Cybersecurity researchers have discovered a new RuneScape-themed phishing campaign, and it stands out among the various operations for being exceptionally well-crafted.
RuneScape is a free online MMORPG game first released two decades ago but continues to be popular in the gaming community and enjoyed by millions of players.
Its "Old School" edition has seen a steady increase of active players for many years now and a massive spike in 2019 when the developers released a mobile version.
The latest phishing campaign, spotted by Malwarebytes, attempts to target players of both the Old School and the standard (RuneScape 3) editions via a fake email change notice.
It starts with an email
The initial email pretends to come from Jagex support, the developer and publisher of the RuneScape series, informing the recipient of a successful email change for both editions.
The message claims that all login details remain unchanged, but the registered email address for all future password resets has changed to a bogus address.