Today I was stupid. I got an e-mail from "noreply@a.runescape.com", see below.
Since I don't play RS, and last time I did was well over a decade, I let my guard down. First thing I checked the e-mail adress, and google reported it's a legit jagex one.
I did not initialize such a thing, so I wanted to cancel that. Being reckless on my phone while shitting, I hit the link (which btw isn't spoofed - hoovering shows the same) - and ta-da, i confirmed a password change.
TL;DR:
Hacker/phisher has my account, attached to his mail and I finalized a PW request change for him, by clicking the link.
Now I wonder: are there any risks involved with someone having hijacked your Runescape account? As I said I don't play/care for RS, but could he use these new data to hurt my friends? or hurt me?
What do you runescape players know? Should I contact Jagex?
This post was edited by SpAz. on Sep 16 2019 04:30am