Welcome to Gaia! ::

kage-ookami4's avatar

Dangerous Ladykiller

[vote <3. mrgreen
If we're not on the first page, you may bump us up ONCE, thanks.
[/size][url=http://www.gaiaonline.com/forum/t.26302801/]♥ Avoid Getting Hacked ♥[/url]

User Image - Blocked by "Display Image" Settings. Click to show.

(and what to do if you've been hacked!)

User Image - Blocked by "Display Image" Settings. Click to show.

IMAGES: to see the images in this guide you must go to your account settings and chose "view all images" as TinyPic is not on the white list [yet?]; no, I am not going to host everything in this guide on Photobucket. If you do not want to do that you must click on the links to see the pictures, it's up to you. As for the signature banners you may still host them yourself on Photobucket or use the text link at the very top of this post.

User Image - Blocked by "Display Image" Settings. Click to show.


Please do not PM me for help unless you have read the guide and didn't find the answer you were looking for. For real, I mean it. I know this guide is long but chances are your question can be answered here. In fact 99% of all the questions I get can be answered by reading the blue text right below this.

If your answer is in the guide I will just point you to the post your answer is in, so please just read it so you won't have to waste your time and mine.


The number one way to avoid being hacked on Gaia is to just not ever give out your password. It's as simple as that, but you must take further precautions to be safe. Remember, not even real staff members need your password. The only thing other than you that needs your password are the servers at gaiaonline.com. Nobody and nothing else needs it no matter how much they beg, plead, cry, threaten, intimidate or other wise try to convince you.

User Image - Blocked by "Display Image" Settings. Click to show.

After much convincing, I finally decided to open a thread in the Guides forum based on my journal entry. Clicking the banner at the top will take you to my original journal entry. All future updates to my guide will be here in this thread, the guide has outgrown my journal. Both will remain up. Please do not ask me for donations, even if you have been hacked. I will not donate, I will just get VERY annoyed with you. Please go to the links section and visit the list of charities.

This guide's intention is to teach you to recognize the threats and know what to do when you encounter them. It's important to remember that hackers are not preventable, but hackings are. This guide will "teach you to fish" but it's up to you to get the rod and bait and get out there on the lake. If you don't take the steps to prevent hackings, who will? This is not a job anyone else can do for you. You need to be vigilant where ever you go online, no matter what computer you use or what you're doing. Protect not only your Gaia account, but all other accounts and your personal information.

So what's with the hearts and the pink? Well a heart is a symbol for health and this guide deals with computer health. As for the pink, pink is light red and red is the color of the heart. I chose pink just to be a little different, red is used a lot to bring attention.

Please check the UPDATE LOG for all updates so you can easily find new information!
Please read the MISC THREAD STUFF section! Important info in there.

Proudly keeping Gaians safe since May 2006! Thanks for all the help and support.

User Image - Blocked by "Display Image" Settings. Click to show.

Table of Contents

♥ Introduction- info about this guide, gaia staff, terms and definitons, thread rules
♥ Examples of Scams- see screenshots and examples of many different types of scams
♥ Common Signs of Being Hacked- the most common signs that mean you've been hacked and what do to if you have been hacked
♥ Tips to Avoid Being Hacked- many tips that prevent being hacked and scammed
♥ FYI- important information about Gaia Online that you should know
♥ Basics of Account Security- how to keep your account and computer safe, safe passwords, downloads, sites to avoid, public computers, smitfraud trojans
♥ Link to this Guide- banner codes that link back to this guide
♥ Link List- links to other guides, guilds, petitions, shops
♥ Why Secondary Passwords Won't Help You- why this popular suggestion wouldn't keep your account safe
♥ Article Library- where to go for a good read and more info on keeping you and your computer safe.

User Image - Blocked by "Display Image" Settings. Click to show.

What does it mean to be Hacked?
Gaia FAQ Definition
US Legal Definition
The definition of hacking that I use is the legal definition, it basically means ANY and ALL unauthorized access to your computer or your computer accounts is a hacking. This includes but is not limited to entering your account after password scamming, brute force attacks and keyloggers. To those of you who wish to argue that hacking is only done by brute force attacks and keyloggers please do not bother to PM me or post here. If you disagree that's fine, but I am going to continue to use the legal definition and nothing you say will convince me to stop. You don't need to know the username of the individual who hacked you to be able to report them, the hacking report form does not ask you for that info at all. Be sure to read the instructions carefully and file a report immediately after you find you were hacked- there is a statute of limitations which is 30 days from the incident.

What does it mean to be Scammed?
A scam is when you are tricked into doing something. An example of a scam is a user asks you to trade them your kiki for a kitsune mask, wrapped in a gift box. You trade them and inside your giftbox is a pair of starter shorts. That user misrepresented themselves and tricked you. Users are always misrepresenting themselves as moderators to get your password. If you just give them your password, but are smart enough to figure out what you've done in time and change your password before your stuff starts disappearing you can report a scamming. Only report a hacking if your account has changes made to it that you did not make yourself. Once the password scammer gets your password and enters your account it has become a hacking. Like hacking reports you only have 30 days to file a report so do not hesitate. You DO need to know the username of the person who scammed you.

What can I use the "Report Abuse/ Harassment" form for?
That form is used to report users who continually harass you on Gaia. If a user is constantly trying to flame you, fight with you, talk to you or make any form of contact with you dispite asking them to go away, it's harassment. That's stalking. You can add a user to your ignore list and still report them, especially if they keep making new accounts to get to you. This form should not be used to report hackers, scams or people cybering in towns. This form is to report abuse that is directed specifically at you, as in you are being specifically targeted by this person or group of people.

WHEN REPORTING BE SURE TO ONLY SEND IN ONE REPORT PER INCIDENT. Sending in more reports wastes the moderators' time and slows down progress for everyone. Also if you do not fill out your report properly it will be canceled and you will have to file again. Because some reports have a time window it is very important for you to be calm and read everything carefully, do it right the first time! All questions on filling out the form can be asked in the Questions and Assistance Forum, do not hesitate to ask a question if you are confused.

User Image - Blocked by "Display Image" Settings. Click to show.

Important Definitions
These are some terms that will help you better understand this guide and make you slightly more computer-literate. These are words everyone should know!

malware: short for malicious program, bad software that harms your computer.
virus: a type of malware, a program or piece of code that attaches itself to another program, when you run that program you also run the virus. Viruses do "weird things" to your computer which can be as innocent and annoying as renaming programs or as nasty as stealing personal information and destroying data. Viruses can not reproduce by themselves.
anti-virus: a program that sniffs out viruses and removes them from your computer.
trojan: malware disguised as a benign, legitimate program.
back door: a deliberate security hole.
worm: a type of malware that self-propagates.
keylogger: can be either software or hardware, logs keystrokes and mouse clicks. Hardware ones can be difficult to spot, they often look like a normal USB or keyboard plug. See a picture of one here (it's the battery shaped object plugged into the back of the computer, please check for these on all public computers).
execute: to run a file, programs ending in ".EXE" are executable. Viruses can only be attached to executable files.
OS: short for operating system, examples are Linux, Windows Vista and Mac OS X. The main program on a computer which manages all other programs.
driver: program that allows hardware devices to "talk" to the OS.
application: a program.
software: a general term for programs.
hardware: physical aspect of computers, examples are RAM, video card and mouse.
GUI: said as "gooey", stands for graphical user interface. It's what you see on the monitor and use to interact with the program. GUIs are not text based.
drive-by downloading: program where the download launcher pops up unprovoked and downloading is prompted maliciously, such as by clicking the button to cancel the download launcher.
cache: stored copies of graphics contained on web pages to accelerate load times.
cookies: tiny text files that store information about you and transfer that data back to web sites, your login info is stored in cookies.

User Image - Blocked by "Display Image" Settings. Click to show.

The Real Gaia Staff
  • orange- admins
  • brown- developers
  • red- NPCs
  • green- moderators
  • forum/ moderator assistants

(blue usernames mean they are on your friendslist.)

All officials at Gaia will also have a specific title under their username specifying their role on Gaia. Anyone without a title underneath their username is NOT an official of Gaia in any way!

About The Gaia Staff:

Admins and developers are the ones who make the site, they create new features and fix code problems. The admins are the site creators, they make the site policies. They usually don't interact with users directly because they are very busy. (The automated Admin account now has an avatar and is no longer a shadow.)

That's why they have moderators. Mods enforce the site rules and investigate report forms. They deal with users directly. Mods are here to help and each title under their name indicates what they do specifically: Omni Moderators- Responsible for resolving account issues, hacking cases, and scamming cases. Global Moderators- Handle abuse and harassment cases, as well as help oversee ToS issues across the entire site. Site Moderators (formerly Dedicated GAIA Moderators)- Work in a specific part of the site, handling ToS violations and thread move requests.

