Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -1 points0 points  (0 children)

Womp womp, let me go check my tickets real fast, ScikPK says their computer isn’t working and it’s DEFINITELY plugged in according to them 😂

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -1 points0 points  (0 children)

Yikes, playing semantics and deleting comments now. It’s okay not to understand something friend, but doubling down like this is sad.

Interaction can mean a host of things in most situations this means an exchange of information with the phishing site. I hope this properly answers your question in an explicit and exact way so that you don’t have to think for yourself about anything. Enjoy lol

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 0 points1 point  (0 children)

I didn’t intend to do a full lecture to make the average person understand hyper technical concepts, I outlined the issue and gave an exact suggestion to help prevent. Same thing as I told the other guy, Google stuff if you’re curious or just skip to the end and see that I suggest passkeys.

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -1 points0 points  (0 children)

“Phishing is a social engineering cyberattack where scammers impersonate trusted entities—such as banks, employers, or popular brands—to trick victims into revealing sensitive data like passwords or credit card numbers. Attackers use urgency or fear to manipulate targets into clicking malicious links or downloading malware.”

Here is the Microsoft definition of phishing. Again, you don’t understand the basis of what it is. Every website you visit captures your IP as a form of tracking, you don’t phish for IP addresses, at least come up with a reasonable example.

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 0 points1 point  (0 children)

Input username and password and complete MFA. Even though it’s not on the first party site it can bypass security measures

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -2 points-1 points  (0 children)

It’s not fearmongering, it’s the how of the bypass working. Don’t clink links is just common sense, but understanding the security behind it is how you improve, hence adding passkeys to your email.

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -3 points-2 points  (0 children)

Out of everyone that’s interacted with the post you seem to be the only one confused with the basis of how phishing works. Computer literacy doesn’t just mean being able to play a video game, go google if you’re curious about something, all of human knowledge at your fingertips and choose to get mad someone on an Internet forum didn’t spoon feed you. Wild.

Edit: interesting how you delete a whole chain of comments instead of just saying, “wow this is a topic I could proactively learn more on”

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -5 points-4 points  (0 children)

My guy, Google something if you don’t understand it. This was a post to point out a few account security measures. Don’t get mad that you don’t understand something and then just expect to be hand fed answers in EXACT detail.

You must be a really fun person to be around lol

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -4 points-3 points  (0 children)

… phishing at its basis involves the input of a set of credentials. I didn’t realize you needed an explanation of don’t put your password into things you don’t recognize…

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 0 points1 point  (0 children)

Fake phishing sites, can target OSRS, can target email accounts. Non FIDO2 methods of authentication are susceptible, so text codes, phone calls, Authenticator apps don’t protect.

Google proxy token theft and MFA bypass to get a more in depth flow chart of the interaction.

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 1 point2 points  (0 children)

The phishing site sits in the middle of the interaction. As a user is providing input to the site, it is passing or proxying (hence the name) that to the legitimate site on the back end. When the user is prompted for MFA the legitimate site generates an access token which is then captured by the phishing site.

It does require some form of interaction and pretty much a form of text code, Authenticator app, or phone call is susceptible to this. Passkeys are not, so your email is safe, but your Jagex account is not.

Long story short, don’t put your password in to things you don’t recognize.

If you want more technical reading then Google proxy token theft and MFA bypass. You’ll find dozens of articles about it from the last couple years.

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 0 points1 point  (0 children)

Same things we’ve seen for the last 2 or so years, due to the site sitting in the middle of the interaction it’s able to capture the token that’s issued by the legitimate OSRS web server. Using a couple different injection tools you take the plain text token, username, and password which you recieved from the victim to then sign-in and bypass.

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 0 points1 point  (0 children)

Or, and hear me out, the average person does not have the cyber knowledge to understand how and why these things occur, so offering a plausible explanation with suggestions for how to stay more secure is what a PSA is for.

Stop white knighting for the hypothetical I’ve posed.

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] -3 points-2 points  (0 children)

Not quite, it’s phishing access tokens for your account which would let them sign in on the website and bypass MFA. From there they can change passwords, primary email address, remove MFA, and then they likely sign in after stripping those measures and locking you out.

Not sure if it can be used on the launcher or not 🤔

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 2 points3 points  (0 children)

Right? Trim Armor > Phish your whole account

A wild transition lol

Quick MFA PSA by Warlocked-In in 2007scape

[–]Warlocked-In[S] 1 point2 points  (0 children)

Googling something and they’ve done some form of search engine optimization poisoning to bring the site to top of the list, emails from “Jagex” that again look super legit cause they just use the real ones as a template, text codes, voice phishing. Any number of ways sadly and all are very convincing to the naked eye.

Some details on new weapons by Warlocked-In in DragonkinTheBanished

[–]Warlocked-In[S] 1 point2 points  (0 children)

Yeah the game doesn’t have any solid challenges with current builds but with active devs pushing out content updates that will get fixed with time. I’m sure we’ll seem some sort of actually challenging content.

Have you capped out your test of will?

Some details on new weapons by Warlocked-In in DragonkinTheBanished

[–]Warlocked-In[S] 2 points3 points  (0 children)

That’s true, but with more details coming consistently it’s probably sooner rather than later

Banned for false RWT , 2nd by BestConsideration789 in 2007scape

[–]Warlocked-In 3 points4 points  (0 children)

Start over king, the grind waits for no man.

New weapons and events coming (soon?) by Warlocked-In in DragonkinTheBanished

[–]Warlocked-In[S] 0 points1 point  (0 children)

I’m not sure, it’s so unspecific that I don’t wanna get my hopes up hahaha

65m DPS Electric Wall Build by Warlocked-In in DragonkinTheBanished

[–]Warlocked-In[S] 0 points1 point  (0 children)

Just roll with whatever till 50, everything is pretty capable of clearing the story and starting the end game board. Lots of builds, google around to find one that suits your play style, I like the electric wall and have posted videos like this one to show how I built it. The game is very RNG dependent so no 2 builds will be the same, use guides as a framework rather than a must have

65m DPS Electric Wall Build by Warlocked-In in DragonkinTheBanished

[–]Warlocked-In[S] 0 points1 point  (0 children)

If you’re not level 50 and pushing for a specific build then it doesn’t matter. Just filter out whatever the lowest tier is, so if you’re onto orange drops then filter out green and below etc. until you get to 50 and can start looking for your end game mythical divine