Scammers 2.0 By the_dog_god

Scammers, they keep getting smarter, keep finding new ways to exploit the system, new ways to rob you of your hard earned Neopoints, new ways of sticking your precious pet in the pound without you knowing what’s happened until it’s too late. Of course, there are exceptions to this rule, for example, recently a Neopian User realized they were being hacked mid-hack and requested the new password to the account. They then changed the password and logged back in with the new password. Afterwards they checked the trades set up and realized the person offering junk on them was the hacker, using the hacker’s username and the password the hacker changed their account’s too the hacked player managed to get into the hacker’s account and take his items back. You may read this and think that if that hacker was dumb enough to do that then you’ll be fine. Think again. For every failed hack attempt there are dozens of successful ones, not to mention the fact that the hacker in question will never make the same mistake having learnt from their fault.

With the scammers constantly upgrading, it is up to each Neopian to take new precautions to avoid their hard earned work being flushed down to the toilet by somebody with nothing better to do than spend their life stealing virtual dollars.

1. Check your current password.

Is it an actual English word ?? Is it less than 10 letters long ?? It is comprised solely of letters ??The best passwords will answer no to all three of those questions. Let’s imagine your password is CO41S8uZ95. The odds of a person randomly typing that in the password box for your account is 1 in (26 different lower case English letters) + (26 different upper case English letters) + (10 different numbers) = 62 ^ 10. That roughly works out to be a 1 in 839,299,365,700,000,000 chance of randomly walking up and typing your password in on their first try.

Even a program designed to guess a random combination of 10 letters (upper case and lower case) and numbers would take years to guess your password

The odds however of a password guessing your password if it is something along the lines of “Happy, Password, <insert your last name here>, Neopets or Secretword” are significantly lower. However, for some baffling reason people keep making their password easy to guess and every day at least one person loses their account to somebody that puts in one of these words. If you can’t remember your password easily then write it down on a small slip of paper, do not write anything with it. Just the password. Then put that password somewhere very safe which you can easily access but not easily found by others. Got an old school exercise book at home ?? Write your password into an exercise and remember where in the book you wrote it down. To anybody that for some reason is reading through your old work it will simply look like you worked something out on that page.

Don’t write something like “My Neopets.com password” next to your password however.

Also, it’s a good idea to change your password regularly.

2. Check your Email password and any Neopets related sites’ passwords.

If your Neopets password is Sj11dFy0i3fn4mD201j42 but your Email password is Password then all the scammer needs to do is break into your Email account and request your password.

Additionally, do not use the same password you do on Neopets that you do on any other site. Make sure your different accounts have different passwords as well. It may be great to have a practically uncrackable password on Neopets but the moment you enter it on another site it becomes access to the administrators of that particular site. All it takes is the site to turn out to be run by a very smart scammer or an admin that is bitten by the greed bug to have your password discovered, and once it is you can kiss your hard work goodbye.

Additionally, make sure your gallery accounts etc all have different passwords. It may hurt to have one account taken from you by a scammer, but if all your account passwords are the same then your going to be suffering a LOT more.

3. Off site links. Don’t trust ’em.

No matter what the person says, don’t trust any off site links posted on Neopets.com. Even image URLs can be dangerous.

The moment you leave Neopets.com, all the safety barriers put in place, restricting HTML, CSS, Javascript etc, to protect your account vanish. You are venerable in any off site link, no matter what the extension.

‘Cookies’ are text documents stored by your computer. They hold stored information from websites to assist in browsing the web. For example, the moment you log in to the PinkPT Forums a cookie will be produced by PinkPT and stored on your computer. This cookie will contain your member ID and password. Now you may be worried that anybody could walk up to your computer and read your passwords from your cookie folder, don’t. The cookies are so encrypted it would take a very advanced decoder to translate it into understandable English.

‘Cookie grabbers’ are nasty little scripts that can be placed on websites. Effectively they make a copy of your cookies in your cookie folder and store them on the grabber’s computer. Now, despite how encrypted the cookies may be, all it takes is the grabber to shift the cookie into their cookies folder and head to Neopets.com to gain instant access to your account.

Now that everybody understands that, you may have realized why offsite links are bad. Anybody with a fair bit of computer knowledge can stick a cookie grabber on their own personal site and refer people to it. The major problem people have with cookie grabbers is when they think .jpgs, .gifs and .pngs (To name a few) are safe. Surely the pictures themselves can’t have the script in them ?? Technically you’re right. Pictures aren’t scripts, a cookie grabber is. However, suppose the picture didn’t exist. As you know, if a page doesn’t exist and the site you are on has a custom 404 page, you will be sent to the custom 404 page. (IE : www.neopets.com/lookovertherebecausethispagedoesntexist.phtml ) Now, that 404 page does not have to be an image, and since it’s not an image it can easily have a cookie grabber stuck there without you knowing.

