Don't yell at me
Yes, I understand. It's very tough to log in one day and find all your hard earned NP and items gone!
I understand that it would be nice to blame it on a hacker, or on the devil, or on the monster under the bed, anyone but yourself.
But until you realise that you brought it on yourself, you have no guarantee it won't happen again.
And let me get this straight right away: I didn't say you can't get hacked. I said you weren't hacked.
Official quote:
Contrary to what many people claim, no one has ever hacked into Neopets, accessed user information, accounts or usernames. The ONLY means by which a user can have an account stolen is when they inadvertently or intentionally gives away their pässword.
from http://www.neopets.com/chatrules.phtml
The common excuses:
It was a cookie Grabber
Read this first:
What is a cookie grabber?
I consider cookie-grabbers a scam. Many people disagree with me.
If cookie-grabbers were randomly placed on any web-page, where you least expected it, I'd might be prone to agree, however, on neopets it doesn't work like that.
The scammer will most likely target you either through neomail or through message boards. They'll probably post a link of some sort with a story along the lines that it will give you lots of items or neopoints. They might however try to pass it off as a new neopets help-site or something they need help with.
My point is that they trick you into visiting the page, you're never there by accident. Thus it's a scam.
Feel free to disagree.
So:
- Why were you on that page in the first place?
Probably because they promised you free items or neopoints...
- Why didn't you have the newest security patch?
You can download it for free at http://windowsupdate.microsoft.com and it would have made it impossible to steal your cookies.
- Why didn't you change your
 when you realised it was a cookie grabber?
NOTE: The advice people in the forums give you is usually delete your cookies!.
That will not make any difference if you've already visited the site with the cookie-grabber. They already have your cookies (which contain your and deleting them from your system will make absolutely no difference to the scammer, it will only require you to log in again...
Once a cookie has been grabbed you need to change your .
Deleting your cookies before you visit suspicious pages will help.
They guessed my 
Why on earth did you have a guessable ?
Here are a list of very bad :
It's amazing how many people have s that are somehow their name with a number or two behind it.
frodo, gandalf, elvis, harrypotter, jesus, 2003, swordfish, abracadabra, your username, your name, your dog's name, any P/W you use somewhere else...
Good s:
fish86book, toenail91, alphabetispagheti, tape1recorder, bussbuilder, ølsalgetterklokken8!!!, ElEpHaNnNn7.
Any completely random combination of words and numbers is good, you can also use most special characters like #¤%&@£$æøå.!?. And as an extra bonus, some of these characters won't show if you have the sent to your e-mail (try it!).
It was a fake login-page
Always, always, always check that the URL starts with http://www.neopets.com before logging in. If in doubt; don't log in! And if you don't notice it was a fake before after you've entered your , change it FAST!
With the new login-system it should be no problem telling a fake from the real thing.
This is the scammiest of all scams.
If you give a stranger the keys to your flat and tell them where you live, do you consider it burglary?
They told me they were from the neopets team
Unfortunately a lot of these neomails/emails look and sound very official, so you have to repeat to your self these magic words No member of staff will ever ask for your  . Chant that a couple of times until you know it by heart.
These mails will usually tell you either that there's a problem with the site and they need your to backup your account to keep it safe, or they'll pass it off as an official warning, telling you that you're suspected of sabotage or cheating at flash games or something.
The common denominator here is that they ask for your , which like we chanted a bit earlier: no member of staff will ever do.
We might as well mention this as well; there is an official neopets account used for handing out warnings. Warnings from that account are real, but they'll never ask for your . The account is theneopetsteam.
Fake members of staff (at least the good ones) will normally change their lookup to resemble this official account. With a bit of Style Sheets it's not too hard, so don't be fooled by the apparent lack of stats, pets, shield etc... It's become more difficult after some positioning tags was disabled, but it's still not impossible.
I only changed the e-mail address in my preferences
First off let's go through what's wrong with this:
Neopets need your e-mail address on file to send you mail when your auctions end or your pet leaves the neolodge, but also in case you forget your . So when you change your e-mail address to whatever the scammer says, they just have to enter your username in the box on the login page, and your will be sent straight to them.
This is another scam that can, when presented the right way, sound very convincing.
Mostly it's quite easy to spot, as your average scammer can't think up a good reason for you to change your e-mail, so they'll usually have already said "this is not a scam" at least once, which is a sure sign that it is. And then come up with some story that they're leaving neopets and want to give you all their np, or that they have a cheat program or something.
However, there are some who are more subtle.
I recently got a neomail from someone who offered me a subscription to an online newsletter about neopets, with cheats and tips on how to make 500,000 np in a week. All you had to do was go to user-preferences and change your e-mail to [BLEEP].
When you get it presented like that it almost seems logical. The fact remains that as soon as you do that, they'll request your and drain your account for everything that's worth anything.
|