Forum Assistants/ Moderator Assistants (formerly Gaia Helpers) assist mods with moving threads. Their powers only apply to the forum they work in. Mod Assistants do not handle ToS violations and can not ban users. Please do not PM them for help concerning ToS issues.

All staff accounts have more abilities than regular user accounts so they'd never need your password to check things for you. Mods and Admins can see your trading history with out logging in as you.

Moderator Abuse
If a mod has truly abused their power please send a detailed PM to one of the following admins: Dri or Siskataya. Do not abuse this. If you have indeed violated the ToS you have no right to report moderator abuse when you are banned. In order to report the abuse, you must be the one who suffered it. Please note that almost everyone who is banned is going to cry foul and moderator confidentiality prevents them from sharing the other side of the story. Nobody is ever banned unless there is clear evidence that they have broken a rule. DO NOT use this to report people who are not real moderators! If a person says they are a mod but do not have a colored username do not report them to the admins directly, report them to a real mod.

This is what a staff member's name will look like in forums and PMs:
User Image - Blocked by "Display Image" Settings. Click to show.
View a real NPC here
View a real admin here
View the complete list of Gaia Staff here

User Image - Blocked by "Display Image" Settings. Click to show.

A Special Message:
many users believe that the victims of such offenses are 100% at fault. 100% means that the victim did everything to lose his/her stuff: they PMed the person their password, hell they sent the trades too! now we all know it doesn't work like that...

the victims are guilty of nothing except ignorance. gaia does have warnings about password scamming but the info is not terribly accessible especially to vulnerable newbies who have no idea how the site works.

the victims are not at fault here. giving away your password is not against the ToS, but impersonating gaia staff, scamming and hacking are.

User Image - Blocked by "Display Image" Settings. Click to show.

Misc Thread Stuff

• bump only if off the first page, please keep bumps simple (no large images or giant posts)
• do not stretch the page
• typos/ incorrect info: PM me please
• submitting a scam: please post it in the thread- do not include live links to scam sites, please do not send duplicates
• link swapping: PM me your link/ banner code and I will add it to the links section
• reporting people: use the proper report forms. Please do not post the names of people who have wronged you, do not encourage harassment or harass anyone
do not use the banners if you are not going to link back here, if you use the banners with out linking back please credit the banner creator- it's rude to take things and not give credit!

The stuff in bold are the things i can not stress enough. If you want to submit a scam please look first to see if there is anything similar to what you are going to submit, also please NEVER EVER EVER EVER EVER EVER include a working link to a phishing site or provide the URL to one, that's not allowed! And please do not name drop, there is no reason to ever include the name of someone you think is doing something wrong. Chances are they've been hacked and their account is being used to scam people; don't go dragging other people through the mud. This stuff is the most important because they are not my rules, they are Gaia's.

User Image - Blocked by "Display Image" Settings. Click to show.

Update Log
03MAY07 added definitions, new scam screenshot, new downloads, updated links
06MAY07 added new post- why secondary passwords are useless, links to stuff about real staff
07MAY07 added admin account avatar
13MAY07 saftey report for zwinky
15MAY07 new scam examples
27MAY07 links to journal no longer work due to journal update, contest
04JUN07 naida's gold guide link added
16JUN07 new staff colors
23JUN07 alia's island hangout link added
01JUL07 new links, new banner
02JUL07 battle system scam added
19JUL07 important- new staff stuff O:
04AUG07 new scam!!
17AUG07 new guide added to link list
27AUG07 public computer safety added to account security
30AUG07 new announcement
03SEP07 added link to sig limits guide, house keeping
09SEP07 added new scam screen shots
17SEP07 added new scam screen shot
29SEP07 risk of using proxy servers added to account security
16OCT07 new scam screenshot
28NOV07 two new scam screenshots added
06DEC07 new scam screenshot
12DEC07 new scam screenshots added
28DEC07 two new scam screenshots
05JAN08 new scam screenshot
11JAN08 list of sites to avoid added
12JAN08 expanded list of sites to avoid, added more info on smitfraud, added anti virus for mac to downloads list
13JAN08 new scam screenshot
21JAN08 new scam screenshot
22JAN08 new scam screenshot
27JAN08 added important definitions
28JAN08 new announcement
30JAN08 added ad blockers for four major browsers to downloads
10FEB08 new announcement, new section- article library
12FEB08 general house keeping
15FEB08 new scam screenie
25FEB08 new definitions- read them!
26FEB08 new phishing scam example
1MAR08 big update to article library
10MAR08 new info added to common signs of being hacked
17MAR08 new scam screenie added
19MAR08 new scam screenie
31MAR08 housekeeping, new info for report forms
06APR08 article lib update
07APR08 battle sys scam announcement
11APR08 [my gaiaversary XD] new scam screenie
12APR08 new phishing scam
18APR08 new scam screenshot, Gaia is fixing this issue though!
24APR08 new scam screenshot
30APR08 new phishing scam (please look for the last scam in the phishing scam section)
03MAY08 new scam screenshot
10MAY08 new scam screenshot
12MAY08 new scam screenshot
14MAY08 two new scam screenshots, article lib changes- featured article
18MAY08 new mod promotion/ phishing scam example
22MAY08 update to misc thread stuff, please, please keep those rules in mind when posting here
25MAY08 new scam screenshot
28MAY08 new featured article- see art. lib.
29MAY08 new scam screenshot
08JUN08 new featured article- see art. lib.
16JUN08 new scam screenshot
18JUN08 new phishing scam (please look for the last scam in the phishing scam section) and new phishing scam screen shot
23JUN08 new phishing scam screenshot [involves marketplace]
02JUL08 new tip
06JUL08 new phishing scam screenshot
09JUL08 new announcement
13JUL08 new banners made by vazz
03AUG08 new phishing site screen shot (please look at the bottom of the screen shot section)
09AUG08 new phishing scam example (please look for the last scam in the phishing scam section)
05SEPT08 new featured article, a must read!
14SEPT08 "keeping safe from malware" added to basics of account security (look for green text)
22OCT08 new zOMG/ battle scam added to the phishing scams section. look for the little red "new" tag,
29NOV08 new scam screen shot

23JUN09 general housekeeping
18SEPT09 new featured article
24JAN10 housekeeping (:
19MAR10 new scam screen shot
5APR10 new scam screen shot
16MAY10 new scam screen shot
1JUL10 new article
19JUL10 new scam screenshot
06NOV10 new article
31DEC10 visit the basics of account security page for important information regarding the new information mining site, Spokeo
kage-ookami4's avatar

Dangerous Ladykiller

Report all PM scams with the User Image - Blocked by "Display Image" Settings. Click to show. button!

Standard Password Scams

Account Information

For some reason there has been a bug going around where we think the items people are transfering to others are keylogging them and stealing their stuff, in normal cases we would just check our database for there seems to be a blocking so we can not access your's. This either means your a hacker or you are in danger of being hacked, we require your password to scan your data and make sure everything is alright.

We realize this may seem strange and you may fail to trust us, but we strongly suggest that you follow along with us in finding and terminating this bug so that our fellow Gaian's may safely have fun on our site. If you fail to comply we will have to assume that you are a hacker and will take action against you with a ban.May i also remind you that you may stay logged in the whole time we run our scanner so you can assure nothing will be stolen or changed .


I am currently working for the Admin Dri.

this one is so lame it's not even funny. notice how it uses the name of a real admin, don't be fooled. the admins have MODERATORS to do work for them. no mods on gaia have such ridiculous faux official names, besides that you should all know by now that they're colored. don't listen to this crap, "seems to be a blocking" is bad grammar- that's a red flag. nothing would be blocking your account whether you're a hacker or going to be hacked, and if there was there is nothing they would need from you. all of our info is on gaia's servers. items on gaia can not contain keyloggers or viruses, it's impossible since viruses can only be attached to executable (program files) and you have to get them by downloading them (which you can do unknowingly). failing to comply is not the proof required to ban someone for hacking, you actually have to hack. nobody is banned on suspicion of being a hacker. it's not against any rule.

Ban Manager Scam
Recently we have recieved reports of your account containing botted gold. We are not saying you have recieved it intentionally,
but in order to maintain order and keep Gaia Online a fair community we must confirm that these reports are not true. So, we
at the Gaia Administration Team kindly request your password to check your account. Gaia Online uses MD5 hash encryption
therefore we cannot retrieve user passwords out of the system. This is a new program we are starting here at Gaia. The announcement
should be up within a half hour. Thank you for your cooperation.

