In what might be the cybercrime revelation of the century, it turns out that someone, somewhere, cares enough about virtual teddy bear simulator Neopets to try and steal users’ accounts, even fairly recently.
A phishing page posted to Twitter shows someone impersonating a Neopets login screen. The page itself appears to have been created around February 2017, and hasn’t been fully functional for some time, but the page is still online, and shows how hackers may even target some of your more trivial online accounts.
“Oops! We have experienced a glitch on our server. Please login to Neopets again. Sorry for the inconvenience!” the top of the phishing page reads.
Neopets, as you probably know if you’re reading this, is an online game where players care for different sorts of digital pets. Users can buy their pets items with virtual currency, and generally get way too obsessed over some sort of mouse or dragon or something.
According to records on PhishTank, a crowdsourced platform for flagging dodgy pages, the Neopets login screen is indeed for phishing. When Motherboard entered some bogus details into the page on Thursday, though, a page returned an error message, with one reason being that FormBuddy, a free service the page was using, may have flagged it as a possible phishing attempt. The page is hosted on Angel Fire, a service for creating webpages that also dates back to the internet’s stone age.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.
But it turns out hackers targeting Neopets is really a thing, judging by a post on the Neopets subreddit allegedly written by a Neopets hacker. This user claims they spent around five to six years in the so-called Neopets “black market,” and mentions phishing pages like this newly surfaced one.
“I'm not sure how common they are anymore, but you used to see them at least once a week,” the user writes.
Hackers have previously targeted the Neopets site itself rather than just individual users. In May 2016, Motherboard reported on a long traded set of tens of millions of Neopets accounts.