Jump to content
View in the app

A better way to browse. Learn more.
OSBot :: 2007 OSRS Botting

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Receive a suspicious PM? DO NOT CLICK!

  •
Whopper
in Archive

Featured Replies

Recently I've received a suspicious PM linking to a short link claiming to be a poll regarding a G.E. update. I'm not 100% certain, however, I'd advise strongly against clicking the link. Here's a picture of what the PM may look like:

 

mega8w9.png

The user has been banned, please everyone be careful and take caution if anyone links you to the Runescape website.

so im keylogged ?

 

No, it's a phishing link.

If you go to the site, and then input your information, you basically send them your login email & password.

Pretty obvious/common knowledge that most links posted to RS by random users asking you to log are are phishing links.

Clicking them alone almost never does any harm, but allowing anything to run/entering in account details is what will get you hacked.

You don't need to "decode" (inspect element) the source to figure out it is a phishing link. You can just examine the URL

 

Usually, you are safe if you see https://, which stands for SSL, as valid SSL certificates don't get handed out randomly. However, this time, even though the attacker has a valid SSL certificate, you can easily look at the URL to determine if it is actually owned by Jagex. If not, you can check Google Chrome to see.

 

First off, and this way is the easiest, you can use Google Chrome to check if you have ever visited the website before. If it is SSL, you can click on the little lock icon, and select Connection like so

 

uEEZ87D.png

 

It tells you the first time you have ever visited this website. Mine shows up as March 5th, because I've seen this phishing site before. However, if you regularly visit RuneScape's website, the date should not be recent. Alarm bells should go off in your head if you see this.

 

 

Another way is to examine the URL. Jagex owns the domain "runescape.com". For simplicity's sake, we're going to assume that means *.runescape.com, where the * stands for any word

 

That means ONLY domains ending in runescape.com (e.g. oldschool.runescape.com, or w35.runescape.com) are sites that Jagex owns. If you take the URL used in this example, you see "oldschool.runescape.com.rs.co.vu" Although the domain CONTAINS runescape.com, it does not END with the .com! ( You can safely ignore everything after a / or ? when determining a website's domain)

 

We can look at the domain that was used to attempt to phish me as well... "secure.runeuscape.com". It looks very, very similar. However, check it out again... "secure.runeUscape.com"! The phisher swapped out the e for a u.

 

All in all, be wary of posts like this

    •
    • Like 1
    • Author

    You don't need to "decode" (inspect element) the source to figure out it is a phishing link. You can just examine the URL

     

    Usually, you are safe if you see https://, which stands for SSL, as valid SSL certificates don't get handed out randomly. However, this time, even though the attacker has a valid SSL certificate, you can easily look at the URL to determine if it is actually owned by Jagex. If not, you can check Google Chrome to see.

     

    First off, and this way is the easiest, you can use Google Chrome to check if you have ever visited the website before. If it is SSL, you can click on the little lock icon, and select Connection like so

     

    uEEZ87D.png

     

    It tells you the first time you have ever visited this website. Mine shows up as March 5th, because I've seen this phishing site before. However, if you regularly visit RuneScape's website, the date should not be recent. Alarm bells should go off in your head if you see this.

     

     

    Another way is to examine the URL. Jagex owns the domain "runescape.com". For simplicity's sake, we're going to assume that means *.runescape.com, where the * stands for any word

     

    That means ONLY domains ending in runescape.com (e.g. oldschool.runescape.com, or w35.runescape.com) are sites that Jagex owns. If you take the URL used in this example, you see "oldschool.runescape.com.rs.co.vu" Although the domain CONTAINS runescape.com, it does not END with the .com! ( You can safely ignore everything after a / or ? when determining a website's domain)

     

    We can look at the domain that was used to attempt to phish me as well... "secure.runeuscape.com". It looks very, very similar. However, check it out again... "secure.runeUscape.com"! The phisher swapped out the e for a u.

     

    All in all, be wary of posts like this

    Very true, and nice in-depth explanation. :) I generally inspect the elements for the hell of it - it's always fun to see what they're using. 

    You don't need to "decode" (inspect element) the source to figure out it is a phishing link. You can just examine the URL

     

    Usually, you are safe if you see https://, which stands for SSL, as valid SSL certificates don't get handed out randomly. However, this time, even though the attacker has a valid SSL certificate, you can easily look at the URL to determine if it is actually owned by Jagex. If not, you can check Google Chrome to see.

     

    First off, and this way is the easiest, you can use Google Chrome to check if you have ever visited the website before. If it is SSL, you can click on the little lock icon, and select Connection like so

     

    uEEZ87D.png

     

    It tells you the first time you have ever visited this website. Mine shows up as March 5th, because I've seen this phishing site before. However, if you regularly visit RuneScape's website, the date should not be recent. Alarm bells should go off in your head if you see this.

     

     

    Another way is to examine the URL. Jagex owns the domain "runescape.com". For simplicity's sake, we're going to assume that means *.runescape.com, where the * stands for any word

     

    That means ONLY domains ending in runescape.com (e.g. oldschool.runescape.com, or w35.runescape.com) are sites that Jagex owns. If you take the URL used in this example, you see "oldschool.runescape.com.rs.co.vu" Although the domain CONTAINS runescape.com, it does not END with the .com! ( You can safely ignore everything after a / or ? when determining a website's domain)

     

    We can look at the domain that was used to attempt to phish me as well... "secure.runeuscape.com". It looks very, very similar. However, check it out again... "secure.runeUscape.com"! The phisher swapped out the e for a u.

     

    All in all, be wary of posts like this

    thanks

    the runuscape kinda gives it away, what a dumbass.
    Go to topic listing

    Recently Browsing 0

    • No registered users viewing this page.

    Account

    Navigation

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.