Sincerely, The Gaia Online Administration Team

*In the past few months their has been an influx of impersonation administrative figures. Gaia Online does not think this is right. We will
also be updating our announcements on how to tell a real administrator from a fake one, as well. We are trying to create a safe environment for
everyone, therefore we must stop these scammers. When you get a PM from one. Report it right away

Don't be fooled by this! The Gaia Staff will not PM you information like this, we have the announcement forum for a reason (PMing before making an announcement makes no sense when you think about it). Gaia Staff will NEVER EVER, EVER, EVER, EVER, EVER ask for your password! Report PMs like this that come from ANYONE- regardless of username color and title.

Typical Password Scam
Attention Gaia User,

You have been suspected of "hacking" and "password scamming" other accounts. Frequent reports have been coming in with your name. In order to avoid an immediate ban we will need your password to check your trade history. If you are proven guilty but have cooperated your ban will only be temporary. If you do not respond in TEN minutes your account will be banned permanently.


The Gaia Administrators.


User Image - Blocked by "Display Image" Settings. Click to show.

Special Occasion Scams
Gaia Aniversary Scam
Congratulations lucky Gaian user! You have been selected out of 1000 other gaians to receive 50000 gold! We have been giving out free gold randomly for you and 999 other gaians for our 4th anniversary! We need your account information because our computers have been crashing trying to give out the gold for free because so many users have joined!
Reasons you should trust this message;

It’s our anniversary and we feel that we need to give out some prizes! Or better yet, gold!

Our computers have been crashing causing us to spend a massive amount of money for our business and we may have to start charging unless we stop trusting the computer’s to do our work.

Our computers have been giving these messages out randomly so there is no telling what they will do on their own, so we do it manually.

User name:
Thank you for accepting our gifts!
Gaian Prize Giver

1. free gold is never randomly given out by staff members themselves. it would be automatically put into your account.
2. if it were crashing, they would take it down and fix it before using it again.
3. gaia staff would not need your freaking account info to do that. they are staff accounts what is the point of being staff if your account is the same as a regular user's?
4. gaia will ALWAYS be a free site. a change this major would be announced officially using the announcement system.
5. once again, if a feature on gaia is broken, it's taken down. anyone who's been on more than a month knows this all too well.

Gift Box Scam/ Leaving Gaia Scam
I will trade you 1 of my items for your item your selling
~) No begging!
~) No more than 1 item!
~) I wont be your friend!

The items to pick from:
1 Nitemare Scarf, 1 steel plated ninja headband, 1 baby seal slippers, 1 penguin slippers, 1 Golden Laurel.

Why are you doing this?
~) Im leaving Gaia

If your leaving why do you want my item?
~) I dont really..im just taking bad deals instead of giving them away

Why dont you give the rare items to your friends?
~) Im rewarding trustworthy Gaians. If you trust me, ill trust you and give you the item you asked for. If you dont trust me, i have no reason to make you happy by taking a bad deal.

Why giftboxes?
~) When you open a giftbox, theres a small explosion of joy inside you.
~) That and i have to know that you trust me

If you dont trust me or you think im a scammer go ahead and report me. IM LEAVING. and im sure theres someone else who wants these items


User Image - Blocked by "Display Image" Settings. Click to show.

Beta Testing Scams/ Phishing Websites
GaiaLabs.com- Phishing site
From : Gaia Online <Gaia@anihq.com>
Reply-To : Gaia Online <Gaia@anihq.com>
Sent : June 6, 2006 7:36:30 PM
To :
Subject : Gaia Online :: Tester
Dear Gaians!
If you have noticed we have been making alot of changes!
We have so much on our minds.
A new development has been planned!
A new server!
You, have been picked out of a few Gaians to test this out.
Just like others were chosen for the Gaia Towns Test.
The following link is to the test.
Please, do NOT give this out to anyone else.
If to many people attempt to log-in it will crash!


The Gaia Online Team

This was sent in a legit looking e-mail masked to appear from the Gaia Online and ANIHQ Domains (those are the real domains Gaia uses). It takes you to a site that looks just like Gaia to "test a new server" (CHECK THE ADDRESS BAR, IF IT DOESN'T SAY "WWW.GAIAONLINE.COM" DO NOT LOG IN!) The links worked on this fake site- but took you to the REAL Gaia. After you logged in to the phishing site you went to the real Gaia and were hacked very shortly after. This site has been since shut down but there are always more out there.

Test Selector For Beta Site Scam

You've been chosen to test out some new gaia features. The new features consists of; new dress-up's, various items, and as a gift, you will be able to keep the new items.

If you accept, please click the link provided, log in, and on the first page there will be directons for you to follow. If you decline, please ignore this message. Thank you for your service- Beta Selector Testing


Dear Gaian,

You Have Been Selected To Join The Battle System Beta Testing. Congratulations!
I will give you a link near end of this message. Let me give you some information first.
Everything you have done on Gaia has been watched believe it or not. Ever good thing you've done; you recieved some secret rep points from MODs and ADMINS. Once you log into the Battle Arena Login your rep points will be totalled. If you rep exceeds a certain number you will be accepted and you will recieve a PM in 2 days time.



Watch Out For This Battle Scam
BATTLE SYSTEM BETA TESTING PMs: beta testing does not come by PM especially not by non-staff members. Staff members will NEVER EVER have regular users send messages for them. Beta testing is done through the official beta testing group "SCAS" only (if you are not a member of SCAS you will not be beta testing, you will not be invited to SCAS by PM either)! Do not be fooled by well constructed phishing sites, always check the URL to make sure it is on the gaiaonline.com domain. See here that the domain is "betabattle.com"!

arrow MOD APPLICATION SCAM--PHISHING SITE The second link leads to a phishing site. Do not click links with out checking where they really go first (mouse over it and look in the status bar or right click it and choose properties and look at the address), NEVER enter your password any where except WWW.GAIAONLINE.COM! Please note that the mod application is designed to take only 100 at a time for a reason, it's not an "issue" or a glitch. It's so the people reading them don't get swamped with more applications than they can handle. If you get this PM, REPORT IT.

Phishing Scam
Hi. I saw you posting in the "welcome to gaia" threads, and I wanted to tell you that I've been getting problems. Some of my friends looked at it, and they got hacked. >.< I'm scared. They all ignored a warning they saw. You seem really nice. Can you please help me sort this out? I tried talking to the mods about it, but they can't do anything. They have been banning the hackers left and right on that site. It would mean a lot to me if you could. Maybe you can even add me please?
big problem with new site

The last line includes a link to a phishing site. Look VERY carefully, gaiaonline.com is the correct site, stuff like gaia-online, gaia_online, gaiaunline, gaiaonl1ne are NOT GAIA.

Failed Login Attempt Phishing Scam
We have detected multiple failed login attempts have been made on your
account, in a total of 5 times,
therefore your account on Gaia Online will be blocked, unless you login through this link: [scam link]
This is done to ensure maximum security for your account.

If you are receiving this e-mail without trying to login at Gaia Online,
you should login to the site using this link: [scam link]

At Gaia Online, we try our best to protect your account, but the best protection
can only start with a strong password. Please consider the following when
choosing your password:
- Never use a "simple password" like your birthday, your dog's name, etc.
- Use both number and letters in any combination
- The longer the password, the better
- Change your password often
- Avoid using your password at Gaia Online on any other webpage

If you have any questions, feel free to ask, we're always here to help.
Be safe and have fun!

- Gaia Online - [scam link]

If you would prefer never to recieve e-mail from Gaia Online again, please click here:
[scam link]

This looks fairly legit, as it comes by e-mail and is pretty much copied directly from the real one. The major red flag is that it says you'll be banned if you don't login through a certain link... one that just happens to NOT be "gaiaonline.com". Always check the URL!!!

Leaving Gaia Phishing Scam
Hey want my ninja headband for 1k?

Im leaving gaia. Dont ask why,

Go to my store and bid on it!
ill accept it for 1k!


Click here to go bid on it!!

If they're leaving why are they making you pay for it? hmmm... either way the link goes to a phishing site, you'll appear as logged out but don't dare log in because they'll steal your info! Don't enter your info unless you're on GAIAONLINE.COM!

Gaia Secrets Phishing Scam
From: PosionMushie
To: _______
Posted: Mon Jun 16, 2008 5:27 am
Subject: Hi, I just found....

Hi, I just found this site with some secrets for Gaia.
Thought about showing it to people with avatars I like. You are one of them smile
Well anyways, the site is so cool, it has some secret admin info too!
Check it out!

As you can guess the site with the secrets is gonna ask for your username and password... don't be fooled by the promise of cool stuff.

