Quick Checklist in Case You Are Cookie Grabbed

If you JUST clicked a link or JUST got caught in a shop, this is the order you should act in:
*Log out and log back in
*Change your word and pin
*Make sure your email is still the same
*If you used the same word for anything else, change it there too
*If they did something to your account that required a pin, make sure your email is still secure.

What are Cookies?

Here is where I make some joke about sugar and flour cooked to perfection, but those are not the kind of cookies I'm talking about today.
Cookies are used by websites to identify users. When you enter a Username and your login "secret word" (or other personal information), it is stored on your local computer by the browser you are using. For example, websites that "save" your username and/or "word" use these cookies to help identify you. They can be used to store "Shopping Cart" contents, user preferences, "Favorites," and more.

~A cookie is pretty much a little note with your information on it that is stored on your computer.~


People stealing your cookies

Cookies are pretty nifty, and yet pretty dangerous-blocked- Grabbers come in many different disguises. You can learn more about these below.

Why do people do this? Well there are a couple reasons…
1. Challenge. For some crazy reason, CGers get a kick out of finding ways around coding. It's a challenge for them.
2. Profit. Some people try to sell the pets and NP that they steal. Luckily, TNT is cracking down on this. If you think someone is compromised and they are giving stuff away, do NOT accept anything. This can get you in trouble or even frozen.
3. More Profit. Okay while doing my research, I found a site where people would pay someone to steal a specific person's account. If you suddenly find yourself a target of scam neomails/emails, be extra careful.

What to do after you've been cookie grabbed

Deleting your cookies after you've been cookie grabbed is silly. It's like hiding the cookie jar after someone ate them all… It's quicker to just log out.

If you JUST clicked a link or JUST got caught in a shop, this is the order you should act in:
*Log out and log back in
*Change your word and pin
*Make sure your email is still the same
*If you used the same word for anything else, change it there too
*If they did something to your account that required a pin, make sure your email is still secure.

If you want, you can log back out and in with the new word to create a new cookie too.
You HAVE to act fast here. Lately, the cookie grabbers have been stealing your session, not your actual info. It takes too long to decipher your word. You need to log out first because if they steal your session, logging out will log them out as well. You can try this yourself. If you have more than one browser, say IE and FF, for example. Sign in on firefox and then on internet explorer, you can stay logged on in both browsers. If you sign out in one, you will be logged out in the other.

Anyways, After you log out and change your word, double check your email, make sure it is yours. Another extra thing to do is send your pin to your email, and then go and delete the email. You can't send your pin anywhere more than once a day. I recommend having one email for all your accounts that is ONLY for Neopets. Don't give it out. Don't put it on face book.

So far, they don't seem to be cross site cookie grabbing, but you can change you word in other places too if you want.

Oh and make sure you report them using the Neopets report form.

Now here is where people get controversial. Some say that the cookie grabber can only get the information from the site that you are currently on. This is true most of the time, however there is a chance for a grabber to access cookies from other sites. This is a term called cross-site scripting or XSS. So I suggest changing all of your "words." It doesn't always happen, but like I continue to say, better safe than sorry. So far this doesn't seem possible on Neopets though.


If it's too late…
If you were too late and your account was stolen and frozen, fill out a ticket on the NEW Support System. Emailing staff members directly do NOT work anymore. It just wastes your time. They will always direct you to the ticket system now.


Protecting yourself

So, now you know the basics of what cookies and cookie grabbers are. Don't panic though! I can help you learn what to look out for. Oh and before I forget, make sure you PIN EVERYTHING! Although they can get your pin as well, it doesn't hurt to have extra security. Let me fill you in on the basic scams.

Userlookups, Pet pages, Galleries, ect



These are the most common scams. Sometimes people will post their pet page links saying they have UFT lists or other interesting things there. -Same with Galleries and other places that the HTML can be edited by users. If it's a CGer, when you go to these places, just viewing the page will get you grabbed. There are a couple ways to protect yourself.
1. Don't go to these places. Ask people to tell you what's on the page instead. This isn't a very fun way though.
2. View these pages in another browser. Say you use Firefox for Neopets. Open Internet Explorer and copy and paste the link to there instead. This isn't 100% safe though.
3. The way I suggest (and personally use), is to use Firefox with the No script and Request Policy add ons. I dicuss these later in my guide.

