Naive Runescape players are targeted for dangerous phishing (Opens in a new tab) A scam aimed at valuables in the game.
Malwarebytes cybersecurity researchers have discovered a whole new phishing campaign that begins with an email to the Runescape player, pretending to be from Jagex support building and maintaining the game.
Email alerts the victim that the email address associated with the account has changed.
Steal virtual belongings
The email will include your username and password (Opens in a new tab) Since the game hasn’t changed (this is required, I’ll explain later), email changes mean that future changes to the credentials will be sent to the new address.
Further below the email, victims are provided with buttons and links through which they can cancel their changes. At the address provided, you can find a phishing site that looks much like a legitimate Runescape login site and whose domain is as close as possible to the legitimate portal.
There, they can log in using their credentials (not changed, remember?). When you try to log in, the data is automatically sent to the Discord channel owned by the scammer.
But that’s not all. The attacker also came up with “additional security measures”. After entering the login credentials, the user must also enter the in-game bank PIN number. And from there the real pain begins.
Runescape is a large multiplayer online role-playing game over 20 years old that you can play for free. Among them, players can use Real Cash to obtain rare items through hard grinds or purchases. They can store these valuables in an in-game bank, which may sound ridiculous to some, but these accounts can grow to a value of thousands of dollars. there is.
If the attacker obtains login credentials and an in-game bank PIN, the attacker can easily log in to their account from the endpoint. (Opens in a new tab)You can transfer these valuables to another account, where you can sell them in cash to a third party.
As always, users are always warned to pay particular attention to incoming emails that contain links and attachments.
Watch the video here: This Runescape phishing scam can take you seriously out of your pocket