Phishing Scam
Hey, please visit my friends guild. If you check it out and comment, he'll give you 10k!! 10,000g!!!! (: Gaia is currently having some retarted glitches -_-, so following this link MAY log you out of your account, but not to worry (: cuz when you log back in, it will take you straight to his guild. (: But you HAVE to pm me back as SOON as you comment the guild, so I can tell to give u the 10k. (:

Notice how it tries to explain away the big clue to a phishing site- being logged out. Yes, sometimes Gaia does log you out but there are 2 things you should do if you are unsure about being suddenly logged out: 1. look at the URL, not Gaia? RUN AWAY! 2. go back to a page you know is Gaia and refresh it, are you really logged out? If you are, log back in at that page and not the page that you are unsure about.
zOMG ReIease Informer
The time has come, the anticipated MMO Game of the Year and in the World of Gaia. Now Gaia had become as one of the most popular web based community forum and an avatar based website.
And now we are expanding The Virtual World of Gaia is here and now it is the time, the much awaited official launching of The Virtual World MMO of Gaia called zOMG!.

We have separated the game site to avoid critical errors like what happened in the beta test last August, we will give you the specified link to play the game, and here it is "gaia-zomg.co.nr"

Gaia has the announcements forum for a reason, they would never bother to use PMs. it would take forever to send the message to everyone. Also gaia would never put it on another domain, they have plenty of test servers and i'm sure they'll be well prepared for the official release. This PM comes from a new account with a black username and wears a starter set- big tip off. The staff would never have non-staff accounts do their work. Note: the lower case "l" in release is actually an upper case "I"... spelling fail.

User Image - Blocked by "Display Image" Settings. Click to show.

Moderator Promotion Scams
What You Should Know
ADMINS WILL PROMOTE USERS TO THE MODERATOR TEAM. THEY WILL NOT ASK YOUR PASSWORD TO PROMOTE YOU. The Moderator Application asks your password to digitally sign the legal contract and provide proof that you are the account owner to prevent fraud. You're not giving out your password and you are entering it on Gaia, it's just like entering your password when you want to change your account info or make a trade.



We the Moderators of Gaia have decided to make you a fellow Moderator. When becoming a Moderator you recieve 50,000 gold every month. You get to ban users who fail to follow the ToS For you to become a moderator we need some information from you. Here is the information you need to fill out.


Thanks for your time

The Gaia Moderators

please remember that they don't need your password to do this. moderators are VOLUNTEERS which means they recieve no monitary compensation- real or Gaian, however they may be rewarded with a little gold here and there for doing a good job (but that is in no way a "paycheck")... and duh, check the username color.

arrow MOD APPLICATION SCAM-- PHISHING SITE The second link leads to a phishing site. Do not click links with out checking where they really go first (mouse over it and look in the status bar or right click it and choose properties and look at the address), NEVER enter your password any where except WWW.GAIAONLINE.COM! Please note that the mod application is designed to take only 100 at a time for a reason, it's not an "issue" or a glitch. It's so the people reading them don't get swamped with more applications than they can handle. If you get this PM, REPORT IT.

Mod Application Scam
Mod applications are back open! This is an automated message to tell all members that you may apply for Gaiaonline Moderator! Only People Who we find worthy may apply, you must have been a member for at least 5 months as well! We will do a background check to make sure you are trustworthy with these jobs so don't apply unless you are 100% dedicated.
User Image - Blocked by "Display Image" Settings. Click to show.

As usual, the image is a link that takes you to a phishing site. This one is quite clever as it has a mock up of the redirection page that says "oops this is actually part of gaia" and shows the link as being on gaiaonline.com... however, that url is masked. The site may look just like gaia (with a few minor differences- look carefully at suspicious sites) but look at the address bar!!!!!!!!!!!!! There is a slight typo that many may not even notice, always be sure to look carefully! There's no reason to fall for this if you pay attention.

User Image - Blocked by "Display Image" Settings. Click to show.

Chain Letter Links/ Worm

a while ago there was a worm on gaia that exploited the "remember me" feature and the "friends@gaia" PM system. if you clicked the link in the chain letter it would automatically send the PM to everyone on your friends list as YOU! it would just say "check this out! link" so it would be very unsuspecting. the link however was a javascript code. if you had your login set to "remember me" it would instantly grab your login info. if not, you would be brought to an odd screen asking for your username and password. many people were hacked as a result of this even though the admins stopped it with in an hour. that is the power of a worm, it self replicates. the threat from this is over, for now at least.

this is why chain letters are VERY bad.

User Image - Blocked by "Display Image" Settings. Click to show.

Finding the RED FLAGS in a Scam

NOTE: purple is no longer a staff color, all moderators are green.
User Image - Blocked by "Display Image" Settings. Click to show.
User Image - Blocked by "Display Image" Settings. Click to show.

User Image - Blocked by "Display Image" Settings. Click to show.Screen Shots of ScamsUser Image - Blocked by "Display Image" Settings. Click to show.
to submit a screen shot please post it in a reply to this thread, if you do not want your info shown, edit it out before submitting.

All of these scam PMs have two things in common:
■ they come from regular user accounts, not staff accounts
■ they want your personal information- never give that out!!

