Getting Scammed Taught A Lot

I got scammed for 1657M the first thing I did was take screenshots, archives, and document EVERYTHING. I explained to customer support on the site what happened and they didn't believe me, they think that I just got phished. However, I know how to spot a phishing url so I explained that to customer support and they still didn't believe me. I then created archive links to remonstrate that the malicious web page was in fact displayed on the gold sites domain real domain. I then looked at the code of the web page that was sent to me by the spammer and asked a friend of mine who knows javascript to take a look at it. He told me that the page is basically contains a form that is automatically submitted after 5 seconds. He said there was also a 1 pixel by 1pixel iframe to make a GET request that gives the user a cookie. After 5 seconds the form is submitted and noticed a broken image, after some research I found out he was exploiting a vulnerability called Cross Site Scripting to create fake URL paths and add full screen iframe to the page that displayed a fake Gold Sales page.
Here is the code demonstrating Cross Site Scripting

Essentially, the scammer was able to get a full page iframe to execute on the page. I asked my friend how this could be fixed and he said it could be easily done by properly sanitizing user input and making sure attackers cannot inject their own HTML or Javascript into the page.

Reference:
Scammed by EasyRSGP.com

 

My question to you is this is a similar situation as to what happened to GameTradeEasy.

I visited your URL Shortener myself by the way. Why would the hacker have stopped using his/her's iframe right after he scammed you? Surely if @OblivionRage's website got hacked, the hacker would utilise it to scam as much as possible. I mean, I originally believed it at first but then after being told some additional information I'm starting to ask more questions.

 

I'm sure more people have been scammed, however I think the staff probably didn't believe them, in fact @OblivionRage still doesn't believe that there is a vulnerability in his website even after I showed it to him. I saw the thread about GameTreadEasy scamming someone in a way that looks almost identical to the fake gold site I got scammed which is why I want to get to the bottom of this. I got the URL from someone who spammed it in a gambling discord although the initial URL looked sketchy to me to page it lead to was @OblivionRage's website, due to his good reputation I trusted the page because it was on his real website.

 

You told me that you knew how to spot a phishing website. My question is, do you know how to tell that this site here to the URL shortener is guaranteed not to be a phishing site. I understand you got scammed however phishing sites don't necessarily have to download shit to your computer and iframes are not always related with phishing.

Another question I have is do you have any screenshots of this link being spammed in a gambling discord? Also, what gambling discords was it spammed in. I'm curious to know if you have any witnesses to back-up your statements.

 

When I was a child I got phished by a look alike URL, ever since then I always look at the URL's the check they are the correct website. I pretty much never download anything and this url didn't prompt me to download and this URL just appeared to be a redirection, I was told it was referral link. It seemed sketchy at first once it redirected to easyrsgp.com I felt pretty safe which is a mistake I will never make again. I don't have screenshots of the link being spammed because he got and all messages removed banned after I had already traded my gold. I didn't even realize I got scammed until about 10 minutes after watching a loading circle spin and not receiving my bitcoin. The discord was the RuneRoll.com discord server

 

I then contacted customer support asking when my transaction would go through while I was still watching the loading circle spin. Customer support had no idea what I was talking about and just told me that I got phished and there was nothing they could do. I was upset because I knew the checked the url to verify I was on the correct website and not a fake.

 

I clicked on the url shortener link because I was just kind of curious if it was even legit, however when I clicked the URL I was just redirected to EasyRSGP.com, I checked the domain and I verified that the domain that was displaying an automated Gold Purchase to Bitcoin form was easyrsgp.com

 

After getting scammed I really wanted to just figure out how they did it because it just looked so real. After some research and looking at codes and trying to figure out what they do, and some discussion with a friend I think I am 100% sure this was caused by a Cross Site Scripting vulnerability in EasyRSGP.com even though the owner still doesn't believe me.

 

To me, this Discord looks pretty much dead.



No offence. I don't know why someone would target this small of a discord when they could easily scam more people in much bigger discords. Phishing URL's are not necessarily URLs that are similar for example:
RSmarkt de enige echte! Goedkoop, betrouwbaar en Nederlands RSgold kopen
Runescape gold | Runescape 2007 gold | Rs gold | Buy runescape gold | Buy rs gold!
One belongs to Kaii and the other belongs to some other Sythe user I think noob1337, not sure though. Runescapegoldmarkt.nl however is not considered a phishing site.

The question is why that part of the site went down immediately after you traded after your gold.

 

That's the thing the discord was pretty dead so he was dicussing gold prices with people individually
and eventually he came to me

 

He probably big digger discords, I only saw his spam in runeroll though
Yeah but the thing is, Those URL's are completely different and I looked up on Sythe EasyRSGP.com to verify that I was on the correct domain. I don't understand your question about the site going down?

 

taught him how to scam maybe

 

You mean, scamming taught you a lot?