devtrackers.gg Old School Runescape

Account Scammed


Original Post — Direct link

I have played Runescape for many, many years and have fallen for the most basic scam... Which I used a game website to log into my account. Unfortunately, my heart sank when I couldn't log onto my account as I was already "logged in."

I have posted a support post with Jagex, but has anyone experienced this & how have they dealt with it? Basically lost 500mil... Years of work!

I have since updated my osrs to a new Jagex account; this has obviously given me a new Google authenticator code & changed my password. Is my account safe, or do I need to make any other changes or update anything else?

I really appreciate any advice at all ❤️ really thinking of taking a break, but I hope Jagex can support me in some way!

Update: somehow they are still able to login to my account! It definitely isn't my email address!! I don't know what I am doing wrong! After buying a few bond's to get me going again!!!

External link →
2 months ago - /u/Jagex_Melora - Direct link

Hey u/Unusual_Property_928

Sorry to hear this has happened - hopefully we can get your account properly secured for you now they're back on the account.

Without access to your account, I can't say for sure how the hijackers gained access, but if a hijacker has accessed your account, then the hijack could only be for one of the following reasons:

  • They have significant information about your account which allowed them to recover it and register their own email - upgrading to a Jagex Account will remove the ability to recover your account through the legacy recovery system
  • They have access to your email
  • You've unwillingly provided your login info + authenticator TOTP (phishing/keylogging by the hijacker)
  • You've willingly provided your login info to someone
  • You've been hijacked in the past, the hijacker linked a third party account to your RuneScape character (like Google, Apple, Steam, Facebook etc) and used this link to access your character - I believe this is the most likely based on what you've said.

Next steps would be:

  • Check your email is fully secure and not accessible to another person (I'd suggest 2FA for your email too) I'd also encourage you to review the inbox rules currently in place on your registered email address. If your registered email has been compromised, then a hijacker might have set up 'rules' which will redirect your incoming emails to another email address, meaning you might not be receiving important security information about your account.
  • Be secure with your information and don't use the same password across numerous sites
  • Check your linked third party associations and remove any you do not recognise/secure your own third party associations
  • Check your devices for any malicious software and run regular virus/malware checks
  • Be careful with what links you click and where you're entering your information (more information on how to avoid phishing/scams can be found here)

Hopefully the above information helps to resolve this issue and helps to beef up your security for the future!

← More from Old School Runescape





Recent Old School Runescape Posts

Q&A on Varlamore's Proposed Herblore Activity! | OSRS Q&A Livestream April 25th

3 days ago - Old School RuneScape

(FEEDBACK) Herblore Activity - Varlamore: Part Two

4 days ago - /u/JagexSarnie
Get Discord notifications
OSRS Skill Calculators