  • Password Scam- "free gold and hack protection" This one looks fancy with all the images and colors, but note that the username is not colored and it asks for your password. By the way, fake currecncy won't pay the bills, a system like this would doom Gaia.
  • Scam-"Free Collectable" Please note that giving free collectables totally defeats the purpose of them. Gaia relies heavily on the sale of these to cover operating costs. Aside from that this scammer has "dumbass" written all over him.
  • "Official Admin Private Message" Don't be fooled by fancy graphics, they're asking for your password which no admin or moderator will ever need. Notice it provides a bogus Yahoo e-mail account, Gaia has it's own domain. Gaia bans are typically 3 days, 14 days, then permanent (as in forever). Also notice that it says it's an admin PM, but in the message states they are a moderator- there is a BIG difference between the two.
  • Typical Password Scam Remember that it's not that the staff won't ask for your password, it's that they don't need it! As usual, it's obvious he's not a staff member.
  • Phising Site Always check the URL to make sure you're at the real Gaia Online. Gaia Staff NEVER sends PMs asking you to login any where so they can asses your account. If your account ever gets reported you won't get a PM saying so, the situation will be investigated by a real mod and no password will ever be needed. Staff members do not send "official PMs" with fancy images and links and such.
  • Ripway cookie grabber scam Always, always, always look at the links properties or mouse over it view the URL BEFORE CLICKING. This is so important!!
  • "Account Review" This lame attempt tries to convince you that the administration needs your password to check your account. If the staff "sometimes" needed your password, why would they say they "never" needed it? There is a HUGE difference between the meaning of the two words. Staff accounts are more than just pretty colored usernames, their accounts have more abilities thus the not needing your password to check your account. They can see more stuff about your account that you can.
  • Typical Password Scam As always, don't be fooled by fancy images, official sounding names or shadowed avatars. Notice the REEEEEAAAALLLLY old banners (from 2004); Gaia no longer describes itself as a roleplaying community. What official would use outdated banners?
  • "Security Walls" Don't be fooled by made up official sounding jargon. The Gaia staff will never need your password to check your account, even if a server blew up or Lanzer got Alzheimers. As always, the Gaia staff have colored usernames, staff titles and NEVER has official sounding names except for Admin (which has an orange username).
  • "Official Admin Message" No staff accounts have shadow avatars, Gaia is copyright 2003 (see the bottom of the page LOL), admin PMs do not contain graphics or stupid little numbers that are meaningless and they don't need nor ask for personal information. Once again, just to reiterate if they sometimes needed your password they would not say over and over and over again that they NEVER need it- common sense should tell you that.
  • "And the winner is..." Clicking the link sends you to a phishing site (a site that asks for your logon info).
  • Classic Avatar Arena Phishing Scam In this scam a hacked account is used to send out seemingly harmless advertisements, beware of links though. Never enter your password any where except gaiaonline.com!
  • Gold Selling Aside from it being against the ToS to buy gold, these sites usually request your personal information which is used to hack you. If that's not the catch they're giving you botted gold and then you wind up banned for that. DO NOT BUY GOLD!
  • "Gaia Ghost" This scam contains an image that links to a non-gaia online website, i do not advise clicking it if you receive this PM. It advertises scripts for botting to "make the big bucks", if you do use these methods to earn gold you WILL be banned. Most likely this site will also phish for your gaia account information as well.
  • Give Away Scam The link in this scam is masked by using tinyurl, but it probably leads to a phishing site. Always check links and never click them when they come in messages like this 9 times out of 10 they are a scam.
  • Gold Selling In addition to being against the ToS many of these sites are phishing for your personal info- including your credit card info.
  • Gold Selling in Towns Same as above, don't ever buy gold.
  • Typical Password Scam The issues with this scam are pointed out in pink.
  • Typical Crappy password Scam with Frills Don't be fooled by pretty colors and graphics, this one is full of s**t. Rainbow colored s**t is still s**t. This scam is just like the one above only with colors and pictures. If it asks for your password, it's a scam!
  • The Extremely Stupid Password Scam Everything you need to know is shown in pink in the image. Enjoy.
  • Guild Joining Scam This scam promises gold to join the guild, but the link is masked and really leads to a phishing site.
  • Phishing Site This poorly written PM includes links to a phishing site. Don't be enticed by free gold.
  • Item Duplication Scam There are many things that claim to duplicate Gaia items but I have never heard of one actually working, first and foremost. Secondly, of course this is against the ToS and of course the staff will find out. Thirdly I can almost guarantee the website will phish for your account information and/or give you some nasty malware... perhaps a keylogger or maybe even cookie grab. It's best to just not even try to find out for sure.
  • Classic Phishing Attemp clicking the image will take you to a phishing site, doing a mouse over shows that the URL is hidden by a URL shrinker. These scams often ask you to click a picture to comment, vote or go to a contest. Always check links before clicking and always check the address bar before entering your password.
  • Mod Promotion Scam First and foremost only an admin (someone with an orange username and a tag under it stating they are an admin) will invite you to the mod team. Mods do not get huge rewards when joining either; mods do occasionally receive gold "payments" for doing a good job but nothing like that. If it states "this is not a scam" it probably is one. Remember that as of now the only way to become a mod is to fill out the application. This application is not a PM asking for your username and password, it is a complex questionnaire. The silliest part of this is the last part where he makes lanzer sound like god and asks you to sign off... why would you ever have to sign off?
  • Typical Password Scam V. 2.0 Notice that it now asks for your e-mail but is still dumb enough to ask for your password, which you will not be able to send. As always it tries to fool you with official sounding crap and pictures. The two biggest things to look for that are a surefire sign of a scam are the username color and asking for a password.
  • Another Take on the Typical Password Scam Some of the faults are pointed out in the picture, notice the double copyright for one. Serious ******** there. People are always trying to fool you with fancy colors, numbers and words but when it comes down to it you only need to look for ONE THING: is it asking for your password. Even if the username is colored orange, even if it's lanzer himself, if it asks for your password REPORT IT!
  • Password Stealing Prompt from an Image Notice that it is NOT ON THE GAIAONLINE DOMAIN! Ignore these suckers, do not enter anything in them. If Gaia were to implement an anti-botting measure like such they would announce it... and duh, it would not be "galaonline.freewhateveritsays.com", it would be on the gaiaonline.com domain.
  • Typical Password Scam Via E-mail This is your usual password scam but notice how it has two things that don't make sense: "IP username", such a thing does not exist and "PMB" instead of P.O. Box... but as always if it's asking for your password it is 100% scam. When it comes by offsite e-mail there isn't much Gaia can do about it but most e-mail providers have a way you can report phishing scams like this.
  • Scam in the Flash Games [example two] This scam takes place in Jigsaw but is possible in all the games, someone with a black (not orange) username is claiming to be an administrator and offers you an obvious link to a phishing site. This is not a new scam but it's not as common as others.
  • Gift Phishing Scam This is a particularly obvious scam, nobody should be dumb enough to fall for this one. Remember all staff accounts have colored usernames... but really this on is just beyond pathetic and you shouldn't even have to check for color.
  • Recent Example of a Typical Password Scam Here in this scam it has a "hint" that you can't send your password in PMs so you have to send the characters separated by dashes (some scams request spaces or underscores). I want everyone to sit and think about this one... why would Gaia make is so hard to send your password [and tell you a gazillion bazillion million times they'll never want it] if they were going to occasionally ask for it? Now even dumber... check the example, it doesn't show the password with dashes (lol fail). As usual these morons can't get the copyright info right even though it is on EVERY SINGLE PAGE.
  • Example of a Phishing Scam Clicking the picture takes you to a phishing site where you are asked to enter your information. This however should be an obvious scam to anyone who has been on this site more than a month. Even if it really worked you'd still be in trouble!
  • Ripway Phishing Site See how well Gaia can be copied by scammers who actually put some effort into it. However, you need only look one place: the address bar. This is not gaiaonline.com and therefore is a phishing site- do not log in! Also, duh, this should be obvious but you're not going to get a random/ rare event unless you're logged in already.
  • Same Phishing Scam, Different Variation This scammer tries to make it look like he quoted Lanzer, but he just took an image of the scam, made it a link and put a fake quote box around it. If Gaia were to have a giveaway they wouldn't send out regular users to quote the staff and send it to everyone... i mean they do only have an announcement system.
  • Contest Scam This is the typical contest scam, it includes a picture link (masked by a URL shrinker) that leads to a phishing site. Don't ever be fooled by the promise of items or gold.
  • Gold Generator Scam This is a phishing site, notice the URL is not gaiaonline.com... don't be fooled by convincing imagery, that can easily be copied. It's not Gaia and it's asking for your password- AVOID IT.
  • "1000k Give Away" Scam... As usual it takes you off Gaia to a site that copies Gaia's layout and tells you that you need to login to see the give away. URL shows it's not gaia.
  • Marketplace Phishing Scam Looks like Gaia huh? Well it's not, notice the blurry image of the ninja band, it's not like that on Gaia. Not to mention if you could see the URL it wouldn't be gaiaonline.com. DON'T BE A FOOL CHECK THE URL.
  • Gold Generator Phishing Scam Don't rely on the redirect warning to tell you that you've left Gaia, that little thing can be coded away and scammers have been doing that for years. Don't be fooled by testimonials, those can easily be faked as well. Don't be fooled by text links that look like a URL; see how my links say words? I can easily change them to say "http://..." whatever web address I want. If you click that link and look at the address bar it will be obvious that it's NOT GAIA.
  • The Better Phishing Site Notice how you look logged in? This is a slightly better attempt... but looking at the URL you can still plainly see it's not Gaia. When you click the gift box it will take you to a page that says you are logged out.
  • "Community Spotlight" scam, all the flags are pointed out in the image. This PM scam should be painfully obvious to most people.
  • Gaia Online Vault If it looks too good to be true it probably is. This one should be pretty obvious.
  • Fake towns login looks like the typical towns login but check that URL. The real towns URL looks like: http://www.gaiaonline.com/launch/towns.
  • Fake login prompt, these should be obvious since you can clearly see it's not gaiaonline.com asking for your information. Just click that big red X, report the thread (or user if you can figure out who it is) and move along.
  • Classic PM Scam, typical scam using fancy graphics and quoting the TOS to make it "official". What is it with scammers putting "copyright gaia interactive device"? The correct CR info is on every page! Also note in image 2 it asks you to type your password with spaces so it can get through the filter.
kage-ookami4's avatar

Dangerous Ladykiller


  • were you logged off recently and noticed something gone afterwards?
  • did you give your password out?
  • did you enter your password into a "new server", "gold generator" or something like that?
  • is your username and/ or password suddenly different?
  • did your avi's gender suddenly change?
  • are you suddenly missing items? [there is a glitch that does this sometimes]
  • is your profile different?
  • are there posts in your posting history that you did not make?

Oh Noes!
kage-ookami4's avatar

Dangerous Ladykiller


  • above all, just don't give your password to anyone. i can't make this more clear. most hackings on gaia are done by the people who scammed you for your password. if you don't give them your password you will be fine. you should never have to think "should i give him my password?" if you ever consider giving out your password, SMACK YOURSELF SILLY!!!!! there is nobody in the whole world who will ever need your gaia password for any reason other than YOU!

  • if you have actually been hacked, on the forum index there is a [report a hacking] button.

  • "shadow avatars" are just avatars that have been deleted and not remade. they are not proof that some one is a member of gaia staff. anyone can get a shadow avatar.

  • mods and admins will NEVER ask you for your password. they don't need to know it.

  • mods and admins will only contact you via PM or gaia's official e-mail, which is not a yahoo or hotmail account. it is on the gaiaonline or anihq domain ONLY. they will never contact you about gaia on instant messengers.

  • admins and moderators have different color usernames.

  • mods will not moderate on mule accounts.

  • if the admins have something to say regarding the site, they say it in the announcements forum. they will never e-mail you regarding site wide problems or ask for your passwords to save your account from resets and the like.

  • do not type your username any where except the official password box when you go to log in, the trade window or the account page. [ALWAYS CHECK THE ADDRESS BAR TO MAKE SURE YOU ARE AT WWW.GAIAONLINE.COM] watch out for phishing sites which copy gaia online's home page. some even have working links, which link back to real gaia pages.

  • gold bots do not exist. they do not choose a person at random every month to give them gold. they are however, a scam to get your password.

  • do not give your password to friends. not even your best friend.

  • don't share accounts. this is a very bad idea.

  • do not give hints to your password. if your password is "daisy" don't tell someone that your password is a flower.

  • make a secure password. do not use words in your password. "daisy" is not secure. D@s1Y_ is more secure because it uses a combination of upper and lower case letters, numbers and special characters [~!@#$%... etc]. a good password would be something that includes all those elements and is also at least 8 characters, the more the better.
    how to make a secure password!

