fact it can perform rather detailed scans of your computer. Generally it is something worth having.

Avira antivirus
Avira is a good alternative to Avast for Mac as it has a decent detection rate. It is also free and has the option to schedule scans. Scheduling is very important because it ensures you don't miss any viruses that may have recently snuck onto your computer.

Comodo firewall and antivirus
Comodo is a reputable firewall and my personal preference of firewall due to the available utilities it provides. It supports Linux and has antivirus functionality too, and for the more technical among you, you may find the monitoring tools it comes with beneficial.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:22 - Last edited on 08-Jun-2015 06:03:59 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Linux security


Comodo firewall and antivirus
Comodo is a reputable firewall and my personal preference of firewall due to the available utilities it provides. It supports Linux and has antivirus functionality too, and for the more technical among you, you may find the monitoring tools it comes with beneficial.

ClamAV (sourcefire)
ClamAV is a free and open source antivirus scanner. It performs several checks when scanning files including checking the signature and source of the file as well as monitoring behaviour. It is a good alternative to Comodo.

Malwarebytes anti-malware
Although not directly available, there are workaround methods to install it on Ubuntu Linux using 'WINE'. There are tutorials for this online, but there are too many steps to list in this post.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:26 - Last edited on 08-Jun-2015 06:04:21 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
EMail security


Google Mail is superior to the vast majority of email providers I have encountered. Security wise it is almost unparalleled which means it is one of the best choices for your accounts.
Google have very potent security checks, surpassing most common email providers including hotfail... oops, I mean, hot mail and yahoo. Two-step verification in combination with this means your email account is in a very safe position, meaning any account linked to it (such as your runescape account) isn't at risk of being stolen through your email.

When making a GMail account, take into account the following:

+ Your pass.word should be unique. Do not reuse a pass.word or a pattern within a pass.word.

+ The email address itself should not be obvious. A hijacker should not be able to guess it. Don't name it your runescape account and do not name it your real life name or nickname.

DON'T USE YOUR NEW EMAIL FOR ANYTHING OTHER THAN YOUR RUNESCAPE ACCOUNT.
Registering it to fansites or your social media/personal accounts puts your email and therefore account at risk. Do not post your email anywhere, not even as a contact method on a fansite or your own website.

Once you've made the account, google 'GMail two step verification' and follow the 'landing' link on the google domain. It will walk you through two-step verification on the account and this will ensure that only you can access it. Hijackers won't be able to log into the account if two-step is enabled because two-step sends a code to your phone which is required to log in.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:29 - Last edited on 09-Jun-2015 23:21:30 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Malware

Malware is software designed to damage or disrupt your computer such as Trojans and Keyloggers. It often is used to steal personal information and it is generally a pain in the backside. They are programs that bypass security on your computer without your consent; thankfully with the correct protection they can be entirely avoided.

Hijackers target you and your fellow players. If you see an account at the grand exchange or anywhere in game spamming a website, the account is more than likely hijacked. If they are advertising some form of bot or gold generator or glitch, the account is probably being accessed through the use of malware. Do not visit the website it is advertising, otherwise their next victim very well may be you.

Reputable websites such as Facebook and YouTube can still lead to dangerous content. If you see a website you trust being spammed in game, it's probably best not to visit that either!

Security programs sometimes are not compatible with multiple operating systems. View the below relevant section if you need security software to combat malware.
Windows Security
Mac Security
Linux Security
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:34 - Last edited on 09-Jun-2015 23:22:47 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Phishing

If it seems too good to be true, it is.

Phishing, to put it simply, is where a hijacker attempts to direct you to a website that looks like the real website. This is widespread, and affects companies worldwide - including Jagex. If someone sends you to another website, say, 'Facebook' or 'YouTube' and asks you to then visit the runescape website, they are sending you to a phishing site.

If they wanted you to visit the real runescape website, surely they could guide you to the thread with a quick find code or instructions? A player who is trying to legitimately help you find a thread will never ever ever send you to YouTube and such. Be careful if you see a video claiming to link to the RuneScape website. Most of the time it links to a fake website with a similar URL.

The rule to follow is do not go to websites advertised in game. It simply results in a scam the vast majority of times, and you are the target.

You can find some information on phishing here .

Jagex will NEVER contact you to invite you to the Moderator team via in-game private messages. They do all of their official account-specific communications through the message centre , which you can access by going to the]runescape homepage and then clicking on 'account' in the top right hand corner. Any messages they send you will be under the 'messages' tab.

You can find information on all the different types of Moderators here . If someone is claiming to be a Moderator and they don't have a crown next to their name, report them for staff impersonation.

Likewise, they will NEVER email you about account infractions or offences. They will also NEVER ask you for your bank PIN.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:37 - Last edited on 24-Jan-2016 18:11:00 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Targeted hijackings and how to avoid them


Targeted hijackings require the hijacker to gain information about you. They seek out personal information, email addresses, online aliases, real names, areas, all kinds of information that makes you identifiable whether it be online or outside of the internet. You can protect yourself from them by following a few simple steps...

+ Do not post your real name or even town on fansites. It makes you very easy to locate. Country is fine if you really have to, but don't put anything more than that.

+ Do not register real life accounts with runescape related emails. If your RuneScape email or real life account gets hijacked then they'll have both of them.

+ Do not reuse pass.words. This is too common. And by saying do not reuse pass.words, I don't mean add a letter or number to the end. Make the whole thing unique. Don't think pass.word, think passphrase. One word alone even with a few numbers just doesn't cut it. Any half-informed hijacker could have a bad pass.word cracked in minutes.

+ Do not post pictures of your bank. Pictures and videos of your wealth on social media and such basically just scream 'hijack me' to those malicious individuals. They scour social media sites looking for them. Don't turn yourself into a lighthouse for them.

+ Use correct privacy settings. Millions of people use facebook. Are you one of them? If you've got public posts on your facebook, even if you hide your location and such (which you should do anyway!) the hijacker can just go and look at what Fred has commented. They can then go to Fred's profile and get his location and probably get a good idea of where you are and who Fred is to you.

+ Don't leave your adventurers log on public. I'm all for sharing the gaming experience but if you have an expensive adventurers log picture the hijackers are going to have a party there and then. If they aren't your friend they don't need to see your third age.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:41 - Last edited on 09-Jun-2015 23:18:22 by Salubrious

Quick find code: 98-99-137-65630390 Back to Top