Shop Sniping Scams

These are tricky ones. The attacker puts an item in a shop for 1 np or cheap. The most common ones are codestones, dubloons, map pieces, ect. They use coding to hide the real item and put a cookie grabbing link on the fake one.
Dimitri_stanislaus has a great Guide with images to show what these shops can look like.
So how do you avoid these? First off, you can avoid shops. But who wants to do that? Instead, right click on the page and view the source. Then hit CRTL-F and search for "cook." READ CAREFULLY!!- The only time "cook" should show up is at the bottom of the source. –UNLESS someone was talking about cookies in a board post, then that will show. If you see it in the user-editable area with a strange website next to it- get out of there! And report the shop. If it's not really a CGer, Neopets won't act. But it's better to be safe than sorry.
Using the trading post more than shops is a good idea too.

Board scams

These fall under the click-a-link category. Someone makes a board and gives you a link to click right away. Examples:
Tarla is here!
Draik in the pound!
And more.
So how do you avoid these? Simple, hover over every link before clicking on it. MAKE SURE it's a Neopets.com link.
The difference with these it that they bring you to another site. This is worse because they can bring you to a site that will actually hack your computer. If this happens, you need to change all your info for all your sites/emails, ect. *UPDATE* I thought this was obvious but if anyone tells you to go offsite, don't. Recently, I saw a board where someone put up a warning about duped items. They said to search for something specific on a search engine. People did, and they were CGed. The worst part? The offsite CGers can get ALL your info, not just Neopets.
*Another update* I have seen cookie grabbers that worked just by visiting a neoboard, not clicking a link. The only way to avoid these is with Firefox and the add-ons I suggest later on in my guide.
People asked for proof so here it is.
Drag to it URL bar for full-size.



The scary scams

Okay, try not to panic. These are nearly impossible to sneak past the filters. These are invisible pop-ups that appear and disappear really quickly. These you can't spot until it's too late. So, if you suddenly see a lot of strange code, or you get logged out after visiting a shop, gallery, guild, look-up or anything that users can code; Log out/in and change your word!
Now sometimes Neopets gets a tad glitchy and you have random log-outs and sometimes the dreaded "Neopets is offline." And with all of this cookie grabbing business, people tend to panic. If you are ever worried when something like that happens, just change your word when you log back in.
NOTE: If you have premium, sometimes visiting webmail can log you out.

Extra Security
I recommend using firefox with the REQUEST POLICY and NO SCRIPT add ons. Dimitri has more info on that on his Guide that I mentioned earlier. I have personally used it myself and find that it helps a lot.
Info on request policy…
Okay first off, never EVER allow all requests from any site. You will see a little red flag in the corner of the screen. If the flag is red, it is working. If you click the flag, you will see "blocked destinations." On neopet's regular pages there are 7 main ones that should be blocked. (Unless you have premium, then there are just two). I can't type them fully out but these should be blocked.. Goog, Score, Adb, Double, Quant, and Meteor.
Now when you view petpages and stuff, it will block pictures and such. You will have to click the flag and select allow requests from neopets.com to ...Photob, ect. BUT NEVER allow to a site you don't know. Request policy can be kind of annoying, especially off neo, but believe me, it is worth it.
Now for No Script, you have to allow Neopets and any other site you trust. No Script will make sure scripts are only run by sites you trust. –The ones you white-list (allow).

The problem with Neopets on "Face
I made another page for this. You can find it Here.

Now this is still a work in progress, if you have anything you would like me to add, please let me know by Neomailing me, Skizzabella.


Link to me?


Link to me?


Link to me?


Link to me?




Heads Up! You're about to leave Neopia!

You've clicked on a link that will take you outside of
Neopets.com. We do not control your destination's website,
so its rules, regulations, and Meepit defense systems will be
different! Are you sure you'd like to continue?



It is a journey
I must face...alone.
*dramatic music*
I want to stay on Neopets,
where the dangers of
Meepit invasion
are taken seriously.
Heads Up! You're about to leave Neopia!

You've clicked on a link that will take you outside of
Neopets.com. We do not control your destination's website,
so its rules, regulations, and Meepit defense systems will be
different! Are you sure you'd like to continue?



It is a journey
I must face...alone.
*dramatic music*
I want to stay on Neopets,
where the dangers of
Meepit invasion
are taken seriously.
Heads Up! You're about to leave Neopia!

You've clicked on a link that will take you outside of
Neopets.com. We do not control your destination's website,
so its rules, regulations, and Meepit defense systems will be
different! Are you sure you'd like to continue?



It is a journey
I must face...alone.
*dramatic music*
I want to stay on Neopets,
where the dangers of
Meepit invasion
are taken seriously.
/help/bumper/headers/log-in-to-facebook

NEOPETS, characters, logos, names and all related indicia
are trademarks of Neopets, Inc., © 1999-2017.
® denotes Reg. US Pat. & TM Office. All rights reserved.

PRIVACY POLICY | Safety Tips | Contact Us | About Us | Press Kit
Use of this site signifies your acceptance of the Terms and Conditions