  • change your password every so often. don't have the same password for more than 4 months. make sure to remember your new password and that it is as secure as your last one. changing your password too often will just cause you to forget it, and a forgotten password is just as helpful as a crappy password. i personally change mine every 3 months, like i do at work.

  • if a gaia online user is asking for your password, report it to a moderator by PM. if it is by PM, just use the "report this PM" button.

  • TAKE A SCREEN CAP! taking a screen cap is not always necessary when reporting by the forms but it might be handy to save the information for your personal records.

  • do not delete any PMs that could be considered evidence. deleted posts can still be seen by moderators but your inbox is personal.

  • if someone says they can get you gold or items if you give them your username and password, report them, they are scamming you- send a PM to a mod.

  • if someone threatens you like "give me your password or i'll report you for being a hacker and then you will get banned, trust me, i know the admins and they will do it" REPORT THEM. do not listen to these morons.

  • your password is not necessary to give someone to fix your profile page. if they ask for it, report them ASAP.

  • accounts are never deleted. nobody will delete your account. report all threats to do so to a mod by PM.

  • if you think you may have been hacked, check your trades: click here to check your trading history ! if there are trades that you did not willingly make, report a hacking!

  • IF GAIA'S DATABASES EVER GOT A VIRUS THAT DESTROYED PASSWORD INFORMATION THEY WOULD NOT NEED YOUR PASSWORD. your password would be destroyed- it wouldn't exist. If this happened you'd just have to create a new one, but note that it's highly unlikely that a virus would just corrupt the password database. gaia would probably be in for a big ol' rollback. there would be an announcement about it, you'd never be PMed in this case.

  • info on password scams from Jakobo (a REAL admin) CLICK HERE

  • run virus scans regularly! keep your anti-virus program up to date. it's also a good idea to have a firewall program as well. if you don't have any anti-virus software, click HERE to download a free one. this will help to keep you safe from viruses that have key loggers. more info on account security.

  • don't sell your password for items and don't buy someone's password. i got a PM from someone selling their password for 100k, this reeks of scam.

  • ALWAYS check links before clicking them. Check all links, even if they look like a URL or an image, they could have one of my banners for this thread but have it linked somewhere else- somewhere dangerous. So always check before you click, it's like looking both ways before crossing the street.

    Here's how:
    method 1- mouse over the link (don't click it!) and look in the status bar, you will see part of the URL, usually enough to tell if it's suspicious

    method 2- right click (don't left click unless you have your mouse buttons switched) the link and go to properties. this will show the location/ address.

    Don't follow links to places that have URLs that go to places like "gaia1online.com" , "gaiabetatesting.com" and other variations of Gaia Online, they are usually phishing sites. Beware of links that say "ripway"!!!

  • the hacked friends request system in Gaia flash games is nothing to worry about, same goes for the blue text messages. these people are just using a packet editor and do NOT and can not get into your account.

  • DO NOT GIVE OUT THE ANSWERS TO YOUR SECURITY QUESTIONS! THAT'S AS DUMB AS GIVING OUT YOUR PASSWORD... These questions are like "what is your mother's maiden name", "what was your grandfather's occupation", "what was the name of your elementary school", "what was your high school mascot", "what is your favorite car"... those are just a few of the more common ones. It's important to remember which are yours! If anyone asks you a bunch of random questions, don't answer. Please avoid those Chatterbox Forum questionnaires, the ones that have you answer a bunch of questions to get gold for posting. People will ask for these and your e-mail so they can reset your e-mail password, get into it then reset your Gaia password and hack you that way. Hackers are getting sneakier because you can't send your password in PMs.

  • HOW TO PREVIEW A TINY URL LINK: copy the URL into your browser address bar "http://tinyurl.com/492we3" type in the "preview." in front of where it says "tinyurl" so it looks like "http://preview.tinyurl.com/492we3". Go ahead and press enter now and it will show you where it redirects to. Under that TinyURL also gives you the ability to set it to automatically preview links for you, just remember that if you enable previews on TinyURL and clear your cookies you will probably have to enable them again.

  • don't rely on gaia's redirection warning to tell you when you are leaving gaia. you can code that out, many phishing sites are starting to do that so always check the URL in the address bar to make sure you are at gaiaonline.com (if "gaiaonline" is not right in front of ".com" you are not on gaia). the following are NOT GAIA: gaiaonlline.com, gaiaonliine.com, gaiaonline.battle.com, gaiaonline1.com, goldgenerator.com/gaiaonline

User Image - Blocked by "Display Image" Settings. Click to show.
kage-ookami4's avatar

Dangerous Ladykiller


  • Do not buy gold with real money, neopoints or any other non-gaia online items/ currency. Most of those sites that sell gold will ask you for your password. Regardless if you get hacked as a result of buying gold you will be permanently banned. Buying gold is against the ToS. Buying "time with gifts" is the same as buying gold- it's still going to get you banned.

  • Gaia Online will not give you viruses, it will not give you the blue screen of death or any hard ware failures. Gaia doesn't put anything more than harmless cookies and temp internet files on your computer (text and image files). If you expirience computer trouble after following a non-gaia link that you found on Gaia (like in someone's signature, etc) it's not Gaia's fault. Gaia Online will not harm your computer.

  • To ease any fears you may have, nobody is banned for no reason. Most people are banned because they do not know and understand the rules. If you would like clarification on a rule be sure to ask in the Questions and Assistance forum. Remember, that all reports are investigated by a moderator. Humans do make mistakes, but this is a rare occurance. To contest a ban please fill out a Feedback Form (click "Contact Us" at the bottom of the page). Also, do take note that almost everyone who is banned is going to claim it was wrongful and for no reason. Because of moderator confidentiality both sides of the story can not be made public.

  • Look for spelling and grammar errors in official sounding messages. Occassionaly Gaia staff does flub a word or two, but an official message will never look like it was written by a second grader.
kage-ookami4's avatar

Dangerous Ladykiller


Keep your Password to Yourself
Never share your password. It's as simple as that, don't tell it to ANYONE. Think of your password as your 'deepest, darkest secret'. This goes for ALL your passwords. Think about it, if you use the same username and password for everything, once one thing goes the rest will follow, hackers will try previous passwords that worked first. Also, if someone hacks your e-mail they can reset your gaia password and get you that way.

Make your Password Special
LINK Learn how to make a good password here.
If you're smart enough to keep your password a secret, a strong password will protect you from brute force attacks. Brute force attacks are when people try to guess your password, this is not as pathetic as it may sound- hackers create programs specifically to guess passwords. LINK Check out how long it takes to guess your password.

Basics of a Good Password:
- at least 8 characters in length ->abcdefgh
- includes capital and lower case letters ->ABCDabcd
- includes numbers and special characters ->1234!@#$
- does not include words of any language, it should be random
- does not include keyboard patterns -> qwertyui
examples (do not use these, please make your own for security reasons):

Passwords like these are not that hard to remember. Make up a song or something. It's very important that your password is not only strong, but that you remember it. Practice typing it many times if that helps you.

An Apple a Day...
Make sure you have good solid virus protection. This means having an anti virus program that scans and removes virus, actively searches your PC for viruses and a firewall. Keep these programs up to date, check for updates often because having the most up to date virus definition files is essential to keeping your PC safe.

Scan for viruses often. Yeah, it takes a long time but it's totally worth it. Scan after you download something, scan after you update your definition files, scan once a month at least! If you don't use it you might as well not even have it on your computer.

Keyloggers are programs that log your keystrokes (they record what you type and click) and send it back to the hacker. Keyloggers can come in viruses, especially trojans. Don't download any programs with out checking it out first, look on a search engine. Chances are, if it's got an issue someone has made a note of it some where on the net. Always save the program instead of opening it/ running it and scan it for viruses before installing it. I only download programs from official sites- sites that belong to reputable businesses. Keyloggers can also be dowloaded with other spyware as part of a software package. Beware of those free smiley, dress up avatar and cursor downloads!

Safety Report for Zwinky DO NOT DOWNLOAD ZWINKY! It's full of crap, viruses/adware/spyware and a couple of tracking cookies are all yours if you decide to join. The creator of Zwinky/ Smiley Central/ My Web Toolbar should probably be taken to court and/ or dragged in the streets and beaten because the end user agreement of these products state you will not get any malware- LIES!

MYWEB Toolbar is SPYWARE. Remove it immediately if you download it. It comes with Zwinky and Smiley Central among other things. More Info and How to Remove it.

Public Computers!
Public computers are dangerous and should be avoided whenever possible. If you have to use them you need to be very cautious. Here is an article that will help you be safe on public computers: Danger, danger: 5 tips for using a public PC By Kim Komando.

