A kind member has sent me this guide to help the war against youtube scams.  I love it 


It seems that you can't throw a mithril bar in the G.E. on world 2 (and other worlds for that matter) without hitting a bot advertising a "Youtube giveaway" scam.

I will post a guide, for those interested, on how you can do your part to help ensure these scams fail.


STEP 1: Report The Bot
The account spamming the phrase "Free giveaway search [Youtube ID] for info!" and its variants is likely a victim of the scam itself.  Sad as that is it must be stopped.  Report it for the following:
- Advertising websites
- Macroing/botting
- Solicitation

If you happen to be a mod, and are so inclined, mute the offending account.


STEP 2: Alert Youtube
Next, go to Youtube and search out the Youtube ID.  Locate the video.  Invariably, it will be some video of someone's bank with some tinny techno/electra "music" playing and possibly a voiceover along the lines of "hey guys I'm quitting RuneScape...".  You will be instructed to click the link in the description to be taken to the "RuneScape page" to log in and explain why you should get the giveaway.
This is, of course, a phishing website designed to steal your account.
What you should do is copy the URL and paste it into Notepad.  Once you have done this, flag the video under Fraud -> Spam and enter why you are flagging it.  Indicate that it is a phishing website designed to steal RuneScape players' accounts.  Youtube, hopefully, will act quick to remove the video.


STEP 3: Ping The Phishing Site
Next, open your Command Prompt.
Type the following:
ping phishingsite.domain

You should get an IP address out of this.  Type in the IP into Notepad.  Close the command prompt.


STEP 4: Resolve The IP To Its Host
Next, go to this site: http://tools.whois.net/whoisbyip/
Enter the resolved IP and hit ENTER.  You should get a readout of the site's information, including its host and, more to the point, the complaint/abuse e-mail address such as: [email protected]


STEP 5: E-mail The Phishing Site's Host
Open your e-mail and send an e-mail to the abuse contact, explaining that the site in question is a phishing site trying to steal people's account info.


And thus, you have gone the extra mile in stopping scam sites and making RuneScape a bit safer.

Nice

Could probably manage step 1 and 2

From step 3 it begins to be complicated ;P

Yey, maybe now we can finally stop these idiots in game!

~Sean

So i tried this, but the command prompt thing wont work for me:

WARNING THIS IS A SCAM SITE DO NOT LOG IN





WARNING THIS IS A SCAM SITE DO NOT LOG IN

Any solution or reason why this doesnt work? the link seems "legit", even for me whos playing 5 years nonstop and had a lot of crap over me. lel
It looks like the legit site is used, but somehow sends the login to somone, once the login button is clicked there appears a small, odd box wich normaly never happens. Also a weird message appears when you login without password, wich normaly never happens.

So i tried this, but the command prompt thing wont work for me:

Quote

WARNING THIS IS A SCAM SITE DO NOT LOG IN





WARNING THIS IS A SCAM SITE DO NOT LOG IN

Any solution or reason why this doesnt work? the link seems "legit", even for me whos playing 5 years nonstop and had a lot of crap over me. lel
It looks like the legit site is used, but somehow sends the login to somone, once the login button is clicked there appears a small, odd box wich normaly never happens. Also a weird message appears when you login without password, wich normaly never happens.

Whatever comes after the top-level domain (.com) shouldn't be a part of the echo (ping) request.

Pinging secure-runescape.com [127.42.0.1] with 32 bytes of data:
Reply from 80.82.64.104: bytes=32 time=45ms TTL=59
Reply from 80.82.64.104: bytes=32 time=44ms TTL=59
Reply from 80.82.64.104: bytes=32 time=57ms TTL=59
Reply from 80.82.64.104: bytes=32 time=46ms TTL=59

On a side note, if you can't distinguish malicious domains from the legit ones, you can install e.g. Malwarebytes. It should actively provide protection against these type of websites (it blocks the site in question). In this instance, you can tell by the domain that "secure-runescape.com" is different from "runescape.com". If "secure" were a subdomain of runescape.com, the domain would look like "secure.runescape.com", and this would be legit. If you go to rsof, you will see that they are hosted on services.runescape.com