forums.rs

Forums

Comprehensive Account Security

Quick find code: 98-99-137-65630390

of 33
Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Issue diagnosis


If you've been hijacked, you first need to work out how. This is because if you ignore the possibilities, you could just get hijacked again and lose any progress you make in the future.

Look at one of the following sections depending on which is relevant to you.
Windows Security
Mac Security
Linux Security
Download at least one of the recommended security programs (those classed as an antivirus or antimalware application) and run a full scan with it.

AFTER the scans are done (it must be after, or any potential keyloggers will re-steal your information) check if you have access to your registered email still. Assuming you don't...

1) You've likely used the same pass.word for RuneScape and your EMail (in which case, make a new email and use a new pass.word!)

2) You may have malware on your computer.

If you do have access to your registered email, you need to check if your account is still linked and recoverable. View this thread and attempt to lock your account.

If you do not recieve an email within 30 minutes, your account is probably stolen and the email has been changed. It is also possible that you are not recieving mail from Jagex, but that is also covered here , as is where to go if the email is changed by a hijacker or stolen.

If the scans are clean, you haven't reused pass.words and you've been a silly person or haven't been phished, you may have been targeted by a hijacker. You can recover your account through the 3rd option on the locking guide in my signature. Read page 1 of this thread before proceeding!
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:44 - Last edited on 24-Jan-2016 18:15:25 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Malware hijacking (secure and recover process)


If you're a victim to malware and find your account is hijacked, your priority is ensuring that your computer is clean. Failing to do so and proceeding with a recovery before scanning means that your computer is still at risk and your details could be stolen again by the potentially malicious software on your computer.

I do not generally rest peacefully thinking that someone has selected a strong enough antivirus or antimalware scanner, so please follow these instructions exactly.

If you are using Mac or Linux systems please refer to the relevant security post at the beginning of this thread for alternatives for your operating system, as this post assumes you are using Windows due to the frequency.

1) Google 'Malwarebytes anti malware' and download the free version of the application from the malwarebytes website. Run a full scan with it.

2) Download 'Malwarebytes anti rootkit' from the same website, and again, install it and run a scan. If it wants to reboot your computer, allow it to do so.

3) Download 'Avast Antivirus', install it, and run a scan with it. If it wants to reboot your computer, allow it to do so.

I recommend these scanners because from my own personal stress-testing and experience I know that they are extremely powerful and have high detection rates in comparison to the vast majority of other scanners. Install each of them and run a scan with each. Let them do their thing.

4) If the scans have detected something, or nothing at all, you can assume that your computer is clean. You should then proceed to recovering.

If you're still really worried (which you shouldn't be, but I understand), you could reformat your computer. You can download a copy of your operating system from your provider and retrieve your license key to reinstall it using a program called 'Belarc'. Do not use the 'ghost' partition on your computer. Use a seperate disk or USB to install it.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:26:48 - Last edited on 09-Jun-2015 23:18:47 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
5) Malware-related hijackings usually result in your registered email being changed. This means you cannot perform a normal recovery and you need to send a ticket.

To send a ticket you will firstly need a fresh and secure email. For this I strongly recommend creating a 'Google Mail' account as their security checks are extremely vigorous, unlike other providers. This means that a Google Mail account is typically harder to hijack than other email types.

Make the Google Mail account. Ensure that you do not use your real name in the email address, and also that you do not use your runescape name in the email address. This is so your personal information cannot be compromised if your email is ever accessed by someone else.

Google Mail also offers something called 'two-step verification' which you should have read about in the email security section of this thread. Two-step verification requires that the person logging into the account has access to the registered mobile phone, so any hijacker trying to log in will not have access to your email account. You however will have access to your email account, as only you have your phone.

Google 'GMail two step verification' and follow the result on the google domain. Follow through the steps and you should have a two-stepped account in no time.

Once you've two-stepped your google mail account, you're good to go! It's time to send a ticket. Read this page through and follow the instructions to send a ticket.
Jagex aim to respond within 48 hours to all tickets.

When you have control, set a new pass.word and set up the Authenticator.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:27:53 - Last edited on 21-Nov-2016 02:24:05 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Phishing hijacking (secure and recover process)

Phishing normally results in a hijacker logging into your account, spamming the same website that hijacked you and getting more victims. Of course the hijacker doesn't want to log out, but you can make them log out, if you still have access to your registered email.

Read this thread for steps to boot your account out of the game if you are hijacked. You need access to your registered email to be able to do this however.

If this works for you, change your pass.words - both your email pass.word and your runescape pass.word, along with any other valued accounts/social media accounts.

If you do not have access to your registered email (either because the hijacker has changed the pass.word of it, or because the hijacker has changed the linked email), you will need to create a new one.

I recommend that you create a 'Google Mail' account. It is generally way more secure than other email providers and comes with the additional security feature known as 'two step verification'. Two step means that hijackers need your physical mobile phone to log into your email, so you cannot be hijacked anywhere near as easily.

Google 'GMail two step verification' and follow the result on the google domain. Follow through the steps and you should have a two-stepped account in no time.

Once you've two-stepped your google mail account, you're good to go! It's time to send a ticket. Read this page through and follow the instructions to send a ticket.

When you have control, set a new pass.word and set up the authenticator .

