This Runescape phishing scam could leave you seriously out of pocket TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. This Runescape phishing scam could leave you seriously out of pocket By Sead Fadilpašić published 2 June 2022 Runescape players targeted for their valuables (Image credit: Jagex) Audio player loading… Naive Runescape players are being targeted by a dangerous phishing (opens in new tab) scam that targets their in-game valuables.. Cybersecurity researchers from Malwarebytes have spotted a brand new phishing campaign that starts with an email to Runescape players, pretending to be from Jagex support, the company that built, and maintains the game. In the email, the victim is warned that the email address associated with the account was changed. (opens in new tab) Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99. Stealing virtual belongings The email also says that while the username and the password (opens in new tab) for the game haven't been changed (this is essential, we'll get back to this a bit later), the change of the email means that any future changes to the credentials will go to the new address. Further down in the email, the victims are provided with a button and a link, via which they can cancel the change. At the provided address, they'll find a phishing site that looks almost identical to the legitimate Runescape login site, and whose domain is as close to the legit portal as it can be. There, they can log in using their credentials (which haven't been changed, remember?). Once they try to log in, the data is automatically sent to a Discord channel owned by the crooks. Read more> Phishing attacks hit more businesses than ever last year (opens in new tab) > These companies are the most impersonated in email phishing campaigns (opens in new tab) > LinkedIn is becoming a paradise for phishing attacks (opens in new tab) But that's not all. The attackers have also come up with an "additional security measure". After entering the login credentials, the users are also required to enter their in-game bank PIN number. And that's where the real pain starts. Runescape is a massively multiplayer online role-playing game, more than two decades old, and free to play. In it, players can obtain rare items, either through hard grinding, or through purchases - using real cash. They can store these valuables in their in-game bank, and even though it might sound silly to some, these accounts can grow to thousands of dollars in value. If the attackers get their hands on the login credentials, and the in-game bank PIN, they can easily log into the account from their endpoint (opens in new tab), transfer these valuables to another account, where they can sell them to a third party for real cash. As usual, users are warned to always be wary of any incoming emails, especially those carrying links and attachments. Keep track of incoming and outgoing traffic with the best firewalls around (opens in new tab) Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2iPhone 15 tipped to come with an upgraded 5G chip3If this feature succeeds for Modern Warfare 2, Microsoft can't ignore it4Apple October launches: the new devices we might see this month5The Rings of Power episode 8 trailer feels like one big Sauron misdirect Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)