<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://wiki.darkan.org/index.php?action=history&amp;feed=atom&amp;title=Scams%2FPassword_scams</id>
	<title>Scams/Password scams - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://wiki.darkan.org/index.php?action=history&amp;feed=atom&amp;title=Scams%2FPassword_scams"/>
	<link rel="alternate" type="text/html" href="https://wiki.darkan.org/index.php?title=Scams/Password_scams&amp;action=history"/>
	<updated>2026-07-18T14:31:20Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.46.0</generator>
	<entry>
		<id>https://wiki.darkan.org/index.php?title=Scams/Password_scams&amp;diff=84134&amp;oldid=prev</id>
		<title>imported&gt;RSJoke: Removed fmod crown as it no longer exists, and changed it to green background and &#039;forum mod&#039; title.</title>
		<link rel="alternate" type="text/html" href="https://wiki.darkan.org/index.php?title=Scams/Password_scams&amp;diff=84134&amp;oldid=prev"/>
		<updated>2012-09-19T07:44:18Z</updated>

		<summary type="html">&lt;p&gt;Removed fmod crown as it no longer exists, and changed it to green background and &amp;#039;forum mod&amp;#039; title.&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;&amp;#039;&amp;#039;&amp;#039;Password scams&amp;#039;&amp;#039;&amp;#039; are a subset of scams where a player attempts to get their victim to trust the player with or mistakenly leak their password. Asking another player for their password, or attempting to get it in any form, is a direct violation of Jagex&amp;#039;s [[Rules of RuneScape]] and sharing accounts is as well. &lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;This page is not intended to promote or advertise scamming in any form; its sole purpose is to inform players of any possible scams to help keep their account safe and secure.&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
&lt;br /&gt;
====Recovery question scams====&lt;br /&gt;
[[Scammer]]s may also try to trick players into unknowingly giving their [[recovery answer]]s. While players are prohibited from asking the default recovery questions in the [[forums]], it is a [[Code of Conduct|forum only rule]].&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested actions:&amp;#039;&amp;#039;&amp;#039; Report the player for asking for or providing contact information such as full names, ages, postal or email addresses, telephone numbers, or bank details, under the security category. The best way to make this scam ineffective is have the answer not even related to the question (or to simply ignore the scammer in the first place.)&lt;br /&gt;
&lt;br /&gt;
====Befriend and trade Scam====&lt;br /&gt;
A player befriends another in attempt to gain trust and eventually trick them in giving his or her password.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested Actions: &amp;#039;&amp;#039;&amp;#039;Defriend him/her in RuneScape and avoid him/her in real life, change your password, and report him/her for item scamming.&lt;br /&gt;
&lt;br /&gt;
====Password Change Trick====&lt;br /&gt;
Some players trick others by telling them to change their password to a &amp;quot;code&amp;quot; that will give them money and a lot of it.&lt;br /&gt;
&lt;br /&gt;
What actually happens: The player ends up changing your password while logged in using another window. When you log off the player then quickly logs in using another trick called Multiple logging in.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested Action:&amp;#039;&amp;#039;&amp;#039; Report the player for password scamming.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Note:&amp;#039;&amp;#039;&amp;#039; Since the introduction of the Lobby, Multiple logging in is no longer possible. However, this doesn&amp;#039;t make losing your password any less dangerous.&lt;br /&gt;
&lt;br /&gt;
====Password censoring scam====&lt;br /&gt;
Previously, &amp;#039;&amp;#039;RuneScape&amp;#039;&amp;#039; did not censor players&amp;#039; passwords (this would give away passwords like &amp;quot;rune axe&amp;quot; for example). Some players would trick others into thinking otherwise, and then look for any text that may resemble a password. As of [[April 24]] [[2007]], Jagex changed the system so that sentences which contain a player&amp;#039;s exact password or a large portion of it would not show up, although it only blocks the exact text of their password, and would still be visible to scammers if typed incorrectly, but this method is rarely used today. However, password scamming still occurs on &amp;#039;&amp;#039;RuneScape&amp;#039;&amp;#039; and [[RuneScape Classic|&amp;#039;&amp;#039;RuneScape Classic&amp;#039;&amp;#039;]]. Scammers may also say that if you type your password backwards, it will still be censored (such scammers use phrases like: &amp;quot;w00t! jagex won&amp;#039;t let you spell your password backwards!&amp;quot;) . That is not true, your password will be shown and the scammer will know your password.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested action:&amp;#039;&amp;#039;&amp;#039; Players should report under [[password scamming]] Passwords are NOT blocked on &amp;#039;&amp;#039;RuneScape Classic&amp;#039;&amp;#039;, so people just asking for people to post their unchanged passwords can still be reported there. Since your password is indeed censored (save for [[RuneScape Classic]], it is not reportable unless the scammer tells you to misspell your password or spell it backwards.&lt;br /&gt;