Jagex aim to respond to tickets within 48 hours, so hang on in there!
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:27:57 - Last edited on 21-Nov-2016 02:26:01 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Targeted hijacking (secure and recover process)


Targeted hijackings are relatively rare because they require information on the hijacker's part of both the amount of wealth the account has (to determine on if it is worth targeting) and to come across as the owner of the account. Target hijackers will generally try and recover your email account and other accounts you own to pass themselves off as you and then gain further access to your other accounts.

If you've been targeted by one of these hijackers you will likely be in dispute with support teams, wether that be Jagex's own support team or that of another website (for example Twitter, Facebook or your email provider.) The information that the hijacker gathers of you is generally from your social media accounts, however they have been known to steal fansite databases and use that information to log into victim email accounts.

You during the dispute process need to prove to Jagex that you are the legitimate owner, because during these processes it is possible that due to your own personal accounts such as email being compromised that initially the attack seems like the account owner.

I strongly recommend at this point that you read your relevant operating system security post and the email security post before proceeding beyond this point.

You can prove ownership to them by providing previous billing information, previous display names, previously registered email addresses, your internet service provider on account creation, and so on. Jagex will NEVER ask you for your bank PIN, even through official forms of communication.


The appropriate form you would need to use is located here and it asks within the linked ticket the information they need to verify account ownership.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:28:15 - Last edited on 21-Nov-2016 02:25:29 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Bank Pins

Talk to any banker to set a bank pin. Bank pins protect your bank from being accessed without a combination of numbers set by you.

If your email or computer is compromised, your bank pin is the last thing defending your items. A hijacker on your account will be greatly hindered by a bank pin, as they aim to get into your bank, take your items and real world trade them. Bank pins buy you time to recover your account, secure your computer, and generally re-assure you that there is an extra line of defence if something severe does happen.

I advise toggling the delay on the bank pin to 7 days (you can do this by talking to a banker) so you have a full week of security if your account is compromised to safely recover without item loss.

I strongly advise against an authenticator pin because if the authenticator is removed your bank may be left defenceless. Using the normal number pin is the best option in my personal opinion.

Avoid using your year or date of birth as your PIN. These are commonly tried by hijackers to access banks.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:28:42 - Last edited on 10-Jun-2015 00:13:01 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Authenticator

The RuneScape Authenticator is a verification utility that stops unrecognised devices logging into your account. Similarly to JAG, it 'registers' a device and will only allow you to log in from authenticated devices. This makes it difficult for hijackers to access your account, in some cases almost impossible, if your email is secure.

Authenticator relies on a secure email address, so if using it, it is highly important that you make use of a secure email provider with two step verification enabled. If your email is hijacked, Authenticator can be removed without any further verification such as security questions. If your email is secure and your computer is also clean, your account won't be accessible to hijackers.

Jagex Account Guardian

JAG, or the Jagex Account Guardian, is a (currently) discontinued feature. It replaced recovery questions, and made it so only whitelisted/authenticated devices could allow your account to log in. It would send you an EMail to add a device requiring that you answer some questions in order to confirm that you are the account owner. Once these are successfully answered, it would whitelist the device you were using for whatever time period you specified.

JAG made account hijacking extremely difficult, (moreso than the authenticator) meaning that the hijacker would have to gain access to the victims email address and then find the answers to their security questions. Hijackers often resorted to malware in an attempt to get around JAG, because they were unable to work out the answers to the questions in a lot of cases.

I personally prefer JAG over authenticator because it requires a far deeper amount of information for a hijacker to remove. You can additionally create answers that cannot be socially engineered for example answering from a characters' view.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:29:12 - Last edited on 15-Aug-2015 21:36:40 by Salubrious

Salubrious

Salubrious

Posts: 9,880 Rune Posts by user Forum Profile RuneMetrics Profile
Trade

If someone has scammed you, you should report them within 60 seconds of the incident occuring. This means that Jagex have the evidence of the situation and they are able to take action.

Sometimes scammers will put a teleport tab in a trade window and ask you to meet their other account or friend in a certain location. They are trying to make you accept the trade with your item in it, meaning they can take your item without you noticing. Always check the second trade window and make sure the wealth transfer isn't imbalanced to avoid these sort of scams.

Avoid item swaps as items can crash below GE values. Their objective is to make you swap your current valuable item for something that isn't worth the shown value, often due to recent updates or changes.

Money doublers don't exist. If they were going to be legitimate they'd just give players money without requiring them to trade certain amounts first. Also be careful for 'doublers' who claim to do 'one trade' exchanges, as they often try to shortchange you. For example, victim puts in 500m. Scammer puts in 100m. Victim accepts, misreading as 1000m.

Luring


Players who want you to follow them to a certain location and object to you banking are generally trying to lure you. Before accepting to help someone with a quest or boss or a video, etc... bank your items. If they complain at you or tell you to withdraw certain items they are probably trying to lure you. Report them for scamming.

If a player wants you to drop an item for a reward, don't do it. If they were going to reward you, they'd just give you the item in the first place.
__.,;'*
,.__
salubrious

force log account
|
account security

31-May-2015 04:30:02 - Last edited on 21-Nov-2016 02:25:45 by Salubrious

Quick find code: 98-99-137-65630390 Back to Top