Caped Carousers RuneScape's oldest Quest Cape clan

Uncle Arch's Security Corner

This a revised and extended version of a forum thread first created several years ago to provide some useful tips about securing RuneScape accounts, and about online security in general. Many thanks to all the people who have contributed feedback and ideas over that time!

Education is the best single weapon against account hijacking. Therefore, anyone is free to copy this advice to their members via the RS forums, offsite forums or in any other way they see fit. Some attribution would of course be nice, but it's not essential

Some people will say that the measures here verge on paranoia. They are correct - but this is the only chance you have to keep yourself safe. In 20+ years of being online, I have never had a major security breach, despite associating with many highly dubious individuals online and even having (non-RS!) site login/password combinations made public by Anonymous. To me, that suggests that my principles work - but I also recognise that it doesn’t mean such a disaster couldn’t happen tomorrow, which further justifies all the precautions outlined below. 

Please note that anyone seeking help from the Clan Bank to recover from losing control over their account will be required to be familiar with, and following the advice in, this guide before any assistance can be given!

If this looks like a lot of information to take in... you don’t value your account highly enough!

Some of the dangers

It's a dangerous ol' world out there, and if you're not careful, even something simple can lead to your computer being infected with a keylogger or worse. 

  • Visit a website that uses banner ads provided by another company... and there's a risk that an infected banner ad will use a script to infect your computer. This has happened in the past even to respectable Fortune 500 companies, and well-known web portals!
  • Visit an RS-related scam site or gold-selling site... and there's a high risk that the site owner is using scripts to infect your computer. This shouldn't be a surprise - the people who run such sites are criminals (as a minimum they're breaking their contracts with Jagex, and many are involved in international credit card fraud).
  • Use your RS login details on any other website, and there's a danger that either the owner is logging them, or that the site is compromised by a hacker who will steal them. You may trust the site owner... but you have NO WAY of verifying their back-end site security! (This has happened on popular fansites in the past!).
  • Click on a malicious weblink or open a file sent to you by someone else, and there is a risk of infection.
  • Download any software at all, and there's a risk that it carries a malicious payload (heck, even one of NASDAQ's executive tools got hit like this recently...).
  • Your IP address can be revealed by using IRC channels, or through voice chat servers hosted by the dishonest. This in turn can make you vulnerable to Denial of Service attacks and even direct hacking.
  • Even the mainstream software you use - e.g. your browser, operating system, JavaScript or Flash - may itself be compromised by someone discovering a new exploit.

So you need to be careful!

Preventative measures

To help protect yourself, you can do the following:

  • Install a script blocker on your browser, and learn how to use it (NoScript for Firefox/Mozilla is a good example). This will protect you against many dangers and exploits if used properly.
  • Install an advert blocker on your browser, to block malware-infected adverts (e.g. AdBlock Plus for Firefox/Chrome/Opera). [*cough* of course, you'll need to leave the RS site unblocked to stay within the game rules!]
  • Make sure you have a proper antivirus and firewall; learn how to use them, and update them regularly. If possible, choose an antivirus that includes link checkers for popular search engines (e.g. AVG or McAfee).
  • Get some anti-malware software as well, learn how to use it, and update it regularly. MalwareBytes and Spybot Search & Destroy are good examples of this type of software.
  • Keep your operating system fully patched.
  • Set an RS bank PIN!
  • Use the Jagex Authenticator!
  • Don't open mail or other attachments if you don't know what they are, and scan before opening even if you think you *do* know what they are.
  • Don't visit scam sites, RS gold sites etc., even if it's "just to see what they look like". It's an unjustifiable risk.
  • Don't download RS-related software (clients, bots), many are laced with malware.
  • When downloading *any* software, avoid using "Download Now!" options where possible, and use an alternative downloader that you know is safe. Many unrecognized downloaders are laced with adware and/or malware, and will infect your system while downloading what you really wanted.
  • Don't use easy-to-guess passwords, PIN or recovery questions. Make them unique to you.
  • Use different passwords for EVERY site you use! Try to use different login names too.
  • Don't write your passwords down - someone will find them, however secret you think your hiding place is... You have a brain, use it!
  • Change your passwords from time to time (as long as you are SURE you have no infection when you do!)
  • Never give out or use the email address you registered for RS with. Use a disposable address instead. Even if a hacker knows *only* the address, they may guess or brute-force the password.
  • Use e-mail providers known to have strong security, and which use 2-factor (mobile or second e-mail address) identification. Remember: a big name doesn’t always mean better security (Yahoo! Mail is a case in point).
  • Never, ever share pass or recovery question info with anyone else. And make sure they don't use information that you have made available on social networking sites!
  • Your login name and your in-game (screen) name don't have to be the same! Changing your screen name can confuse potential hijackers

