Scammers 2.0 By the_dog_god

Scammers, they keep getting smarter, keep finding new ways to exploit the system, new ways to rob you of your hard earned Neopoints, new ways of sticking your precious pet in the pound without you knowing what’s happened until it’s too late. Of course, there are exceptions to this rule, for example, recently a Neopian User realized they were being hacked mid-hack and requested the new password to the account. They then changed the password and logged back in with the new password. Afterwards they checked the trades set up and realized the person offering junk on them was the hacker, using the hacker’s username and the password the hacker changed their account’s too the hacked player managed to get into the hacker’s account and take his items back. You may read this and think that if that hacker was dumb enough to do that then you’ll be fine. Think again. For every failed hack attempt there are dozens of successful ones, not to mention the fact that the hacker in question will never make the same mistake having learnt from their fault.

With the scammers constantly upgrading, it is up to each Neopian to take new precautions to avoid their hard earned work being flushed down to the toilet by somebody with nothing better to do than spend their life stealing virtual dollars.

1. Check your current password.

Is it an actual English word ?? Is it less than 10 letters long ?? It is comprised solely of letters ??The best passwords will answer no to all three of those questions. Let’s imagine your password is CO41S8uZ95. The odds of a person randomly typing that in the password box for your account is 1 in (26 different lower case English letters) + (26 different upper case English letters) + (10 different numbers) = 62 ^ 10. That roughly works out to be a 1 in 839,299,365,700,000,000 chance of randomly walking up and typing your password in on their first try.

Even a program designed to guess a random combination of 10 letters (upper case and lower case) and numbers would take years to guess your password

The odds however of a password guessing your password if it is something along the lines of “Happy, Password, <insert your last name here>, Neopets or Secretword” are significantly lower. However, for some baffling reason people keep making their password easy to guess and every day at least one person loses their account to somebody that puts in one of these words. If you can’t remember your password easily then write it down on a small slip of paper, do not write anything with it. Just the password. Then put that password somewhere very safe which you can easily access but not easily found by others. Got an old school exercise book at home ?? Write your password into an exercise and remember where in the book you wrote it down. To anybody that for some reason is reading through your old work it will simply look like you worked something out on that page.

Don’t write something like “My Neopets.com password” next to your password however.

Also, it’s a good idea to change your password regularly.

2. Check your Email password and any Neopets related sites’ passwords.

If your Neopets password is Sj11dFy0i3fn4mD201j42 but your Email password is Password then all the scammer needs to do is break into your Email account and request your password.

Additionally, do not use the same password you do on Neopets that you do on any other site. Make sure your different accounts have different passwords as well. It may be great to have a practically uncrackable password on Neopets but the moment you enter it on another site it becomes access to the administrators of that particular site. All it takes is the site to turn out to be run by a very smart scammer or an admin that is bitten by the greed bug to have your password discovered, and once it is you can kiss your hard work goodbye.

Additionally, make sure your gallery accounts etc all have different passwords. It may hurt to have one account taken from you by a scammer, but if all your account passwords are the same then your going to be suffering a LOT more.

3. Off site links. Don’t trust ’em.

No matter what the person says, don’t trust any off site links posted on Neopets.com. Even image URLs can be dangerous.

The moment you leave Neopets.com, all the safety barriers put in place, restricting HTML, CSS, Javascript etc, to protect your account vanish. You are venerable in any off site link, no matter what the extension.

‘Cookies’ are text documents stored by your computer. They hold stored information from websites to assist in browsing the web. For example, the moment you log in to the PinkPT Forums a cookie will be produced by PinkPT and stored on your computer. This cookie will contain your member ID and password. Now you may be worried that anybody could walk up to your computer and read your passwords from your cookie folder, don’t. The cookies are so encrypted it would take a very advanced decoder to translate it into understandable English.

