Secure Trading Practices: Avoiding Dupes & Phishing

Modern trading risk shifted from crude gold scams toward layered social engineering, staged rollback abuse and credential pivot attempts. You reduce loss probability most by enforcing a deterministic verification workflow—not by trusting reputation pings or generic guild endorsements.

1. Threat Surface Overview

• Dupe Claims: Counterparty promises inflated quantity using "rollback-proof" or "stack duplication" claims—aim: advance partial payment.
• Phishing Relays: Links to faux armory / payment dispute forms capturing session tokens.
• Impersonation Chains: Multi-character relay where initial contact hands off to a “verifier”.
• Rollback Farming: Temporary account compromise sells assets then reclaims via support narrative.
• Collateral Swaps: Substitution of visually similar items (quality tint or stack partial) seconds pre-accept.

2. Verification Protocol (Baseline)

1. Channel Lock: Keep negotiation + confirmation in the same in-game channel log for audit continuity.
2. Static Statement: Both parties restate exact trade components (quantity, item tier, price) before opening window.
3. Hash Tag: Assign a quick local reference (e.g. STP-###) to link screenshots.
4. Window Scan: Perform a 2-second pause after final item move to detect switch swap attempts.
5. Dual Capture: Screenshot final window + chat reaffirmation before accept (low friction evidence).

3. Phishing Vector Patterns

Common lures recycled each cycle:

• URL with homoglyph domain (rn vs m) claiming escrow validation.
• “Payment dispute—confirm you are seller” external form.
• "Beta access reward" after trading high value property.
• Add-on script snippet urging copy/paste for trade optimization.

Mitigation: refuse out-of-client authentication, never run pasted macro strings you did not compose, and maintain unique email + authenticator separation.

4. Trade Execution Checklist

5. Red Flag Matrix

6. Rollback & Mitigation

If a rollback threat (account compromise vector) emerges, containment speed matters more than narrative crafting.

• Immediate: Force logouts + password rotation + authenticator re-seed.
• Gather: Consolidate trade log screenshots + timestamped chat logs.
• Report: Provide concise sequence (no speculation) to support.
• Monitor: 48h mailbox watch for suspicious restitution artifacts.

7. Communication Hygiene

• Single channel continuity (avoid DM fragmentation).
• Short, unambiguous numeric formatting (e.g. 250k not 0.25m).
• Never share recovery adjacents (email hints, phone fragments).
• Maintain scripted acceptance line: “Confirming trade: [ITEMS] for [VALUE] — ready?”

8. Incident Response Flow

Event Detected  ->  Freeze Actions (stop new trades)
Freeze          ->  Credential Reset (pw + 2FA refresh)
Reset           ->  Evidence Collection (screens, logs, hash refs)
Collection      ->  Support Ticket (chronology + reference IDs)
Ticket          ->  Asset Audit (inventory deltas, mailbox scan)
Audit           ->  Risk Review (protocol improvement notes)

9. TL;DR Quick Reference

Guidance focuses on procedural hardening; always comply with game terms and never engage exploit distribution. Adapt steps to realm norms while preserving evidence discipline.