I'm Sabrina, the Owner of Antivirus Unit, a cybersecurity-themed organization on PonyTown. I would like to
introduce you to how to be safe online.
The internet is a wonderful place, allowing us to connect with people, share ideas, and explore new
horizons.
Unfortunately, the world isn't always upbeat and full of friendship. Some people will always want to
hurt others, no matter how, including the internet.
This document will mainly focus on Discord, Ponytown, and other major third-party websites used in
the community. It will contain some scams around Discord, what people can be mean to you, and more.
Please note that as the time will pass, the website might change. If you want to be notified by mail of any changes, you can give your email here (Nothing more than docs changes will be send.)
This part is dedicated about the basic facts.
Even if you already know, it's always good to remember them.
A bit of history first.
When the World Wide Web was created by Tim Berners-Lee, it needed a way to find pages that were making
sense. He
created The WWW virtual library
, a giant hyperlink directory. A hyperlink is a clickable text that
will redirect you to another page. It can be a website, a file, or even a mailto link (yes, sending mail by
clicking a link is possible).
Initially, it wasn't automatic; you had to ask Tim to add the link to the directory. But as the web
grew,
it became impossible to manage. That's why search engines like Google, Bing, or DuckDuckGo were created.
They are
giant robots that crawl the web and index pages. When you search for something, they will show you the most
relevant pages; that's their job, after all.
But, as the web grew, some people started abusing the system by creating scams or malicious websites.
if someone sends you a message saying, "Click here for free Robux!" or "Get free Discord
Nitro!"
it's probably a trap. These links could give your computer a virus or steal your personal information. We'll
go
back in more detail about these scams later.
There is another example: phishing.
Phishing can be described as someone trying to steal your personal information by pretending to be
someone
else. For example, you could receive an email from "Roblox" saying that your account has been hacked and you
need to click a link to change your password. But if you look closely, the email address is not from Roblox
but from a random person. If you click the link, you will be redirected to a fake Roblox website, where you
will be asked to enter your username and password. If you do, the scammer will have your account information
and
will be able to steal your account.
Here is an exemple of false mail.
Dear Valued Roblox Member,
We are contacting you regarding suspicious activity detected on your Roblox account within the last 24 hours. Our security systems have identified multiple login attempts from unauthorized locations:
• Location: Unknown - IP: 192.168.1.243
• Location: Beijing, China - IP: 172.16.0.100
• Location: Paris, France - IP: 10.0.0.50
As a precautionary measure, we have temporarily restricted certain account features to protect your virtual items and Robux balance. To restore full access to your account, please verify your identity by following these steps:
- Click here to access our Secure Account Recovery Portal: https://roblox.com/restore
- Confirm your account credentials
- Update your security settings
Please note: If you do not verify your account within 24 hours, additional restrictions may be applied to protect your account's assets.
Best regards, Roblox Security Team
---
This message is automated. Please do not reply directly to this email.
Roblox Corporation
888 Roblox Way, San Mateo, CA 94403
The first thing to notice is the email address. It's not from Roblox but from r0blox-account-verify.com. The
domain name is different, and the email address is not from Roblox. It's a scam.
Secondly, the link is not from Roblox but from r0blox-verify.com. It's a fake website that will
steal your
account information.
They also creating a sense of urgency by saying that you have 24 hours to verify your account.
They want you to click the link as soon as possible.
Finally, the IP addresses are fake. They are not real IP addresses but local IP addresses. The
scammer
is trying to scare you by saying that someone from China or France is trying to hack your account.
It is rare, but sometime, the scammers will try to be formal and polite. They also try to not use your username and will just call you "member".
Passwords is the combination of letters, numbers, and symbols that you use to log in to your accounts.
Little fact: password aren't normally stored in plain text. They are hashed.
exemple: If my password is "password", it will be stored as "5f4dcc3b5aa765d61d8327deb882cf99" (md5 hash).
When you create your password, the site will store the hashed one. When you log in, the site will hash the password you entered and compare it to the stored one.
Reverse engineering a hash (here, finding what a hashed password is) is impossible. You can't get the original password from the hash.
But, if you use a weak password, it can be easily guessed by a computer. For example, if your password is "password", it will be cracked in less than a second.
That's why you should use a strong password. A strong password is a password that is long, complex, and unique.
Here are some tips to create a strong password:
using just letters is not enough. You should use a mix of letters, numbers, and symbols. For example, you could use "P@ssw0rd!".
The longer your password is, the harder it is to crack. You should aim for at least 12 characters.
There is words list known as "common passwords". It's a list of the most used passwords.
Passwords like "password123" or "qwerty" are a exemple and you shouldn't use them.
Also, don't use personal information like your name, birthday, or address. the hacker might know them. It is also conserning if hackers knows these info, we'll come back later to internet privacy.