‘Cookie grabbers’ are nasty little scripts that can be placed on websites. Effectively they make a copy of your cookies in your cookie folder and store them on the grabber’s computer. Now, despite how encrypted the cookies may be, all it takes is the grabber to shift the cookie into their cookies folder and head to Neopets.com to gain instant access to your account.

Now that everybody understands that, you may have realized why offsite links are bad. Anybody with a fair bit of computer knowledge can stick a cookie grabber on their own personal site and refer people to it. The major problem people have with cookie grabbers is when they think .jpgs, .gifs and .pngs (To name a few) are safe. Surely the pictures themselves can’t have the script in them ?? Technically you’re right. Pictures aren’t scripts, a cookie grabber is. However, suppose the picture didn’t exist. As you know, if a page doesn’t exist and the site you are on has a custom 404 page, you will be sent to the custom 404 page. (IE : www.neopets.com/lookovertherebecausethispagedoesntexist.phtml ) Now, that 404 page does not have to be an image, and since it’s not an image it can easily have a cookie grabber stuck there without you knowing.

Basically don’t trust outside links, if you are going to then read this article on defending yourself against Cookie Grabbers

4. Older accounts are not trustworthy either.

Surely old accounts wouldn’t scam as their hard work would be wasted when they are frozen right ?? Wrong. The original owner may have gotten sick of just playing Neopets, though it is highly unlikely they’d scam from their original account it can happen. More likely however, a scammer scammed the old account and then used that to scam people.

You’re just as likely to be scammed from a 40 month old account as you are from a 2 week old account.

5. The staff are anti-sociable. They don’t want to talk to you. If it sounds too good to be true, it is.

Allow me to stress this point.

NEOPETS STAFF WILL NEVER EVER EVER EVER EVER EVER ASK FOR YOUR PASSWORD. THEY WILL NEVER EVER EVER EVER MAIL YOU PRIVATELY FROM ANY ACCOUNT OTHER THAN THENEOPETSTEAM WITHOUT YOU FIRST MAILING THEM!!!!!!!!!!!!!!!

No matter how convincing the people sound, Neopets Staff won’t use MSN or AIM. They also won’t mail you from any account other than theneopetsteam unless you mail the staff member in question privately first.

Likewise, they will NEVER ask for your password. No matter how ‘hacked the site is’ or how long they have ‘to save the accounts before the site is deleted,’ the Neopets staff will never ask you for your password. A common Neomail scam is one explaining that the site has been hacked and that the staff are trying to save the information for as many accounts as possible before they shut the site down and reboot it. Don’t ask me how it works so often, it just does. The fact of the matter is, moderators can find out all the information on your account with the click of a button. They can find your password, previous pets, what you’ve fed your pets over the past three years, what you’ve been warned for, they can read your rejected Neopian Times articles, they can see who you’ve Neomailed in your entire neo-life. Most importantly, THEY CAN FIND OUT YOUR PASSWORD WITH GREAT EASE. No matter how hard it is to guess, they can simply click a button and voila!

Don’t trust anybody that claims to be a staff member, claims to be related to a staff member, claims they have hacked Neopets, claims they have found a way to make millions of Neopoints in seconds, claims to know the secret to the ancient cave of Scurvy Island, Fyora’s cave, Sloth’s vault etc etc etc etc.

6. Never use the same Email address that you do to talk to people.

Create three Email accounts.

One for your real life affairs
One for people you want to talk to on Neopets
One for your password email.

Give out numbers one and two as much as you want but keep the third email completely secret. For example, my Neopet’s email address is the_dog_god_is_weird@hotmail.com. I use that to talk to people from PinkPT, Neopets, IDB etc…

However, I do NOT use it for my password recovery Email. I have a completely unrelated Email address which I only use for recovering my lost password. DO NOT TELL ANYBODY THIS EMAIL ADDRESS. DON’T HINT TOWARDS IT, DON’T MAKE REFERENCES ABOUT IT, DON’T EVEN ACKNOWLEDGE THE FACT IT EXISTS TO ANYBODY OTHER THAN YOURSELF.