&lt;br /&gt;
====Account trades and transfers====&lt;br /&gt;
Not only is transferring accounts against Jagex&amp;#039;s rules, it is extremely risky. The player may take the other player&amp;#039;s money and never give him/her the password. Even if the player receives the account and changes the password, the original owner can take it back using the [[recovery questions]]. Additionally, some players may give you a high-level account, in hopes that you&amp;#039;ll transfer your items to it. The scammer can then recover the account, and take any items that you may have placed on it.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested actions:&amp;#039;&amp;#039;&amp;#039; Report the player for buying, selling or sharing an account. If you see accounts being sold on other web sites, send Jagex a link to that site via a Customer Support query. Accounts being sold on eBay no longer need to be reported, as Jagex is now checking that regularly themselves.&lt;br /&gt;
&lt;br /&gt;
====Fake RuneScape websites====&lt;br /&gt;
{{redirect3|Fake|For the RSW policy on &amp;#039;fake&amp;#039; creations, see [[RuneScape:Non-existent item policy|RS:NIP]]}}&lt;br /&gt;
&lt;br /&gt;
Some players will make sites that look similar to the real &amp;#039;&amp;#039;RuneScape&amp;#039;&amp;#039; site, and offer [[moderator]] applications, beta access to &amp;quot;Runescape 3&amp;quot;, or entry into contests. In reality, these sites would collect your password and may present you with a fake error message when you enter your information.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;gallery position=&amp;quot;center&amp;quot;&amp;gt;&lt;br /&gt;
scam_website.png|This is a scam website. This WILL steal your password.&lt;br /&gt;
scam_website_2.png|Here is an example scam login screen. Attempting to log in with your REAL username or password will result in you account being stolen. DO NOT FALL FOR THIS!&lt;br /&gt;
scam_website_3.png|This is what happens when you log in regardless of what username and password you use. (You will log in no matter what account information you enter)&lt;br /&gt;
&amp;lt;/gallery&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested actions:&amp;#039;&amp;#039;&amp;#039; You should &amp;#039;&amp;#039;&amp;#039;NEVER&amp;#039;&amp;#039;&amp;#039; enter your &amp;#039;&amp;#039;RuneScape&amp;#039;&amp;#039; password into any site other than the official Jagex Ltd. sites, whose domains are &amp;lt;tt&amp;gt;jagex.com, runescape.com, funorb.com, waroflegends.jagex.com (or just waroflegends.com), stellardawn.com, and 8realms.com.&amp;lt;/tt&amp;gt; Familiarise yourself with the ways domain names can be faked. You should avoid even visiting fake sites, as some may exploit vulnerabilities and may make your computer run a [[Wikipedia:Computer worm|Worm]] or [[Wikipedia:Trojan horse (computing)|Trojan]] when you visit the site. Finally, you should report the site to [[Jagex]] via [[customer support]] after you put your information into the fake login it will not work and you will most likely say to the scammer it didn&amp;#039;t work, he will tell you you have to be logged out. &amp;#039;&amp;#039;&amp;#039;DO NOT LOG OUT! IF YOU DO, YOUR RECOVERY QUESTIONS AND E-MAIL ADDRESS MAY BE CHANGED! &amp;#039;&amp;#039;&amp;#039;Do not enter your password anywhere except for where it says jagex limited in your browser bar.&lt;br /&gt;
&lt;br /&gt;
====E-mail scam====&lt;br /&gt;
[[File:Email filters.png|thumb|An example of filters that can be set to reduce opening scam letters.]]&lt;br /&gt;
This usually happens on other websites, such as forums or blogs. The player will make an e-mail address and claim that it is an e-mail address that will send you another member&amp;#039;s password, make you a free member, give you 99 billion coins, etc.&lt;br /&gt;
&lt;br /&gt;
Any e-mails from Jagex will always have a web address of &amp;quot;email.runescape.com&amp;quot;. (Example: The [[RuneScape Courier]] comes from [mailto:new@email.runescape.com new@email.runescape.com].) However, aside from membership receipts, updates for your membership loyalty points, and the RuneScape Courier, Jagex no longer sends e-mail to players.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested actions:&amp;#039;&amp;#039;&amp;#039; Report the e-mail to Jagex via customer support ([mailto:reportphishing@jagex.com reportphishing@jagex.com]) and delete it. When reporting the e-mail to Jagex, try to include the header information. If possible, block the user from sending you any more e-mails. To prevent scammers from harvesting your e-mail address, try to set it to &amp;quot;hidden&amp;quot; on Internet forums.&lt;br /&gt;
