Neo Scams
Sun Mar 27, 2005 7:06 am
(Hope this is in the right place)
I was just wondering about some of the ways these people use to scam others. Cookie grabbers, for instance...how many ways can they be hidden? Can they be in an image, or does it have to be embedded in the site? For instance, many of us look at screenies on Photobucket, but I assume you can't get cookie-grabbed for that, right?
Just wondering after the fiasco on the Avatar Board tonight. Apparently, someone posted a topic saying, "Am I Ugly?", with a link inside. The link went to a CG, and lots of people lost their accounts. I never go to outside links I don't know, but just want to make sure I'm doing everything I can to stay safe.
I was just wondering about some of the ways these people use to scam others. Cookie grabbers, for instance...how many ways can they be hidden? Can they be in an image, or does it have to be embedded in the site? For instance, many of us look at screenies on Photobucket, but I assume you can't get cookie-grabbed for that, right?
Just wondering after the fiasco on the Avatar Board tonight. Apparently, someone posted a topic saying, "Am I Ugly?", with a link inside. The link went to a CG, and lots of people lost their accounts. I never go to outside links I don't know, but just want to make sure I'm doing everything I can to stay safe.
Sun Mar 27, 2005 7:13 am
Well, I never would go to any link that did not have http://www.neopets.com in the url if someone posted it on the neoboards. Especially if they ask if they are ugly or something, then the obvious thing to do is check the url for the .gif, .jpg, or .bmp extension. Also notice their account status. Newbies-3 monthers usually are trying something, although it is not to say, some people on older accounts should be trusted as well.
Sun Mar 27, 2005 7:17 am
My understanding of Cookie Grabbers were that they were like programs/scripts embedded in a page/document that could collect your information. I do not believe that one could be placed in an image. But if you are viewing the image on a page (extension .html .htm .phtml etc) then one could potentially be there.
Sun Mar 27, 2005 7:40 am
Don't trust older accounts just because they're older. Scammers that scam people will usually use the account they have just taken to scam others
Don't trust ridiciously low priced items in usershops. They can either link to cookie grabbers or fake login pages, or the user can switch the prices to a similar looking price between the time in which you see the price and the time in which you enter the store.
Don't trust images that people link to. If it is on a site but there is no image then you could be linked to a 404 page which can easily have a cookie grabber on it
Dont give out your word no matter who asks. Even if the account theneopetsteam mails you asking for your word. Neopets has every user's word saved in a seperate server, they'll never need to ask for your word in any manner or form
People on AIM/MSN etc are not staff. Ever.
One that tricks a lot of people that see it is a domain masker. It makes the URL on the page appear to be http://www.neopets.com. Usually this is coupled with a fake login page. Never log in on any address except http://www.neopets.com/loginpage.phtml If you are browsing the site while not logged in and you need to log in to view a page, go specifically to the neopets log in page URL and then log in. Smart scammers can make pages appear to be http://www.neopets.com when they're not, but they can't add anything other than that.
Do not give out your Email address for the account that your word is sent to. People can get into those with your secret question on Hotmail accounts etc. If they can't work the answer out themselves they'll say things like :
"Crud! I'm supposed to have done my homework by now. I had to interview somebody about (). So can you tell me ()"
Do what I do, I have an Email address for my personal life. One for my Neopets email and one that I give to people that want my email address from PPT/Neopets etc
Don't trust ridiciously low priced items in usershops. They can either link to cookie grabbers or fake login pages, or the user can switch the prices to a similar looking price between the time in which you see the price and the time in which you enter the store.
Don't trust images that people link to. If it is on a site but there is no image then you could be linked to a 404 page which can easily have a cookie grabber on it
Dont give out your word no matter who asks. Even if the account theneopetsteam mails you asking for your word. Neopets has every user's word saved in a seperate server, they'll never need to ask for your word in any manner or form
People on AIM/MSN etc are not staff. Ever.
One that tricks a lot of people that see it is a domain masker. It makes the URL on the page appear to be http://www.neopets.com. Usually this is coupled with a fake login page. Never log in on any address except http://www.neopets.com/loginpage.phtml If you are browsing the site while not logged in and you need to log in to view a page, go specifically to the neopets log in page URL and then log in. Smart scammers can make pages appear to be http://www.neopets.com when they're not, but they can't add anything other than that.
Do not give out your Email address for the account that your word is sent to. People can get into those with your secret question on Hotmail accounts etc. If they can't work the answer out themselves they'll say things like :
"Crud! I'm supposed to have done my homework by now. I had to interview somebody about (). So can you tell me ()"
Do what I do, I have an Email address for my personal life. One for my Neopets email and one that I give to people that want my email address from PPT/Neopets etc
Sun Mar 27, 2005 7:44 am
the_dog_god wrote:Don't trust images that people link to. If it is on a site but there is no image then you could be linked to a 404 page which can easily have a cookie grabber on it
You know, that's a good point, I never really thought of 404 pages before
Sun Mar 27, 2005 8:20 am
I never thought about 404 pages either! Yikes!
