Mod_Stevew

Hey,

First off I'm sorry to hear you had this experience in game, while Telos is still a long way off for me to even consider, I can understand the frustration that streak breaks can cause.

In terms of your support experience, you have submitted an email to the 'tip off' address. The purpose of that address is to provide us with information that may be useful for improvement opportunities or investigations. It's well suited to let us know about scams, hijacks and similar - and works well as a source of information and evidence for us to tackle these sort of incidents in future. As it is intended as a 'tip off' service you won't get a reply from the staff who monitor those emails, instead their time is used on reacting to the tip offs, identifying trends and investigations.

That said, we know that people expect a response if they send an email, so we do fire back an automated response so you can be sure your email has been received, and that response does als...

Just to clarify the VPN point - there is no issue at all with people using VPN's, and of course people do go on vacation, relocate for college, move home etc. - I was not trying to imply that these sort of moves cause us any concern.

When reviewing this case, the extensive logs ins from various countries just formed part of my assessment of the history of the account, it was also worth noting that all game play was fairly static, but the country variations only applied to web log ins.

It was a contextual observation, and I probably should have used the word 'unusual' rather then 'suspicious' - apologies if I unnerved any VPN users, sleep easy and 'Scape on, your use of VPN is not a concern :)

Just to clarify the VPN point - there is no issue at all with people using VPN's, and of course people do go on vacation, relocate for college, move home etc. - I was not trying to imply that these sort of moves cause us any concern.

When reviewing this case, the extensive logs ins from various countries just formed part of my assessment of the history of the account, it was also worth noting that all game play was fairly static, but the country variations only applied to web log ins.

It was a contextual observation, and I probably should have used the word 'unusual' rather then 'suspicious' - apologies if I unnerved any VPN users, sleep easy and 'Scape on, your use of VPN is not a concern :)

Would you prefer we just ignored it? The user did contact support in the recommended way and we dealt with it in 19 minutes.

That is possible, if they also have a lot of info about the account. That is why I used a mixed voice in my comment, and stopped short of blatantly calling it.

I'm sorry to hear you've had this experience, the wealth that has been removed is not lost on me and I do genuinely appreciate the impact of this hijacking.

That said, there is significant evidence that you have been lapse with your account security. For a start, there have been web log ins on your account from 9 various different countries going back to at least 2015. These log ins cross over a number of password changes by the account owner, so it's not a simple case of one password being known, even when the owner changes the pass other countries are still logging in. You could be well travelled, or have a habit of using various VPN's on web access only - but I have to say it looks suspicious.

When you were 'hijacked' the 'hijacker' knew your log in and password, they also knew your recovery email address and the password for that and any 2FA you had on the email address. The account wasn't a malicious recovery via Jagex, the hijacker simply knew the details.

By that definition, every account would be banned and nobody would be playing ... errrm

Hey,

On face value it does look like our support team have responded to a gold seller. However, if you dig a little deeper it does make sense. The user has chosen a Twitter handle that implies they sell gold, we don't know if they do, it could be a joke - who knows?

What we do know is that the account posed a serious question and it seemed like they needed help. We had 2 choices here, ignore the message and risk someone not getting the help they need, or reply with the best advice and assume the handle naming was not serious. Certainly to pre-judge the user based on handle naming alone seems unfair - so we chose to offer the advice needed.

For clarity the original tweets (2) to us were:

"hey, needing help with unpaid balance, my account was recently taken over and it happened a few times in the past month but when I virus scan and even delete files I still don't know about I'm still getting screwed over and now I've received numerous emails sayi...

Update: I was notified just before 3am today that the player we were concerned about had logged in again - a good indication that he/she is safe :)

It is monitored 24/7.

That is the right route, response time for review on those reports is a few minutes

Happy to help. I haven't heard back from the Police although it is common to not hear anything further. I have supplied them with all the info they need, although I am guessing they will need the cooperation of the ISP in the US to identify the user, unless the UK owner is able to identify them.

Having read the full chat logs, the good news is that I don't think the person is at great risk, as there is some additional context in their full chat logs that you won't have seen which is a bit more positive. That said, we obviously want to make sure all is well.

We've also sent some professional wellbeing advice and offers to access professional support channels in a message to the accounts inbox.

I've made arrangements for our law contact email channel to be checked every 10 minutes or so over the next 5 hours, just in case the Police get in touch - I also have someone refreshing game access logs to see if the person identified logs in again/reads the concern me...

OK I can update on this - we received the report in game at 07:16 UK time this morning, it was risk assessed and escalated at 07:52.

The account belongs to a UK user but the incident relates to an American user the account is shared with, and we are now working with the UK and American Police to arrange a welfare intervention check.

We have 3 people working on this trying to identify the details of the person we are concerned about.

OP - if you have any information that may help us identify who the person is please do email [email protected] urgently.

Hey

Did you report this incident in game ? If you did we will already be aware of it. If you didn't please call your local Police to report it. Tell them they can contact us for details on the player and chat logs if they need them by emailing [email protected], we will respond within a few minutes of receiving a genuine request.

You can also send your account name and the account name of the person who may be at risk to that email address in this situation.

Thanks

Also while Jagex responded they somehow forgot to mention how the hijacker bypassed the pin. Hmmmmm.

I can't tell that, I can say that the hijacker had not logged in days before and begun a cool down, so they knew the PIN on the day they gained access, whether it was shown on stream, guessed, I don't know .. the info I can see on PINs is very limited

I wasnt allowed to recover simply because the account wasn't registered by myself

Unless I've misunderstood you, that is exactly how it should work, if you are not the account creator, you have no claim on the account?

The cleaning of the account should ensure that malicious recovery is not possible again. If there is anything we can do to try and put a smile back on your face just let me know. I have added 1 month of membership to your account free of charge, I didn't mention that in my first post as I didn't want people to think I was attributing that value to your loss and I thought it would be a small 'pick me up surprise' for when you next log in.

Hi,

I've had a chance to look into this unfortunate situation. The first thing to get straight is that this has absolutely nothing to do with any staff misconduct or similar. This situation was caused by a very persistent, motivated person who was set on gaining access to the account.

They have obtained various pieces of key information relating to the account, likely over a period of several months, sufficient to submit a credible recovery request. Information included log in, creation date, creation ISP, creation location, postal code and some passwords - with some of this information stretching back over a number of years.

This person also attempted to mask the location that they were submitting the request from and make it appear that it was being submitted from the owners location. That doesn't fully work and we are able to spot it, but it does also mean that the owners location is known, as the hijacker knows where to try and make the request appear ...

ok all sorted you just need to set a new pass

OK I meant is the account a member rather than game access from a Bond - anyway ping me the account name and I'll take a look