Naive Runescape players are being targeted by a dangerous phishing (opens in new tab) scam that targets their in-game valuables..
Cybersecurity researchers from Malwarebytes have spotted a brand new phishing campaign that starts with an email to Runescape players, pretending to be from Jagex support, the company that built, and maintains the game.
In the email, the victim is warned that the email address associated with the account was changed.
Stealing virtual belongings
The email also says that while the username and the password (opens in new tab) for the game haven’t been changed (this is essential, we’ll get back to this a bit later), the change of the email means that any future changes to the credentials will go to the new address.
Further down in the email, the victims are provided with a button and a link, via which they can cancel the change. At the provided address, they’ll find a phishing site that looks almost identical to the legitimate Runescape login site, and whose domain is as close to the legit portal as it can be.
There, they can log in using their credentials (which haven’t been changed, remember?). Once they try to log in, the data is automatically sent to a Discord channel owned by the crooks.
But that’s not all. The attackers have also come up with an “additional security measure”. After entering the login credentials, the users are also required to enter their in-game bank PIN number. And that’s where the real pain starts.
Runescape…
