1. STALCRAFT: X
  2. News
  3. Cybersecurity on the web and in games

Cybersecurity on the web and in games


Many beginners do not think about protecting their accounts because they do not yet understand how valuable it is. Usually, this only becomes apparent after an unpleasant experience — either your own or someone else's. The topic of cybersecurity seems complex and intimidating, as if malicious actors will always find a way to circumvent any security system.

In fact, protecting your account is not that difficult. You just need to follow a few simple rules. By following these tips, you can easily protect yourself from fraudsters and the omnipresent hackers.

[h2]Content[/h2]
How to keep your account secure?
How to stay safe from viruses?
How to identify a fraudster
Check before joining the clan
Windows/PowerShell command prompt
Reset of active sessions
Distribution of “valuable” information or calls to vote
Honesty tests
Fraud in the exchange window
Purchase of items via courier
Lotteries and giveaways
Artefact rerolling for other players
Salkubg promo codes
“Profitable” exchange
Trade warrantor
Account sharing
Giveaways on streaming platforms
How not to fall victim to fraudsters
What should you do if you run into a scammer?
What happens when you share your account
Official company resources

How to keep your account secure?
Before going into detail, let's look at the basic ways to ensure online security:

1. What is two-factor authentication (2FA) and why should you enable it?

Two-factor authentication (2FA) is an extra level of protection for your EXBO account.

The most effective way to protect your data is to use a mobile application. It will generate one-time codes that must be entered each time you log in to your EXBO account. It is impossible to steal these codes, as they are generated on your phone.

Two-factor authentication via the app is your best choice for security. You can read more about it on our support service website.

You can also enable another option for two-factor authentication — via email. However, this method will be ineffective if the mailbox itself is not protected by authentication.

2. Why you should use complex passwords.

Using complex passwords is important because they make it much more difficult to access your account. Strong passwords make it harder for hackers to gain access, which means they lower the risk of your account falling into the wrong hands.

Strong passwords are very important in keeping your information secure. Weak passwords can be hacked in seconds, which can lead to the loss of data or money. Using a unique password for each service minimises the risk of a “chain reaction”, where hacking one account gives access to all the others. These passwords protect against attacks when hackers try to guess or use stolen passwords to get into your accounts.

To make your password truly secure, make it long and combine different types of characters: upper and lower case letters, numbers and special symbols. Also, use a password generator to create complex passwords that are difficult to hack. It is good practice to use trusted password managers so that you do not have to remember everything manually.

3. Never share your password with anyone.

Do not share it with friends, strangers, “administrators”, and especially do not enter it on suspicious websites. If someone asks for your password, it is always an attempt to scam you. Even the support service never requests such data.

Remember that you are responsible for protecting your personal data, and developers only provide the tools to do so.

[h2]How to stay safe from viruses?[/h2]
We have only covered the basics of security. Now let's talk about other threats that can harm anyone who uses the internet.

Sometimes your data can be stolen directly from your device, and you won't even realise how it happened.

There are virus stealers — software that steals information. It can access Discord, save your passwords from your browser, take screenshots of your screen, and even record what you type on your keyboard.

Stealers only get onto computers and Android devices after an infected file is launched. It may be sent by fraudsters or “friends”, who will invent any excuse to get you to open it. Such files are often disguised as software, archives, mods, or useful tools.

For players of our game, stealers most often appear from three sources:

  • Various “cheats”;
  • Suspicious software downloaded from unreliable websites full of advertisements;
  • Phishing websites that copy EXBO or STALCRAFT: X and install a virus on your device instead of a launcher.


To reduce the risk of infection:

  • Install reliable antivirus software, especially on PCs;
  • Update your antivirus databases regularly;
  • Do not run suspicious files;
  • Download apps, launchers, and mods only from official sources;
  • Do not trust links and “gifts” from strangers.


The more careful you are with files and links, the harder it is for hackers to access your data.

