Story: SE'd the Bank Pin. 140m



Ok, so it was another day at the office, my computer. When I check the logs from a computer, see 2 accounts, make note of them. Went to check the logs of another computer, all the previous writing and what-not was different but the accounts were the same 2 from the previous.

So I check the Public IP's, they were the same, checked the Local and they were different. So I investigated the logs a bit more and saw on the second comp, it went something like this.
(2 mins of clicking)
- How do I open a .exe
I was lol'ing so hard. So what had happened this guy opened the .exe on his computer, after realising nothing happened, went to his brother computer and opened it there, after failing both times asked google for some help on how to open such a unknown extension.

So I was watching him a bit and he opened the bank on one of the accounts, wasn't much on it, around 12m-ish. After 5 mins he logs out and goes onto the other account, open the bank, this one has a pin After he entered it I saw a bunch of eye catching things, armadyl/bandos/fury etc...

He didn't take anything out though, he was just standing around the GE, then he logs out.

So I log into his first account and get out the 12m of item & cash. He tries to log in to no success, so then logs into a 3rd account, PM's me (I'm on his account) "Hey get off my account" etc..

I tell him to log in to the (2nd account with arma/bandos), he now makes out as if he doesn't know what account I'm talking about, So I reply to him like "Don't play dumb, I'm not interested in the items, just want to show you something on this world" (the 3rd account was f2p, world I was on was p2p, didn't want to show him anything, just wanted him on the main target account.)

He carries on like he doesn't know what account I'm talking about, so I get a bit annoyed and just reply "Ok, since you don't know ill help you out a bit, here's the userass", he replies "Gah, ok 1 min logging in..."
So now I'm on the noob account, he's on the arma/bandos one. I have a second client open with the user/pass entered, ready to log in.

I start talking to him about computer securtiy/virus' and things like that (I had to clean off about 5 rats/keyloggers off his comp...) and was schooling him on how to keep a computer clean, after about 10 mins of this I ask "So, what does that account have?", he starts boasting now, not for himself though. "Ohh, this is my brothers account, he's very good at the game" - "has like 140m on it"
I call him out on this by saying "Wow i've been helping you for the last 10-15 mins and now you treat me like a idiot?" he replied with "???", I carry on to say "I don't play this game any more but there's no way that account has 140m...", so now he feels he has to prove himself to me, he goes to the bank and gets out bandos/arma but there was a bunch of untradables he left in the bank, like charged DFS, tons of Barrows pieces.

So he comes over to me and trades, but the trade only comes to 95m, at this point I was just thinking I'll secure this much and try for the rest. So I close his java and log in with the second client I had waiting, So now I'm on both accounts. I trade the 12m over to the 95m account. At this point I had 107m or so, but knew there was another 30-50m to be made.
I open a rat chat with him, and "I was talking to you for 10-15 kins about not being stupid on the computer, then I get you to do something stupid less than 3 minutes after, I don't know why I bother trying to help people.

Right now he's kind scared irl because he's just lost 95m of his brothers money, who apparently slaved imps getting 99 hunter, that how he got rich. I was telling the guy to relax, (he was 16, found his DOB on his comp, so his brother must have been 18+) as I didn't play RS anymore and I don't care for the items, I'm just checking out the accounts to see what's changed.

He's trying to suck up to me really bad now, all he wants his to have control of his brothers account, with the money intact. I pop the question, "What's his bank pin? Want to see what kind of items he has".

Break from story: When social engineering you'll come across multiple situations that you need to make the right decision on, all to get to your goal. So here my goal is the pin, I asked for it now, after like 20-30 mins invested, and even then it could have been slightly too soon. Break over.

At this point he's not typing anything or even moving the cursor, so he's probably sitting there irl quickly trying to think what to do, I knew he was panicking and would most likely make all the wrong decisions, (this is important to realise about yourself, don't get to excited/happy or what ever, remain calm and think through everything you say.) so he comes back with "Why do you need the pin, all his good items are out" so I reply "I don't care for the valuable items, I just wanna see how his bank is layed out, what kind of other items he has, not just the valuables."

Again he doesn't do anything, after about 2 minutes replies "I can't give you that I'm sorry.." So realising just my curiosity factor wasn't reason enough for him to hand over the pin I knew I needed to add something else, at this point we had been talking for a while and he had SOME trust in me which I built in him from the helping him keep his computer safe and I told him I removed all the malware from his computer etc... So I decided to play on this.

"It's not just about my curiosity, it's a trust game, I've helped you out loads so far, you're lucky I'm the one on the account and not someone who wants/needs the stuff..."
This is where it backfires somewhat... He comes back with
"Is this a test? You dont want me to trust you do you? that would be the wrong choice right." Right now I'm like FML! So have to turn this around sharpish.
"Lol, that would be correct for other times, but not right now, this is a legitimate trust game."
I've left out all the filler details as it would make this already long post waaaay too long, but from the way he was replying I could tell he was right on the edge, just needed to give him a little shove, which I decided this time would come in the form of a ultimatum.

He still suspects this is a test at this point, so I throw this out to him "Ok, to make this trust test have a forfeit I'll drop every item of your brothers on the floor, everyone at the GE can have a fun time with them."

He doesn't reply for 3 minutes, doesn't move the cursor again, I could feel his stress, so put in my final reply.
"This is my last comment, you have 30 seconds to either trust me and give me the pin, or I'm just going to drop your brothers 95m"
After 30 seconds still no reply, so I had to make this ultimatum real.

(Really I was still watching the chat and Had no plan of going anywhere, I was too invested at this point and no longer cared about the 40m in the bank, I was seeing this more as a test now.)

I said "Ok, you've made your choice, at least some kids at the GE will enjoy the result, bye."
3 Seconds later.

Was there at last... But he started screenshotting the chat, So I closed it, deleted the screenies, removed any trace of my presence, sold most the stuff and got my friend to stake me to trade the items.


Fury was around 10m, BCP around 20m, maybe more.

Summary: Not every pin you try and SE will work, and none of them will be exactly alike, you can keep to the same story but in order to have the best chance with each person you have to change it up to fit them. I have managed to SE multiple pins, this was one of the more interesting though, and makes for a good example.

If you want me to justify it for you, at least it was only his brothers GP he lost, I might have saved him from one day losing his mom/dad/brothers bank details.

If it is possible to try and SE the pin, I'd recommend doing so, if the bank is worth the time.


Onyx user!
1. You are the most HQ mofo on here.

2. Nice loot you got dude, You got some mad skills .


Onyx user!
I would really like some help on RAT'ing people, so could you send me a PM? I read that whole thing, and it was awesome! Great job on the success, and you taught me a trick or two.


Awesome said:
I would really like some help on RAT'ing people, so could you send me a PM? I read that whole thing, and it was awesome! Great job on the success, and you taught me a trick or two.

I'd be more than glad to help you.


Onyx user!
so do you target your victims online before you do anything then you se to get them to dl?


nice dude! could any1 gimme a phish site ? i made one but it doesn't show up...


I know this is a quite old post but I just found it)

That must've taken some skill I would be scared shitless if i were him ^^

Thanks for the tutorial-ish HQ post as always

tu y tu mama

Onyx user!
Nice, read the whole thing.
I might get back RAT'ing again, if I manage to fix this firewall problem.
Nope, some people use a service like Pelican which handles all the hosting & maintaining.

Personally I prefer to host & control my own. Although I haven't phished for a while.


Wow, that is amazing. Gotta love the stupidity of some people, great work on your part though.