That way, in the rare even your email address is hacked, you won’t have any chance of your Neopets Password being discovered.

7. If you refuse to follow number six.

For starters, everybody should be ignoring this section of the guide because you WILL follow number six. However, if you want to make things needlessly risky and use the same address for talking to people on Neopets and for password recovery then beware of the following.

The moment you give out the password recovery Email address you open a door for scammers.

A wondrous little feature of most Email accounts is the “secret” question. A little question that supposedly will only be answerable by the creator of the question. However, if a scammer finds your password recovery Email address then they can request to see your “secret” question.

Once they see it, all it takes is a little planning on their behalf to have your Neopets account.

Take this scenario:

“Secret Question”: What is your favorite teacher’s name ?

Sam : Ahhhhh!!
Mike : What ??
Sam : I forgot to do my research assignment!! I needed to interview somebody on their school!!
Mike : Well what are the questions ??
Sam : What school do you attend ??
Sam : What year are you in ?
Sam : List your three favorite teachers in order
Sam : What subjects do they teach ??
Sam : List your three favorite subjects in order
Sam : Do the above two questions match ??
Mike : <insert answers here>

With the seemingly innocent homework assignment, Sam has gained access to Mike’s email account and gained access to Mike’s Neopets account as a result.

8. Don’t download anything anybody tells you to.

Key loggers are nasty little things which are hidden among seemingly harmless files. You won’t know you’ve got it until it’s too late. Key loggers record everything you type in on your computer and transmit it back to the person that made the key logger. This means anytime you type your username, your password, your favorite color, what you’re wearing etc the scammer will know. All it takes is a little search for your password and you’ve got instant scammage. Well no, they’ve got instant scammage, you’ve got instant loss of account.

9. Don’t log in to Neopets at any URL other than www.neopets.com/loginpage.phtml

It may sound stupid but don’t log in at ANY URL other than www.neopets.com/loginpage.phtml . Gone are the days in which anything not on www.neopets.com was obviously a fake log in page. Nowadays very smart scammers can use programs to make the URL appear to be a different domain. Namely they can make any address they want appear to be www.neopets.com. However, they cannot go any further than this, they can’t make the page appear to be www.neopets.com/thisisreal.phtml. It has to be the domain name only. Therefore, if you are browsing and you get asked to log in and the address is www.neopets.com, it may seem safe. It’s not.

Even if you know you are on Neopets.com, make a habit of manually going to www.neopets.com/loginpage.phtml and then logging in. If you are logged out and browsing the site, you will eventually come to page which you need to be logged in to view. Even though you know you are on Neopets.com, go to the login URL and then login. Then go back to the page you want. It may seem stupid, but it’s better to be safe than sorry.

10. Shop and giveaway scams.

So you’re browsing along when suddenly you see a Codestone for 3,000 Neopoints. Quick as a flash you click into the shop and buy the item without looking. The next page you find yourself with a brand new codestone and 30,000 Neopoints less than before.

If the price of an item changes whilst you are in the shop then you will be notified and the transaction will be cancelled. However, if the price changes between the time in which you see it on the shop wizard and the time in which the shop itself loads, you will NOT be notified. Scammers will often change items priced at things like 2.222 to prices like 22,222. People in a rush to snatch up the deal will usually not notice the change and will end up being ripped off. Always check the price of an item before buying it.

Another thing to be aware of is ridiculously low priced items. If you see a H4000 Helmet for sale, priced at 1 NP then there is a good chance it has been stolen or duplicated during a glitch. No matter who is responsible for the item being duplicated/scammed etc, if you are caught with it in your possession you will be frozen. The best idea is to leave it in the shop. However, if you are willing to gamble your entire account on it, then buy it and stick it in your trades with the message

“TnT : I bought this from -‘s shop on –/–/– for — Neopoints. I do not know whether or not the item is safe or not to use. Please delete the item if it has been duplicated or return it to it’s original owner if it has been scammer or hacked.”