What to do if your account is hijacked

Step I: get your account locked

Post your account name in the Account Help forum and get this done! This will also help Jagex staff to investigate, and perhaps find and punish (or even prosecute) the culprit.

Step II: find the security breach

  • Update your antivirus program
  • Update your anti-malware program
  • Come OFFLINE. Restart your computer in SAFE mode. Alternatively, use a bootable USB key which includes scanning tools, from a security vendor - e.g. Kaspersky’s rescue disk or MS Windows Defender Offline.
  • Now run your antivirus and anti-malware detection programs. Use FULL (deep) scans, even though these are slower.
  • Your software may need anti-rootkit scans to be done separately (e.g. in AVG), so check!
  • Use the task manager (press CTRL, ALT and DELETE simultaneously) to identify any remaining unknown processes. There's plenty of information online to help you work out which ones are genuine, and which are fake (even if they look genuine!)
  • If you still didn't find anything, use online antivirus checks such as those provided by Trend Micro, Kaspersky Labs, Symantec, McAfee etc. (remember that some malware can disable or effectively hide from your own antivirus!)
  • Check ALL of your email accounts for possible violations.

Remember - even after a cleanup, if you don’t know how a problem occurred, then there is a high risk of repeat infection.

Step III: recover and re-secure account.

IMPORTANT: only do this once you have identified and removed your problem, or you will just be open to hijacking again!

  • Recover the account if necessary. This is done via e-mail recovery for preference; the alternative manual method is slower.
  • Change the password
  • Get a new bank PIN
  • Reset your recovery questions
  • Change your registered email
  • Change the access details for all your mail accounts and other site logins. You don’t know how many have been compromised along with your RS account.

Step IV: future security

If you have had a security problem, then by definition you DO need to review and improve both the security on your own computer(s), and your computing habits. Re-read all the basic information and make sure you are following best practice.

Losing an account once is careless in the extreme. Losing it twice is just stupid.

On the road... RuneScape away from home

One of the good things about RuneScape is that it is entirely browser based - there's no need to buy and install a copy of the game online or in a shop first. This also means that, in theory, you can log into the game from anywhere you happen to be.

While this is all very wonderful, there are major security issues that need to be considered.

  • When logging in from someone else's computer, you are relying on their security, which may not be good enough. You have no way of telling if someone else's computer is infected with malware, keyloggers etc.
  • Computers in Internet cafes etc. often log all the activity that takes place on them - including logins and/or keystrokes. There is no such thing as a secure public use computer.
  • WiFi connections can *easily* be spoofed in public places by someone looking to steal credit card and website login details from others (it just needs a spoof front page, a laptop and a powerful signal - demonstrated on TV by 'The Real Hustle', where a $3000 fraud took under 45 minutes).
  • Logging in from anywhere near other people increases the risk that they will just see what you type! No extra tech required...

Unless YOU control the security of a computer, it is a risk to trust your login info to it. Simple as that.

Provided courtesy of Archaeox, last updated 02 May 2015