Basically don’t trust outside links, if you are going to then read this article on defending yourself against Cookie Grabbers

4. Older accounts are not trustworthy either.

Surely old accounts wouldn’t scam as their hard work would be wasted when they are frozen right ?? Wrong. The original owner may have gotten sick of just playing Neopets, though it is highly unlikely they’d scam from their original account it can happen. More likely however, a scammer scammed the old account and then used that to scam people.

You’re just as likely to be scammed from a 40 month old account as you are from a 2 week old account.

5. The staff are anti-sociable. They don’t want to talk to you. If it sounds too good to be true, it is.

Allow me to stress this point.

NEOPETS STAFF WILL NEVER EVER EVER EVER EVER EVER ASK FOR YOUR PASSWORD. THEY WILL NEVER EVER EVER EVER MAIL YOU PRIVATELY FROM ANY ACCOUNT OTHER THAN THENEOPETSTEAM WITHOUT YOU FIRST MAILING THEM!!!!!!!!!!!!!!!

No matter how convincing the people sound, Neopets Staff won’t use MSN or AIM. They also won’t mail you from any account other than theneopetsteam unless you mail the staff member in question privately first.

Likewise, they will NEVER ask for your password. No matter how ‘hacked the site is’ or how long they have ‘to save the accounts before the site is deleted,’ the Neopets staff will never ask you for your password. A common Neomail scam is one explaining that the site has been hacked and that the staff are trying to save the information for as many accounts as possible before they shut the site down and reboot it. Don’t ask me how it works so often, it just does. The fact of the matter is, moderators can find out all the information on your account with the click of a button. They can find your password, previous pets, what you’ve fed your pets over the past three years, what you’ve been warned for, they can read your rejected Neopian Times articles, they can see who you’ve Neomailed in your entire neo-life. Most importantly, THEY CAN FIND OUT YOUR PASSWORD WITH GREAT EASE. No matter how hard it is to guess, they can simply click a button and voila!

Don’t trust anybody that claims to be a staff member, claims to be related to a staff member, claims they have hacked Neopets, claims they have found a way to make millions of Neopoints in seconds, claims to know the secret to the ancient cave of Scurvy Island, Fyora’s cave, Sloth’s vault etc etc etc etc.

6. Never use the same Email address that you do to talk to people.

Create three Email accounts.

One for your real life affairs
One for people you want to talk to on Neopets
One for your password email.

Give out numbers one and two as much as you want but keep the third email completely secret. For example, my Neopet’s email address is the_dog_god_is_weird@hotmail.com. I use that to talk to people from PinkPT, Neopets, IDB etc…

However, I do NOT use it for my password recovery Email. I have a completely unrelated Email address which I only use for recovering my lost password. DO NOT TELL ANYBODY THIS EMAIL ADDRESS. DON’T HINT TOWARDS IT, DON’T MAKE REFERENCES ABOUT IT, DON’T EVEN ACKNOWLEDGE THE FACT IT EXISTS TO ANYBODY OTHER THAN YOURSELF.

That way, in the rare even your email address is hacked, you won’t have any chance of your Neopets Password being discovered.

7. If you refuse to follow number six.

For starters, everybody should be ignoring this section of the guide because you WILL follow number six. However, if you want to make things needlessly risky and use the same address for talking to people on Neopets and for password recovery then beware of the following.

The moment you give out the password recovery Email address you open a door for scammers.

A wondrous little feature of most Email accounts is the “secret” question. A little question that supposedly will only be answerable by the creator of the question. However, if a scammer finds your password recovery Email address then they can request to see your “secret” question.

Once they see it, all it takes is a little planning on their behalf to have your Neopets account.

Take this scenario:

“Secret Question”: What is your favorite teacher’s name ?

Sam : Ahhhhh!!
Mike : What ??
Sam : I forgot to do my research assignment!! I needed to interview somebody on their school!!
Mike : Well what are the questions ??
Sam : What school do you attend ??
Sam : What year are you in ?
Sam : List your three favorite teachers in order
Sam : What subjects do they teach ??
Sam : List your three favorite subjects in order
Sam : Do the above two questions match ??
Mike : <insert answers here>

With the seemingly innocent homework assignment, Sam has gained access to Mike’s email account and gained access to Mike’s Neopets account as a result.

8. Don’t download anything anybody tells you to.

Key loggers are nasty little things which are hidden among seemingly harmless files. You won’t know you’ve got it until it’s too late. Key loggers record everything you type in on your computer and transmit it back to the person that made the key logger. This means anytime you type your username, your password, your favorite color, what you’re wearing etc the scammer will know. All it takes is a little search for your password and you’ve got instant scammage. Well no, they’ve got instant scammage, you’ve got instant loss of account.