Then submit a bug report to Neopets with the trade lot in the message, further outlining the details of how you came across the item.

DO NOT ATTEMPT TO DISPOSE OF THE ITEM BY YOURSELF

.

Sticking the item in the Money Tree, Discarding it, Selling/Trading or Giving it away may result in you being frozen.

Giveaways are NOT permitted on Neopets. By taking part in one or running one you are breaking the Neopets rules. Most of them are scams to get people to donate to a prize fund and then leave with the donations. If you see one, tell the user not to run it. If they persist, report it to Neopets and let them take care of it.

Other things to be aware of:

Not all scammers are there to make Neopoints for themselves. Some scammers will scam you just to make you miserable. These are the types that have your account permanently frozen by breaking a severe rule whilst in your account, disown your pet, discard your items etc. If you take all the precautions listed above they should not be able to get into your account, but they can have your account frozen if you yourself are not careful.

Chain letters are started by such scammers. By posting this message in one billion posts all you would have gained is a sore finger from pressing Ctrl-V multiple times. The fact of the matter is, to stop chain letters, Neopets’ has to take action against ANYBODY that posts a chain letter. Even if you’ve only posted one and somebody else has posted 20, you are just as liable to be punished for them.

No matter how many blood-thirsty Vampires, Ghosts or Werewolves are going to attack you, no matter how many millions of Neopoints you ‘will get’ from posting the chain letter, no matter how real the ‘code’ sounds the bottom line is CHAIN LETTERS DO NOT WORK.

People that think they are funny by posting things like “Post this in 10 messages and be frozen” are just as bad. People see that and think ‘Heh! That was funny, I’m going to do the same thing.’ So they wait for a couple of hours and post the same thing once you’ve gone offline. They get a few laughs and do it again, in the meantime somebody else sees the message, thinks it’s funny and continues the cycle. No matter how original you think it is, it’s a chain letter and effectively you are scamming people into potentially getting their account frozen for posting a chain letter, despite the fact you were making fun of people that post chain letters.

People that encourage you to do things that are against the rules are also scammers. By giving into their peer-pressure to ‘run a giveaway’ or ‘tell that religious joke you told me yesterday on the Neoboards’ you are risking your account being frozen. You may feel they aren’t scamming you out of anything but the result will be the same. You will eventually lose your account, just like you would have if you had screamed your password on the Neoboards.

Don’t make any hints towards your password or give it out. It’s a given, but you’d be surprised…

Remember, scammers are constantly finding new ways to scam people. Reading articles like these gives you some protection against their scams but also gives them things to look out for. A good rule of thumb is this checklist :

Am I giving them anything ?? Password, Email or Item ??
Does it seem too good to be true ??
Does it involve me having to go to an offsite link ??

If you answered yes to any of the above then be on your guard. It could easily be a scam without you realizing.

I strongly suggest you read the other articles on PinkPT. Even the outdated ones, though the information may be old, they still give some good advice on how to avoid losing your hard earned Neopet’s account.

14 thoughts on “Scammers 2.0 By the_dog_god”

  1. Thanks for this article, it is VERY helpful and I hope people will find and read it. I was hacked in January (they got into my email account ON one of my website domains and put a forwarder on). When I got the password request, I didn’t even realise they’d done it, so changing the password didn’t help. They just requested it again. They took everything while I was asleep and froze my account. Only weeks later did I even find the forwarder! They got all my personal emails including bank transactions, it was VERY scary.

    I was very lucky and got everything back about 2 months later, from 50mill worth of weapons to my UC Faerie Draik and huge Battle pet. Most aren’t so lucky.