Risk of Using Proxy Servers
The following info is from whatismyipaddress.com: In using a proxy server (for example, anonymizing HTTP proxy), all data sent to the service being used (for example, HTTP server in a website) must pass through the proxy server before being sent to the service, mostly in unencrypted form. It is therefore possible, and has been demonstrated, for a malicious proxy server to record everything sent to the proxy: including unencrypted logins and passwords.

By chaining proxies which do not reveal data about the original requester, it is possible to obfuscate activities from the eyes of the user's destination. However, more traces will be left on the intermediate hops, which could be used or offered up to trace the user's activities. If the policies and administrators of these other proxies are unknown, the user may fall victim to a false sense of security just because those details are out of sight and mind.

The bottom line of this is to be wary when using proxy servers, and only use proxy servers of known integrity (e.g., the owner is known and trusted, has a clear privacy policy, etc.), and never use proxy servers of unknown integrity. If there is no choice but to use unknown proxy servers, do not pass any private information (unless it is properly encrypted) through the proxy.

★ ★ ★ Keeping Safe From Malware ★ ★ ★
CLICK HERE for more information!

User Image - Blocked by "Display Image" Settings. Click to show.

all links go to the SiteAdvisor report for the website- not the dangerous website
funwebproducts.com and all related products including zwinky, myweb search, cursor mania, pop swatter, my mail stamp, my mail stationary, popular screensavers and more
zango.com anything that has zango in the end user agreement is bad bad bad!
myglobalsearch.com affiliate of myweb search bad bad bad!!!!!!
buykinoki.com kinoki foot pads are a real life scam
shopfree.net avoid those "free ipod/computer/tv/etc" sites!
spysheriff.com/.net one of many smitfraud sites.
antivirus-gold.com/ antivirusgold.com another smitfraud.
performanceoptimizer.com smitfraud trojan.

The Firefox web browser does not use Active X control, anything that asks you to install Active X for Firefox is a VIRUS!

SmitFraud [Trojan] Anti-Virus Programs:
If you have a virus posing as an anti-virus program here is a quick fix to remove it: SmitfraudFix. I have personally used this many times and it works wonderfully. Smitfraud trojans are especially difficult to remove, most anti-virus programs can not get them off your system completely. Smitfrauds are dangerous computer hijackers that can destroy your system. If you get anything that pops up and tells you to download something to watch a video, or something that says you have a virus on your system and it's not your anti-virus program DO NOT CLICK ON ANYTHING. Either bring up the task manager (ctrl+alt+del/ ctrl+shift+esc) and close it, Alt-F4 all browser windows or press the power button on your computer. Clicking anywhere on these things will install the malware (bad software). More info on these dangerous programs posing as legit antivirus here. Many of them are the same damn thing just under a different name. Having an ad blocker will prevent most of these because they are attached to ads, they can be encoded into a script on a webpage though, this is common on myspace.

Avoid sites selling Gaia currency, they are often scams to get your credit card number and they often give you spyware/viruses... not to mention you'll get banned from Gaia.

When searching on an online search engine like Google or Yahoo it is advised that you AVOID SPONSOR LINKS (links are usually in bold and at the top and right hand side), they are most likely to contain malware.

User Image - Blocked by "Display Image" Settings. Click to show.

Spokeo.com is a new site that is "not your grandma's phonebook", it gathers ALL your personal information- address, who you live with, phone number, photos, e-mail, all your accounts... everything you make available. It will give anyone who wants it a map to your house and tell them where you work and how much you make. It's ******** creepy.

The good news is you can remove your info, follow Nerdist's instructions. The bad news is they limit how many lookups you can remove to "prevent abuse". While I was at least able to remove my personal name's entry I could not remove the pages for my e-mail addresses.

In my case most of the info was massively incorrect but this is still CREEPY AND WRONG. It was probably wrong because I don't social network, my brother doesn't either and did not have any information available. My boyfriend, who does belong to social networking sites had much more available info and it was correct. BE CAREFUL WHAT YOU POST ONLINE. POST LIKE THERE IS ALWAYS SOMEONE WATCHING, BECAUSE IT LOOKS LIKE THERE REALLY IS.

User Image - Blocked by "Display Image" Settings. Click to show.

encryption software (password keepers)
spyware remover
pop-up blocker
Ad Blockers
IE7: www.ie7pro.com (has many other awesome features as well!)
Firefox: https://addons.mozilla.org/en-US/firefox/addon/1865
Safari: http://safariadblock.sourceforge.net/
Opera: http://www.diplo.co.uk/design/operatools.php

*I have not personally tested all available downloads and make no guarantee. It's up to you to look them up and see if they are right for you. CNET guarantees safe, legal downloads, you will not get any viruses or spyware from them. Download at your own risk.
kage-ookami4's avatar

Dangerous Ladykiller

♥ Get a Staff Colors Signature Banner for yourself here!! Spread the word and help others avoid getting hacked!!

♥ Feel free to make your own banners, if you PM me the code I'll add them here and credit you. If you make a banner please do not make it misleading in any way. The guide title is "Avoid Getting Hacked" but you may also make banners that allude to anything located in this guide like info on the staff, computer safety/ security, avoiding scams.

Please do NOT use these images if you do not intend to link back here, these images are made with the express purpose of linking to this guide. If you do not want to link here please credit the guide or the appropriate person who created the image (all images are made by kage-ookami4 unless stated other wise).

♥ You do not need to ask me permission to use these or to make your own banner and link here. I ask that you do not use a URL shrinker because people are very suspicious of them.

IMPORTANT: remove the 3 spaces in the coding. code tags are not used to prevent page stretching.

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i14.tinypic.com/2z55dfr.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i6.tinypic.com/6pyhaxi.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i14.tinypic.com/4tal7pu.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i14.tinypic.com/4pvt8wl.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i14.tinypic.com/6foslnd.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i17.tinypic.com/6burzbb.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i17.tinypic.com/62p3sc3.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i15.tinypic.com/537zqe9.gif[/img][ /url]

Staff Colors
User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://i15.tinypic.com/4mjxlro.gif[/img][ /url]

User Image - Blocked by "Display Image" Settings. Click to show.

by Eevlu:
User Image - Blocked by "Display Image" Settings. Click to show.
[ url=http://www.gaiaonline.com/forum/t.26302801/][ img]http://img237.imageshack.us/img237/6131/avgehaqe5.gif[/img][ /url]

IMPORTANT: remove the 3 spaces in the coding. code tags are not used to prevent page stretching.
kage-ookami4's avatar

Dangerous Ladykiller

Have a guide, charity or art shop that you want to share? PM me the banner code and I will add it here.

(all links are safe! you don't have to be afraid to click here.)






User Image - Blocked by "Display Image" Settings. Click to show.

☆ You Were Hacked: Chat, Relief, Charity, Contests

♦ The Phoenix Charity (you must provide your report reference number to receive assistance)

User Image - Blocked by "Display Image" Settings. Click to show.

Bored in Towns? Guide to the Best Places in Towns

User Image

★ Info on cookie Grabbers

User Image - Blocked by "Display Image" Settings. Click to show.

♥ The Signature Limits Guide

You and Botting- The Truth About Botted Gold

scams- and how not to fall for one

How to Block Friends Requests in Towns- get rid of the "hackers" and invite spam!

User Image - Blocked by "Display Image" Settings. Click to show. make the salon a BETTER gold sink!

User Image

User Image - Blocked by "Display Image" Settings. Click to show.

User Image - Blocked by "Display Image" Settings. Click to show.

User Image - Blocked by "Display Image" Settings. Click to show.

User Image - Blocked by "Display Image" Settings. Click to show.

User Image - Blocked by "Display Image" Settings. Click to show.
New to Gaia? Unsure of how to do things? Click on the banner, and request to join the Newbie Supporting and Training Guild, where you can ask questions and get information with ease.

User Image

User Image

User Image - Blocked by "Display Image" Settings. Click to show.

User Image

User Image - Blocked by "Display Image" Settings. Click to show.
kage-ookami4's avatar

Dangerous Ladykiller

Secondary Passwords/ PINs: Why they would be useless on Gaia

Sounds like a good idea right, a special password or PIN to lock up your inventory or trades? Well, it would actually just be more of an obstacle to the legitimate users. Adding a secondary password would be like hiding behind a pillow during a bear attack.

Here's why:
1. The obvious, users would protect it as well as they do their login password. Most users would probably make them the same.
2. The big reason, if a hacker has your login information they can easily log in as you, go to the account page, change your e-mail to your own and reset that secondary password and steal your stuff before you know it.

Ok, so lets make it so it can't be reset then right? What about the people who forget it? A password should never be made so it couldn't be reset.