9. Don’t log in to Neopets at any URL other than www.neopets.com/loginpage.phtml

It may sound stupid but don’t log in at ANY URL other than www.neopets.com/loginpage.phtml . Gone are the days in which anything not on www.neopets.com was obviously a fake log in page. Nowadays very smart scammers can use programs to make the URL appear to be a different domain. Namely they can make any address they want appear to be www.neopets.com. However, they cannot go any further than this, they can’t make the page appear to be www.neopets.com/thisisreal.phtml. It has to be the domain name only. Therefore, if you are browsing and you get asked to log in and the address is www.neopets.com, it may seem safe. It’s not.

Even if you know you are on Neopets.com, make a habit of manually going to www.neopets.com/loginpage.phtml and then logging in. If you are logged out and browsing the site, you will eventually come to page which you need to be logged in to view. Even though you know you are on Neopets.com, go to the login URL and then login. Then go back to the page you want. It may seem stupid, but it’s better to be safe than sorry.

10. Shop and giveaway scams.

So you’re browsing along when suddenly you see a Codestone for 3,000 Neopoints. Quick as a flash you click into the shop and buy the item without looking. The next page you find yourself with a brand new codestone and 30,000 Neopoints less than before.

If the price of an item changes whilst you are in the shop then you will be notified and the transaction will be cancelled. However, if the price changes between the time in which you see it on the shop wizard and the time in which the shop itself loads, you will NOT be notified. Scammers will often change items priced at things like 2.222 to prices like 22,222. People in a rush to snatch up the deal will usually not notice the change and will end up being ripped off. Always check the price of an item before buying it.

Another thing to be aware of is ridiculously low priced items. If you see a H4000 Helmet for sale, priced at 1 NP then there is a good chance it has been stolen or duplicated during a glitch. No matter who is responsible for the item being duplicated/scammed etc, if you are caught with it in your possession you will be frozen. The best idea is to leave it in the shop. However, if you are willing to gamble your entire account on it, then buy it and stick it in your trades with the message

“TnT : I bought this from -‘s shop on –/–/– for — Neopoints. I do not know whether or not the item is safe or not to use. Please delete the item if it has been duplicated or return it to it’s original owner if it has been scammer or hacked.”

Then submit a bug report to Neopets with the trade lot in the message, further outlining the details of how you came across the item.

DO NOT ATTEMPT TO DISPOSE OF THE ITEM BY YOURSELF

.

Sticking the item in the Money Tree, Discarding it, Selling/Trading or Giving it away may result in you being frozen.

Giveaways are NOT permitted on Neopets. By taking part in one or running one you are breaking the Neopets rules. Most of them are scams to get people to donate to a prize fund and then leave with the donations. If you see one, tell the user not to run it. If they persist, report it to Neopets and let them take care of it.

Other things to be aware of:

Not all scammers are there to make Neopoints for themselves. Some scammers will scam you just to make you miserable. These are the types that have your account permanently frozen by breaking a severe rule whilst in your account, disown your pet, discard your items etc. If you take all the precautions listed above they should not be able to get into your account, but they can have your account frozen if you yourself are not careful.

Chain letters are started by such scammers. By posting this message in one billion posts all you would have gained is a sore finger from pressing Ctrl-V multiple times. The fact of the matter is, to stop chain letters, Neopets’ has to take action against ANYBODY that posts a chain letter. Even if you’ve only posted one and somebody else has posted 20, you are just as liable to be punished for them.

No matter how many blood-thirsty Vampires, Ghosts or Werewolves are going to attack you, no matter how many millions of Neopoints you ‘will get’ from posting the chain letter, no matter how real the ‘code’ sounds the bottom line is CHAIN LETTERS DO NOT WORK.

People that think they are funny by posting things like “Post this in 10 messages and be frozen” are just as bad. People see that and think ‘Heh! That was funny, I’m going to do the same thing.’ So they wait for a couple of hours and post the same thing once you’ve gone offline. They get a few laughs and do it again, in the meantime somebody else sees the message, thinks it’s funny and continues the cycle. No matter how original you think it is, it’s a chain letter and effectively you are scamming people into potentially getting their account frozen for posting a chain letter, despite the fact you were making fun of people that post chain letters.

People that encourage you to do things that are against the rules are also scammers. By giving into their peer-pressure to ‘run a giveaway’ or ‘tell that religious joke you told me yesterday on the Neoboards’ you are risking your account being frozen. You may feel they aren’t scamming you out of anything but the result will be the same. You will eventually lose your account, just like you would have if you had screamed your password on the Neoboards.

Don’t make any hints towards your password or give it out. It’s a given, but you’d be surprised…

Remember, scammers are constantly finding new ways to scam people. Reading articles like these gives you some protection against their scams but also gives them things to look out for. A good rule of thumb is this checklist :

Am I giving them anything ?? Password, Email or Item ??
Does it seem too good to be true ??
Does it involve me having to go to an offsite link ??

If you answered yes to any of the above then be on your guard. It could easily be a scam without you realizing.

I strongly suggest you read the other articles on PinkPT. Even the outdated ones, though the information may be old, they still give some good advice on how to avoid losing your hard earned Neopet’s account.