&lt;br /&gt;
====Cheat program scam====&lt;br /&gt;
Some scammers will offer programs that claim to make &amp;#039;&amp;#039;RuneScape&amp;#039;&amp;#039; easier, but they will actually either steal your password or result in your account getting [[banned]]. This is one reason that Jagex discourages use of toolkits. However, Jagex has confirmed Swiftkit to be a legitimate toolkit that will not steal your information, and Jagex has also produced a program that opens up Runescape directly from your desktop.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested action:&amp;#039;&amp;#039;&amp;#039; Do not use toolkits. Sometimes, your computer can get a keylogger just from visiting these sites, so make sure that your computer has an anti-virus program, and that it is up-to-date. Do not report other players for using these unless they openly admit it during [[chat]].&lt;br /&gt;
&lt;br /&gt;
====Advert scams====&lt;br /&gt;
Some &amp;#039;&amp;#039;RuneScape&amp;#039;&amp;#039; [[fan site]]s (or even fan wikis for that matter) , even the most reputable ones, may display ads that encourage cheating or [[real-world trading]]. Often, the administrators of fan sites do not have control over the ads, which are served by an advertising company. Some other ads may offer money-making &amp;quot;[[guides]]&amp;quot; that are no different from the ones offered for free on forums.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested actions:&amp;#039;&amp;#039;&amp;#039; Report the ads to the administrators anyway under the advertising websites in the security section of the rules. The administrator may, in turn, send complaints to the advertising company. Sometimes, the advertised website is found near the advert. In this case, members or qualifying free players can [http://forum.runescape.com/forums.ws?103,104,8,58548663 report the website via forums].&lt;br /&gt;
&lt;br /&gt;
====Jagex staff impersonation scam====&lt;br /&gt;
&lt;br /&gt;
Players who do not have gold crowns [[File:Jmod crown.png]] in front of the player&amp;#039;s names are &amp;lt;u&amp;gt;&amp;#039;&amp;#039;&amp;#039;NOT&amp;#039;&amp;#039;&amp;#039;&amp;lt;/u&amp;gt; [[Jagex staff]]. Instead, Jagex mods are named &amp;quot;Mod &amp;lt;nowiki&amp;gt;_____&amp;lt;/nowiki&amp;gt;&amp;quot;, except for [[Andrew]], [[Paul]] and [[Ian Gower]], the founders of Jagex.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Jagex staff will NEVER ask for your [[password]], [[bank PIN]] or [[personal details]].&amp;#039;&amp;#039;&amp;#039; Any player who has a silver crown [[File:PMod crown.png]] next to the player&amp;#039;s name is a [[player moderators|player moderator]], and any player with a green background and &amp;quot;Forum Mod&amp;quot; displayed under their avatar on the forums is a [[Forum Moderator]]. Anyone who claims to be a moderator but has no crown showing, should be reported for [[Jagex staff impersonation]], under the [[honour]] category. This applies to anyone, even if you know the player is a moderator on a different account. It is against the rules for anyone, even moderators, to claim to be a moderator or claim to have moderator powers when no crown is showing to the left of the name. For more information see the [[Moderator]] guide.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested actions:&amp;#039;&amp;#039;&amp;#039; Report the player immediately for scamming in the honour category. Real Jagex staff will never ask for a player&amp;#039;s password because they don&amp;#039;t need your password to access your account as they already have the password.&lt;br /&gt;
&lt;br /&gt;
===Link Phishing===&lt;br /&gt;
One of the easiest ways to accidentally stumble onto a fake Runescape site is through visiting fansites. Most forums allow anyone who registers the ability to mask their link behind an alternative display text through BBCode. Phishers will abuse this feature by posting or pming an innocent looking message with their malicious link hidden behind what appears to be a legitimately safe link.&lt;br /&gt;
&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Suggested Action: &amp;#039;&amp;#039;&amp;#039;Always be careful when browsing the web, even on fansites. Modern browsers allow you to see where a link leads to if you hover your mouse over it before clicking. If you receive a pm from someone you don&amp;#039;t know with a link inside, do not trust it. If you do accidentally click on a link, close out the window and run a scan immediately.&lt;br /&gt;
[[Category:Guides]]&lt;br /&gt;
[[Category:Rules and Regulations]]&lt;br /&gt;
[[Category:Community]]&lt;/div&gt;</summary>
		<author><name>imported&gt;RSJoke</name></author>
	</entry>
</feed>