This is a popular suggestion, but it just won't help. It wouldn't protect you from key loggers or password scammers (unless you don't give out any of your login info). All it would protect you from would be *really stupid* hackers guessing your login password and not going any further, in which case you had a horrible password like "ilovenaruto", a strong password is virtually impossible to guess (try something like "N2!rhG@4mX" next time).

Basically all you need to keep your account safe is the following:
1. a strong password that you use only on one website
2. constantly running anti-virus software that will notify you of and remove all threats- and is up to date
3. the sense to not give out your password to anyone or give any hints to what it may be
4. most importantly- diligence, you need to keep on top of the latest scams and tricks that hackers are using.
kage-ookami4's avatar

Dangerous Ladykiller

User Image - Blocked by "Display Image" Settings. Click to show. Article Library User Image - Blocked by "Display Image" Settings. Click to show.
You've come to the right place if you're looking for a good read on computer safety and security. Some of these are also linked to in other places in this guide... some are not.

article lib will be under going some changes due to unreliable links! there will be a featured article every week or so, stay tuned.

To submit an article: please PM me the true URL (no URL shrinkers please) so I can review it, If i find it relevant and reputable I will add it here. Please do not send me personal blogs, forum posts, badly written or non-English language works.

The Library is organized by date added, newer additions will most likely be more current and will be found at the bottom of the list. Link names are not necessarily article titles, they are article descriptions.

How to Pick a Secure Password
Password Recovery Speeds
Five Tips for Using a Public Computer

How to Stay Safe on Public Wi-Fi Networks


Microsoft Goes After Malicious Ad Suppliers

By Chris Walters, 12:47 PM on Fri Sep 18 2009

If you visited the New York Times website last week, you may have been surprised to have your browsing interrupted by one of those scammy "we're scanning your computer for viruses OH NO YOU HAVE A VIRUS!" ads that overtake your window. Now Microsoft has filed 5 lawsuits in an attempt to fight back against the jerks who may have been responsible for it, and certainly for other ads like it all over the web.

If you didn't visit nytimes.com over the weekend, here's what happened: the paper reported on Monday that they'd essentially been tricked, by someone who knew how to game their oversight policies, into displaying malicious ads to some users who visited the site.

"The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.

Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place. "In the future, we will not allow any advertiser to use unfamiliar third-party vendors," she said."

Security consultant Dancho Danchev thinks that a particular, sophisticated crime group was behind the ad, which happens to be the same group that Microsoft filed 5 lawsuits against in Seattle's King County Superior Court earlier this week.

"The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company's online advertising platform.


Click Forensics, a company that tracks click fraud, on Thursday said that it had discovered a 200,000 computer botnet — a group of compromised computers harnessed to work in unison — linked to the Microsoft lawsuits. In a blog post, Steve O'Brien, VP of sales and marketing at Click Forensics called it "one of the most advanced sources of click fraud we've seen."

The botnet, known as the "Bahama botnet" because it at one time directed online traffic through computers in the Bahamas, is believed to be linked to the malicious advertising that appeared on the New York Times Web site several days ago, according to O'Brien.

Although O'Brien suggests that the cyber crime group believed to be responsible is located in Ukraine, Richard Boscovich, senior attorney at Microsoft for Internet safety enforcement, said in a phone interview that it's not clear where the people responsible are located."

"Forgot your password" links the easy way in for hackers

Wed Sep 3, 2008 11:31AM EDT

Never mind creating a password with at least eight characters, two of which are numbers, one of which is a capital letter, and one of which is a symbol like (*&^%$). The easiest way for a hacker to weasel into your account is likely the "Forgot your password?" link.
"Forgot your password?" features are older than the Internet, providing businesses and site owners a simple way to let a user reset a forgotten password, provided he can verify his credentials by asking a few personal questions that only the rightful user should know.
For years the archetypical question was, of course, the "Mother's maiden name" challenge. In recent years, additional challenges have emerged, such as asking the street you grew up on, your favorite pet, and grandparents' first names.
Is all of this stuff really secure? More than one researcher is sounding the alarm over these tools, noting that while this data may have been private a decade ago, in an era of personal blogs, online resumes, and rampant social networking services, "personal" information drawn from your past is now widely available for public consumption. According to a researcher at PARC, you can even buy black market directories of personal information "like dog's names," for about $15 per batch. It's certainly a lot easier than guessing passwords like AHFplug41*.
Think this doesn't happen? There aren't any statistics available, but these hacks are widely suspected in myriad cases where accounts have been compromised. (Even Paris Hilton is said to have fallen prey to the "what is your dog's name?" password reset hack. It doesn't help to have one of the most infamous dogs in America...) But if you need more proof, check out this "how I did it" step by step guide to hacking a password from one writer at Scientific American. In about an hour, it seems, our researcher managed to compromise one (willing) victim's life entirely through password reset links.
MSNBC has an exhaustive amount of additional information on the issue, but the takeaway is clear: If you provide information for password reset systems, don't use data (like other people's names and addresses) that can be easily discovered or guessed. Better yet, consider creating a second tier of passwords you use for questions like these, and keep them written down and locked in a safe if you must. In other words: Your mother's maiden name may really be Jones, but that you can't pretend it wasn't Mxlpxlxl!7631.

A Word on Social Engineering
by: kage-ookami4
  • The act of manipulating people into divulging confidential information with out the use of traditional cracking/ hacking techniques. It is trickery or deception with the express intent to gain information.

These days, social engineers do not have to work hard to gain our personal information. Unfortunately with the increased popularity of social networking and the internet we make our personal information publicly available. The little tid-bits of information we share on a daily basis may not seem like much in itself but social engineers will patiently gather more info and put it together (passive collection) or actively gather information. One way social engineers actively gather information is simple and unassuming- striking up conversation and befriending you.

Many websites make you choose security questions when you sign up so you can prove your identity if you have a problem with your password. Typical security questions are "what is your favorite color?" and "what was your mother's maiden name?". The problem with questions like these is that the answers to them may be readily available or easily gained through casual conversations. Social engineers won't come right out of nowhere to ask you your mother's maiden name, they will start a casual conversation and carefully steer it in that direction. They are very good at being unassuming and appearing trustworthy. On our online profiles we probably already advertise information like our favorite colors and maybe even our high school mascot or past addresses.

Social engineering can go beyond password and bank information phishing, however. It can also be used much more maliciously to stalk and kidnap. Social networking GPS applications and websites make it all too easy for someone to find the location of their victim. Don't tweet your location and avoid using sites like Foursquare on a frequent basis. Social engineers can use this information to track your habits. For most of us this is not a major concern but it is definitely something to consider when traveling abroad, especially for Americans.

We must all take greater care to protect ourselves and our personal information. Be careful how much you share online and who you share it with. It is in your best interest to keep the majority of your information viewable to friends or strongly censor what you post.

User Image - Blocked by "Display Image" Settings. Click to show.
kage-ookami4's avatar

Dangerous Ladykiller

Wow eek Awesome thread. Extremely useful. Well done for putting this together, must have taken you ages. Hopefully people will see this and pay attention. I will give it a thumbs up in hope that it will one day be in the top threads thing, people may see it better there.

I got a scam attempt earlier. Would you like me to take a screen shot, or forward you the message? But don't reply to me with your password xd wink domokun
Wow eek Awesome thread. Extremely useful. Well done for putting this together, must have taken you ages. Hopefully people will see this and pay attention. I will give it a thumbs up in hope that it will one day be in the top threads thing, people may see it better there.

I got a scam attempt earlier. Would you like me to take a screen shot, or forward you the message? But don't reply to me with your password xd wink domokun
kage's not a moderator, but a regular user like yourself.

You may report it with the User Image. button.

And kage, I suggest adding definations of the scammings, hackings, and abuse/harassment for those forms are, how to report (including an image of the button), and I'll have to get confirmation on whether copies of the PM is sent with the report...
kage-ookami4's avatar

Dangerous Ladykiller

Pixelated Chibiety
Wow eek Awesome thread. Extremely useful. Well done for putting this together, must have taken you ages. Hopefully people will see this and pay attention. I will give it a thumbs up in hope that it will one day be in the top threads thing, people may see it better there.

I got a scam attempt earlier. Would you like me to take a screen shot, or forward you the message? But don't reply to me with your password xd wink domokun
kage's not a moderator, but a regular user like yourself.

You may report it with the User Image. button.

And kage, I suggest adding definations of the scammings, hackings, and abuse/harassment for those forms are, how to report (including an image of the button), and I'll have to get confirmation on whether copies of the PM is sent with the report...

i'm pretty sure they are since a mod asked me to use the button once when i PMed her immediately to get the user banned. she wanted to make sure that it was not edited in any way by me.

(i rehosted the report button image)

Quick Reply

Manage Your Items
Other Stuff
Get GCash
Get Items
More Items
Where Everyone Hangs Out
Other Community Areas
Virtual Spaces
Fun Stuff
Gaia's Games