In today’s world, Phishing is known as a cybercrime where a target is contacted by someone who is posing as a legitimate institution only to lure individuals into providing their sensitive data, such as personally identifiable information, banking and credit card details, and passwords.

This information is then used to access important accounts and can result in identity and financial loss.

Phishing scams are not only happening on the outside but also inside MMORPG games like Runescape.

Yes, we’re not even safe in our own little virtual worlds but we have to be aware at all times because these attackers can attack us in ways we could’ve never imagined, just so they could sell OSRS Gold they stole from you.

Let’s go through some of the most common RuneScape phishing scams out there.

Phishing Ads/Websites

Players should never enter their login or private details into any website except for the official Runescape website. So, it is of utmost importance to examine URLs you click and address bars to confirm that the site is official as some sites try to mimic the official ones in both appearance and URL.

These scammers try to lure you in through what players commonly desire, like ‘posing as a Jagex staff member and asking for personal account details as he/she has been considered for a position as a Player Moderator’. This is to aware you that Jagex will never message you in-game and ask you to go to an external website to enter your account details.

Anyone who offers such a position as a player moderator can be reported for impersonating Jagex under rule 5 of the code of conduct. These scammers can also send out fake emails telling players that they have been banned off the Runescape platform and need to log-in to appear their ban.

runescape phishing websites warning

Twitch Phishing Streams

Twitch streams can also contain phishing links, so you’ll always have to be wary of any links you visit on external websites.

One of the common twitch scams is the ‘fake double experience weekend’, where the host links the viewers to phishing sites and get scammed.

These scammers typically impersonate larger channels like OSRS channel, which have a high number of viewers but are almost ‘view bots’; fake viewers that intend to inflate the viewer count so that the stream rises up to the top of the category to seem legitimate.

Players should always check the username of the channel that they wish to watch carefully as no legitimate double XP weekend event has ever taken place in Old School Runescape.

If the domain does not end with runescape.com / jagex.com, or any other official Jagex domain then it is most certainly a scam.

runescape streaming scams

Phishing Password Reset Emails

Phishers sometimes craft emails that seem to be from a genuine service or website like Runescape, requesting that the user should change their password as soon as possible before it expires.

They distribute a malicious link or attachment to extract login credentials and account info directly from the user to gain access to a secured data.

The link takes the user to the actual password reset page and in the background in loads a script that hijacks the user’s session cookies, which then results in XSS attack and open the account to the attacker.

They will send an email, that will ask users to enter the last passwords that they remember which tricks them into doing so and handing over the account access information, the other word for this scam is a password recovery scam.

password reset email for runescape account

Fake RuneLite Client/Google Ads Scam

As we know, RuneLite is a popular and free, open-source, and super-fast client for Old School Runescape which is also supported by Jagex and is safe to use. Scammers often buy ads on google to get the first google search result trying to impersonate legitimate businesses

Once you log in through one of these clients, they try to get remote access and then log into your account to transfer all the goods to one of theirs. These client files are normally larger than the original RuneLite client because of the scripts built into them.

Other phishing clients receive the information directly which is needed to access the account, that is when a player logs into the Runescape platform through the fake client.

Keep in mind this might happen for any website you search on google and scammers often use similar-looking characters such as Greek Ο, Latin O, and Cyrillic О to make the website look legit, so make sure to have websites like Probemas bookmarked on your browser to not fall for this scam.

runelite impostors

Flagged for RWT Scam

This scam is centered around hackers finding your RuneScape player information through leaked databases. Although these databases don’t come directly from Jagex, they can come from forums, clients, and other RuneScape related websites that you’ve registered for.

As a result, the hackers know what your email address is, and can send you an email pretending to be Jagex, claiming that your account is “flagged for Real World Trading”.

In the email, they may ask you to follow a link to “appeal for your account”. You can usually tell these emails are fake by the number of spelling errors, but keep in mind that not every hacker is mentally incapable of typing without mistakes.

runescape rwt scam signs

Most of the time, this is a link to a fake website that records your details once you’ve signed in, and from there – the scammers have access to your account!

So remember, Jagex will NEVER message you claiming that you’ve been flagged for RWT, evidently stated on the official website. If you encounter such an email in your inbox, don’t interact with it and delete it!

Have you unfortunately fallen victim to one of these phishing scams, and need to rebuild your bank quickly? We’ve been selling cheap RS gold for years, so head over to our Buy OSRS Gold page now.

The main reason for phishing attacks to be successful is because they target human natural responses. It is very important to strengthen that firewall by implementing countermeasures needed to be safe from such phishers.

Phishing schemes can be conducted through any of the above ways and many more as these phishers are becoming smarter by the day.

It is recommended to use different passwords for every online account made on a website as stealing the credentials on one site can actually have wider consequences than you can ever imagine. Stay safe!

Need help with your OSRS account? Join our Discord server and we'll be more than happy to help you on your RuneScape journey and get the chance to interact with thousands of other OSRS players all over the world.

Related Posts:


Last Updated: 01/31/2021

5 RuneScape Phishing Scams That You Must Be Aware Of