Almost Cookie Grabbed!

[Dcoolb]

I was searching for a darigan citadel user lookup and I went to [removed] page. I went to neomail him when it made me sign in. So I did, but when it just loaded the login page again I looked at the website and realized it wasn't neopets. So I went to neopets and changed my password. That was a scary moment!

[Cornflakes]

Good thing you caught it in time. Stupid CGers. I have annoying PINs on everything now. Jerks.

[Tedhaun]

That was a very close call dcoolb, glad you noticed the altered URL by the way, that was a wise thing to do. I never came across a CGer in my entire Neopets life luckily, and I may want to up my awareness for such things as well.

[vampire_girl]

Lucky you! I was CGed for already few times. First few times they could only steal about 20k. Only once there was a bigger "damage".

[espy]

Hello, my name is Chloe, Ro's girlfriend. Ro is [removed] by the way.

 

 

I'm just going to say, what on earth are you talking about?!

 

1) When you type in "darigan citadel user lookup" into google, Ro's profile doesn't come up?

2) Where is the cookie grabber link? What is the link you clicked on? Tell us specifically what it said?

3) Ro is very known around the PC, has amazing pets and such and wouldn't dare risk his account by putting such things on it, or even know how to for that matter.

 

 

I think it's really freaking rude of you to post his username on this forum saying he's a cookie grabber. I make all his coding for him so I know for a fact there is absolutely no such thing in there.

 

Would you like to explain yourself?

 

 

 

By the way, I just made an account with this forum just to say this.

[Javooooo]

espy, its possible that your boyfriend has been hacked and the hacker put this link into his account. I've been cookie-grabbed before, and TNT refused to help me get my account back :(. Lucky you for catching the cookie-monster :D

[espy]

I don't think anybody would hack Ro, to get the information of other peoples accounts.. and leave all Ro's stuff there...

 

By the way to the original poster; even if you're not implying Ro put the links on his page, it's still comes off badly with his username there and such.. Ro works really hard for everything he has and you are kind of pointing fingers even if you are not trying to

[Javooooo]

espy, you should ask Ro to check he can still access his account (i.e. he isn't hacked), and then to remove the link ASAP from his user/pet lookup. He could run the risk of being banned for attempting to hack peoples accounts (even though he didn't mean to) and TNT won't listen to his appeals. I've had experience with TNT, they aren't always the most understanding people.

[espy]

I'm with Ro right now, we have our computers right side by side, he is really mad about all of this.

He still has access to his account, nothing has changed.

 

 

And I would tell him to remove the link if I knew what link you were talking about.... The whole reason I posted here is because there is no link? We don't get it!

[Javooooo]

I can't be certain, because I didn't spot the link, but I'm pretty sure it is in either Ro's user lookup, or one of his pets' lookup.

[antiaircraft]

It's highly unlikely that Ro was involved in this phishing attempt (and mind you, this was definitely a phishing attack, it was not in any way related to cookie-grabbers). What's more likely is that somebody set up a fake phishing page, put his username on it, and uploaded it to a different domain with keywords that were likely to make it rank high on searches (e.g. Darigan Citadel user lookups).

 

Additionally, please don't call these people hackers. They're not hackers. See my signature for more details.

[espy]

The original poster has mailed Ro and first he said it was at the bottom of the page, and then he said it was when you click on trades?

 

To be honest I don't believe any of this.

 

 

I have checked through the userlookup coding and it's all fine.. I'll check the pet lookups but I know I won't find anything.

If you didn't "spot the link" then why do you think there is a cookie grabbing link on his page?

 

:/

[Javooooo]

I was just warning you that it was possible the link could still be there, even if Ro didn't consciously put it in the lookup (ie he could have been hacked, and someone put the link there). If you can't find it, that's great news. Don't worry!

[espy]

There's no link. Nobody is in Ro's account.

It can't be what "AA" suggested because the original poster stated he went to Ro's userlookup (which I'm assuming was a neopets link) and the SECOND link he clicked, from Ro's page, was a fake login page.

 

If nobody can prove such links, can you please remove this thread or at least Ro's username, it looks like you're calling him a cookie grabber (even if you're not!) and it's classed as harassment. So I'm just asking nicely. Thanks!

[antiaircraft]

It can't be what "AA" suggested because the original poster stated he went to Ro's userlookup (which I'm assuming was a neopets link) and the SECOND link he clicked, from Ro's page, was a fake login page.

From the original post, it seems that the OP only checked the domain after clicking the second link. It's entirely possible both pages were a phishing setup on a separate domain.

 

The other possibility is that the OP has malware of some sort on his computer.

 

If nobody can prove such links, can you please remove this thread or at least Ro's username, it looks like you're calling him a cookie grabber (even if you're not!) and it's classed as harassment. So I'm just asking nicely. Thanks!

This topic has been flagged for a moderator check. :)

[Noog]

Everyone here needs to calm down. First of all, I highly doubt that it's harassment that he mentioned this. Someone obviously set up a phishing page because Ro's page is so popular. The Original Poster (OP) was NOT on Ro's userlookup and tried to neomail him from the petpage. If there's a phishing page, you will not find anything by checking his account because it is on a completely different domain.

 

Again, it's also not a cookie grabbing scam, it's a phishing scam, from crackers, not hackers.

 

Connecting Ro to the incident is as pointless as connecting Neopets to the incident. It's not anyone's fault that this happened besides the person who set up the duplicate page to phish. However, it's necessary that people know about his petpage so that they don't accidentally go to the phishing site. If you try to google Ro's page, check to make sure you are at neopets.com.

[Dcoolb]

Well espy! The link is [removed] and so you know I search darigan citadel user lookups on the very bottom.

[Javooooo]

AA, I like your signature! Too true about hackers!

[Noog]

Well espy! The link is [removed] and so you know I search darigan citadel user lookups on the very bottom.

 

^THIS is a phishing site. They duplicated Ro's page to collect account info. It's not that difficult to find, I found it myself and was coming back to make another post.

[espy]

Okay, I see that now. Thanks for posting the link OP.

[antiaircraft]

That IP address appears to be hosting a site targeted at phishing Neopets in general - it has now been flagged for review with standard phishing lists (meaning it should filter through to automatic protection in web browsers sooner or later).