Basically, I go nowhere while I'm logged in on the site. If someone has something on Photobucket, I'll write the url down and visit it later. Photobucket itself IS safe, but I don't trust people to not make some sort of fake url. There's just too much of that kind of thing both outside and within the site (the auction link that would auto-bid on you, things like that).
If someone says they have an auction or a trade, if I'm interested I will go to their lookup and click the trade or auction icon there.
On IE if you have all the updates you're supposed to be pretty safe from cg, but I don't know. I can tell you I clear cookies, etc. after any and all sites I visit.
Basically, I go nowhere while I'm logged in on the site. If someone has something on Photobucket, I'll write the url down and visit it later. Photobucket itself IS safe, but I don't trust people to not make some sort of fake url. There's just too much of that kind of thing both outside and within the site (the auction link that would auto-bid on you, things like that).
If someone says they have an auction or a trade, if I'm interested I will go to their lookup and click the trade or auction icon there.
On IE if you have all the updates you're supposed to be pretty safe from cg, but I don't know. I can tell you I clear cookies, etc. after any and all sites I visit.
Sun Mar 27, 2005 8:41 am
Just a question. What about aim/msn? Can you be sent a keylogger without your knowledge? or do they have to send you something
Re: Neo Scams
Sun Mar 27, 2005 9:40 am
Cookie grabbers are scripts embedded on webpages to steal cookies from other sites (such as Neopets) and gain access into the victims accounts. Keyloggers are malwares hiddened in some softwares that are installed without your knowledge together with the desired programs.
If your windows xp is original, download and install Microsoft Antispyware from http://www.microsoft.com/athome/securit ... fault.mspx and also turn on Windows XP SP2 Firewall. Control Panel -> Windows Firewall.
If your windows xp is original, download and install Microsoft Antispyware from http://www.microsoft.com/athome/securit ... fault.mspx and also turn on Windows XP SP2 Firewall. Control Panel -> Windows Firewall.
Sun Mar 27, 2005 9:47 am
But if you were running a firewall already you wouldnt need to turn on XP would you? better running 1 good then 2
Sun Mar 27, 2005 9:52 am
vtothec wrote:But if you were running a firewall already you wouldnt need to turn on XP would you? better running 1 good then 2
Yea, you wouldnt need windows xp sp2 firewall if you already got a 3rd party one running. For my case, I am behind a router/ firewall, running zone alarm firewall with windows xp sp2 firewall on as well.
Oh by the way, Microsoft Antispyware is really awesome, other than preventing malicious scripts such as a cookie grabber, it also protects against hijackers, some trojans and spywares.
Add: Always keep your windows up to date is the best protection. http://windowsupdate.microsoft.com
Sun Mar 27, 2005 10:17 am
From what I know, cookie grabbers don't work on Firefox.
I wouldn't mind having a chocolate chip cookie grabber, myself.
I wouldn't mind having a chocolate chip cookie grabber, myself.
Sun Mar 27, 2005 10:40 am
Wow, that's alot of interesting info!
I've heard the same thing, that alot of the programs don't work for Firefox, but I'm not sure. I'm running a Linksys firewall and AVG antivirus. I don't IM with people I don't know....I don't check out links that I don't recognize. Actually, Photobucket is probably the only link I'd look at...I don't recognize most other hosts.
It just seems like the amount of scammers on Neo has increased lately. My sister showed me a shop today that tried to take you to a fake login page, and the thing on the boards. It makes me a bit nervous.
I've heard the same thing, that alot of the programs don't work for Firefox, but I'm not sure. I'm running a Linksys firewall and AVG antivirus. I don't IM with people I don't know....I don't check out links that I don't recognize. Actually, Photobucket is probably the only link I'd look at...I don't recognize most other hosts.
It just seems like the amount of scammers on Neo has increased lately. My sister showed me a shop today that tried to take you to a fake login page, and the thing on the boards. It makes me a bit nervous.
Sun Mar 27, 2005 10:46 am
tigerlily wrote:It just seems like the amount of scammers on Neo has increased lately.
True, the amount of scams and inappropriate posts on the Neoboards has increased. It's sad that these people can't just accept that Neopets is a game and really scamming is a pretty stupid and low thing to be doing (particularly when younger kids are involved). Wouldn't suprise me if one of the reasons is the McDonalds promotions and such that have increased the advertising and traffic to the site and as a result the amount of scammers.
Sun Mar 27, 2005 1:29 pm
I once got a keylogger from someone on MSN, I was over a year had the greatest neohome the greatest petpets, a great amount of money.
They told me it was a chat room, but it was a keylogger, the next thing i know I was frozen!!!
They told me it was a chat room, but it was a keylogger, the next thing i know I was frozen!!!
Sun Mar 27, 2005 2:32 pm
I should not have clicked.
After reading all these stuff i actually feel unsecure. I feel scared.
I FEAR MY ACCOUNT !!!
After reading all these stuff i actually feel unsecure. I feel scared.
I FEAR MY ACCOUNT !!!