Accounts and their security

Author: EXBO Security DepartmentUpdated at: 02-09-2024

Usually, a new player doesn't worry much about account security because they have no idea of its value yet. Or doesn't give it much thought until met with a hacker. For some, information security seems like an obscure and intimidating area where hackers can bypass any defense measures.

In fact, protecting your account is quite simple — you just need to follow the basic principles of information security, which we will discuss in this article. If you know them and follow them, you won't be afraid of any scammers or professional hackers.

Before we start going through the details, remember the three golden rules:

  1. Set up a 2FA using your mobile device and don't share the codes with anybody.
  2. Use a uniquely generated password.
  3. Never, to anyone, anywhere, publicize that password.

Remember that you are the one who protects your data first and foremost, and developers only provide the tools to do so.

How to recognize a scammer?

Безопасность аккаунта, изображение №2

Most hacks occur due to the fact that users give out their data to scammers by themselves. Below, we have collected real examples of fraudulent schemes that are actively practiced to steal accounts from players:

Cheap equipment, Stalcoins at a discount or for free on third-party resources. In this case, the offered equipment is something impossible to get for a long period of time or the price for it is much less than what other players are willing to pay. An example of such a message in the game chat:

ITEMS SHOP | ROUBLES | EQUIPMENT | NO FRAUD: fraud link

Sign up here and get free Stalcoins: fraud link

EXBO has just rolled out a free promo code, redeem it here: fraud link

“Valuable” information or a suggestion to vote for something by clicking on a link:

Yo! There is important information for you on the EXBO forum for members of top clans: fraud link

There is a screenshot contest at EXBO I decided to take part in, please vote for me at the link: fraud link

Request to give your username and password on behalf of EXBO staff or moderators in exchange for valuable items, prizes, or account verification:

Greetings. In honor of the upcoming holidays, our Project Team is likely to provide you with in-game gifts. Therefore, we are introducing a new mode, in which you can earn Stalcoins and purchase valuable equipment in the game. To enable this mode, write your consent, login, and password from your account. Sincerely, EXBO Team

Request to provide account data to “help” your subdivision:

Heya, on Wednesday we'll be gathering for the Base Capture, and we are desperate for maximum online count. If you are unavailable by that time, just send your account details, as we will find a replacement.

Suggestion to use third-party software to obtain in-game privileges:

Hey, a buddy of mine made a program that helps with the game. There is general artifact radar ESP, it also builds the optimal extraction route and even increases the character base speed. You can download the program here: fraud link

All sorts of “honesty” checks:

Look, let me play a bit on your account. I've never played with MG3, but I'd really like to. Let's make it fair: I'll also give you my account, and I'll also give you some currency.

Suggestion to use third-party software to obtain in-game privileges:

Hey, a buddy of mine made a program that helps with the game. There is general artifact radar ESP, it also builds the optimal extraction route and even increases the character base speed. You can download the program here: fraud link

All sorts of “honesty” checks:

Look, let me play a bit on your account. I've never played with MG3, but I'd really like to. Let's make it fair: I'll also give you my account, and I'll also give you some currency.

How not to fall victim to scammers?

The Golden Rule stays as it is. Never, to anyone, anywhere, publicize your password!

  • EXBO staff representatives will never ask you for confidential data.

  • Never share account data with third parties. Buying, selling or transferring account data is forbidden under the License Agreement. Violating the clauses will result in serious damage to your account.

  • The methods of receiving prizes for winning official contests and drawings, as well as possible contacts of the organizers, are specified in the terms and conditions of the event. Any other messages from unknown players with an offer to receive a prize are fraudulent.

  • All news about promotions and game events are published mandatory on the official resources of the game. The company will not notify about any promotions involving prizes or discounts through chat or third-party resources.

  • Carefully study the address of the website where you are going to enter your credentials. Even if it looks similar to our official resource, but differs by at least a few characters, it is a phishing website.

  • Phishing websites are created purposefully to obtain user logins and passwords. Do not let the similarities to EXBO resources mislead you.

  • Purchase gear and useful items exclusively from the in-game shop or from other players for in-game currency.

  • Avoid downloading suspicious programs from unreliable sources to avoid putting your data at risk.

What should you do if you encounter a scammer?

  • Under no circumstances should you do anything that the scammer offers you.

  • You can always report a scammer in the in-game chat and also make a ticket in the support centre.

How else can you secure your account?

Безопасность аккаунта, изображение №3

Practice makes perfect. Let us run back the algorithm:

  1. Set up a 2FA using your mobile device and don't share the codes with anybody.
  2. Use a uniquely generated password.
  3. Never, to anyone, anywhere, publicize that password.
  • For instance, the Google Authenticator is an application downloaded to your mobile device that allows you to create one-time passwords to log into your account. This is the simplest and best option for account protection. You can read more about how to activate this protection method here.

  • We also have another option of two-factor authentication available — via e-mail. Although, this method is ineffective if you do not protect the mailbox itself with authentication. It is also important to use reliable and trusted email services.

  • Use a unique generated password, separated for each service that is important to you. Nowadays, even large companies get their databases leaked and open-sourced, and if your email and password are in the public domain, the first thing attackers will do is to scour all third-party services where these data may match.

Never enter your STALCRAFT password on any Minecraft servers, and even less on STALKER like servers in Minecraft. This is a very common cause of hacking.

  • Use password managers to keep all your generated passwords in one place so you don't forget it. You will only need to remember one master password that you can never, anywhere, show to anyone.

How do you protect yourself from malicious apps and software?

We have analyzed multiple cases where users give out their data to fraudsters or become victims of a database leak on a third-party service. Now we should analyze the cases when data can be stolen directly from the user's device without their knowledge.

Viruses that steal user data are called stealers. They can be used to hack Telegram/Reddit accounts, steal saved passwords from Chrome and other browsers. They can also screenshot your desktop and collect data from the keyboard to record the passwords you have entered.

Stealers can only get to PCs and Android devices by running a program that can be disguised as anything. Sometimes stealers are delivered to the user by scammers or “friends” — they drop a file and ask to run it under any pretext.

The most common way of stealers reaching out to STALCRAFT players are cheats, launchers of unscrupulous Minecraft projects and phishing sites (imitating EXBO and STALCRAFT sites, downloading a stealer instead of a launcher).

To prevent viruses from entering your devices, install an antivirus, especially on your computer. Update it in a timely manner and try not to run suspicious programs unnecessarily.

Where can I find a list of all official resources of the company?

Company resources are listed below:

VK Community

Game forum

Discord server

Game website

EXBO website

Game Telegram channel

Безопасность аккаунта, изображение №4

Keep in mind that your knowledge is the main source of your account data security. We hope that after reading this article, you are sufficiently armed to secure your loot on STALCRAFT: X and other games or services.

The best thing you can do now is to download any popular password manager and put unique generated passwords on all your important resources! And ideally, you can secure it with two-factor authentication.

If you have Google Authenticator disabled on STALCRAFT: X — you should turn it on right now!

We hope this article will be helpful and save you from potential scammers that may already be looming over some of you. Don't delay, and secure yourself right now!

With care for you,
EXBO Security Department