Today, I received an email from "firstname.lastname@example.org" with the following message:
We regret to inform you that your account has received an infraction due to a Major Real World Trading offense. Please visit the appeal section under Account Management to view evidence of your infraction(s) and to appeal any infraction(s) that you feel were unjustified.
To view the evidence please click here: http://secure.runescape.com/m=weblogin/loginform.ws?mod=offence-appeal&s...
Please note: Due to a recent bug in our infraction system, some accounts may have received a void infraction. The majority of void infractions have been removed but we cannot ensure that all infractions have been removed. We urge you to visit the appeal section to appeal any unjustified infractions received due to system errors.
Many thanks, Jagex Ltd.
I have never received an infraction on Runescape, nor have I ever received an email from Runescape. When I got this message, I quickly logged in via the link and entered my username and password. Just as I clicked enter, something made me look at the URL. Instead of "Runescape.com" (like it said in the masked email URL), it said "Runescape.co.cm".
I panicked, but I managed to change my information before the website could access and obtain my account.
Remember to Always Double Check Your Emails
When people send you links through your email, it's very easy for them to "mask" the appearance and put in another link.
For example, I could make a link leading to Google.com, but name it Runescape.com (go ahead, click it. It leads to Google).
An Email is in the Spam Box for a Reason
Odds are, most emails you get in the spam box are scams, keyloggers, or phishing websites. The reason they are spam is because other users have reported the email provider as a scammer, keylogger, or a phisher.
Whenever you receive an email in your Spam Box that you were not expecting, always check the validity of it before opening any links. It's a good thing the link I clicked was just a phishing website. Otherwise, I could have accidentally downloaded a keylogger or some other virus that could have screwed up my computer.
Oh no! I entered my information at Runescape.co.cm (or other Phishing website). What do I do?
CHANGE YOUR PASSWORD IMMEDIATELY. AT THIS VERY SECOND. Any moment now the phishing website could have accessed your account and changed your password, leaving you without an account and all your hardwork down the drain.
In addition, SCAN YOUR COMPUTER. You'll never know if this website came with a keylogger or a virus you weren't expecting.
Remember Runescapers: Be careful.
The Internet is an Iffy place, and a lot of people are after your riches and your gold. Guard it!