    Almost 5 months later, I still get password requests regularly (like twice a week) and every time I am scared they have gotten in again 🙁 I change emails, passwords, you name it. However, there are just too many loopholes in Neopets

    • You can switch off your pin completely (why would anyone EVER do this?!)
    • The Neopets ‘perk’ of more transfers the older the account is a CURSE! They took all my pets off. I have never moved my pets in years, this should be able to be turned OFF completely, or at least only go into effect after 24 hours if you change your mind. Can you imagine how many pets would be saved?
    • If you request a username associated with an email, they send ALL the account names with ALL the passwords. HOW STUPID IS THIS? You forgot your username, NOT the passwords?!
    • You can request your account passwords as many times a day. There should SURELY be 1-a-day limit on this. You can’t even max it out to try stop them.

    I have email TNT’s nice new support long emails of suggestions or even just some limits to my own account. It’s sad because there’s almost nothing you can do if you get hacked. Neopets leaves your account wide open for losing everything 🙁

    Thanks again for your article and I hope it saves a lot of people!

  2. Very little information is provided about the product on the company website.
    Men also sufferer from acne with changes in their hormones as a man grows testosterone fuels through
    them which can also cause a wide spread of this condition. The skin is the largest organ in the body, it is the most visible parts of the body, so it only
    makes sense that we care for it.

  3. I believe that is among the most significant info for
    me. And i am glad studying your article. But want to remark on few normal issues, The web site
    taste is perfect, the articles is in point of fact
    excellent : D. Good job, cheers

  4. Thanks for the good writeup. It in truth used to be a entertainment account
    it. Glance complicated to more introduced agreeable from you!
    However, how can we keep in touch?

  5. [url=http://www.fujisanbrand.com/watch/chanel/index_6.html]Rolexスーパーコピー時計販売はROLEXコピー時計通販専門店です . 0.678244178 ロレックス時計のムーブメント:スイス製クォーツ . 品質保証、世界一流ロレックス時計スーパーコピー、精巧に作られたのスーパーコピーロレックス(N級品)2015年新作。[/url]

  6. [url=http://www.newkakaku.com/chq2.htm]展示ホール内を泳いで一時間後も、そもそもブランドを知らない人も知って:この百年の号は持つ遠見卓識知者ハンス・ヴェルス多夫(ハンス!Wilsdorf)に創立され、彼は真っ先に予見懐中時計を名目に歴史舞台、腕時計は取って代わってRolex(ロレックス);二十世紀発売多くの重要な技術革新(例えば密封性、自動的に最適化メカニズムなど)を持って完備、精良な生産ツールとして、その製品の信頼性抜群抜群;ブランドが巨大な規模のアフターサービスネットワーク、全体のタブ業し、それが長いと多くのスポーツ界や文化界のセレブに協力ロレックス終始独立運営、この点とみなされてその特色。[/url]

  7. [url=http://www.gowatchs.com/brand-234.html]大都市不動産市場購入できる株式指数に戻って、10年前につれて、一般的な投資ルート近くに陥れてつまらなくて局、収蔵市場でだけであった少数のプレイヤー愛顧の時計を得た意図投資最近部分を資金ヘッジ甚だしきに至っては付加価値の市民愛顧。ロレックス スーパーコピー時計は自家用体現できる個人品位のほか、その投資の価値は侮れない。でも業界関係者は注意して、投資の時計の時とは思わないでくださいは徹底的に解決する過程のために、時計ヘッジ後続定期的なメンテナンスも1筆の支出節約できない、今時計(簡単機能)の平均メンテナンスの試算30年保養投入するが約6万元。また、別の時計サービスセンターの価格、メンテナンスプロジェクトも違うが、投資家はもっと気をつけ。[/url]

  8. 2017年最高ブランドコピー 服、財布.
    ★2017年春、夏節男性、女性に超人気がある新素材入荷★
    ブランドコピー 服 、ブランド コピーネットショップとしてずっと多くのお客様に信頼頂いております。 品質よくて、 激安 の大特価でご提供します。
    ★2017年新品バッグ、財布、手帳、腕時計、ブランド 靴、ファッション 服
    ★2017年男性、女性に超人気がある新素材
    ★2017年の新素材-新作!高品質の追求
    ■主要取扱商品 ブランドコピー 服 バッグ、財布、腕時計、マフラー!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.