[h2]How to spot a fraudster?[/h2]

In STALCRAFT: X, even the most hardcore solo players sometimes find themselves needing to interact with other players, especially when attractive offers pop up in the chat. In this article, we have compiled the most common methods of in-game cheating so that you can familiarise yourself with them and protect your virtual property.

[h2]Windows/PowerShell command prompt[/h2]
When communicating or interacting in any other way, the scammer may ask you to open Windows command prompt or PowerShell and enter commands that they tell you to. Under no circumstances should you do this! Otherwise, you risk losing not only your STALCRAFT: X account, but also your saved bank cards, access to other services, etc.

[h2]Check before joining the clan[/h2]
When joining a clan, you may be asked to undergo a cheat check. To do this, you will be asked to download a file or go to a mirror site and follow the instructions of the clan's scammer. As a result of such actions, your account may be stolen. Under no circumstances should you do this.

In any situation where you are asked to download third-party files or visit a website, you are most likely being scammed. Even if the resource looks very similar to the official website of the game or company, always check the address carefully. All official EXBO resources will be listed at the end of this article.

[h2]Reset of active sessions[/h2]
However, if your account has been hacked, or you have accidentally allowed a fraudster to gain access to your account, the game website offers a function to reset active sessions. This is one of the key security mechanisms: after it is used, the system immediately terminates all authorisations linked to your profile and invalidates previously issued login tokens. However, this only works effectively with two-factor authentication enabled, because a fraudster can re-enter the stolen password and regain access, but with two-factor authentication, even if the hacker still has access to your password, device or saved session, they will immediately be forced to go through re-authorisation — which they will not be able to pass due to the lack of a code, meaning they will lose access. This allows you to regain full control over your account and safely change your password to prevent unauthorised access.

[h2]Distribution of “valuable” information or calls to vote[/h2]
Another common scam is sending “valuable” information or requests to vote, visit a forum, receive a reward, or view an important message. Hackers disguise such messages as messages from familiar players or clan members.

For example:
“Hey! There is important information for you on the EXBO forum for top clan members: ” or “EXBO is holding a contest, I decided to try to win, please vote for me: ”.

Such links lead to fake websites that visually copy the official resource and attempt to steal your login, password, or login token. Remember: any unexpected requests to click on a link, especially if they are accompanied by pressure, promises of bonuses or urgency, should be checked with particular caution.

[h2]Honesty tests[/h2]
Another method of fraud is “honesty tests”. Scammers try to gain trust by offering to share accounts, play together, or provide temporary access in exchange for something. Such messages usually appear friendly and harmless.

For example: “Listen, let me use your account for a while. I have never used FAMAS, but I really want to. To be fair, I'll give you my account and some currency too”.

Such offers always have one goal: to gain control over your account. Once the scammer gains access, they change your password, steal your valuables, and block you. Remember: in STALCRAFT: X, there is no situation where anyone would need access to your account. Any requests to share account for a while are a guaranteed warning sign.

[h2]Fraud in the exchange window[/h2]
It is not uncommon to meet people who offer to buy something from you at a reasonable price and then, during the exchange, slip in different items while removing the last zero from the purchase price. The same applies to game items — artefacts are often being replaced.

Example: you want to buy a rare quality Shard. The player responds with an offer to sell it, then replaces the rare quality Shard with a common quality Shard in the exchange window. Or someone is trying to sell more than 100 boxes, replacing one of the stacks.

Honest players won't rush you! Always pay attention to the items and the amount of money in the exchange window, even if it takes some time.

Often, scammers pretend that the exchange window freezes in the last few seconds and cancel the exchange several times. This can happen even to an honest player, but you should still be extremely careful at this point. Especially if the player later tries to force an exchange via courier or asks you to transfer an item to them, promising to pay later.

Do not agree to exchange via mail if the exchange is “not working”. Do not rush into agreeing to a deal until you are sure that everything is working properly and that you are not being deceived.

If you encounter any issues with the exchange window or other elements of the game, please contact support service.

[h2]Purchase of items via courier[/h2]

In search of a profitable deal, you may be offered to buy an item, but due to some technical issues, the player is either in a different location, or the money is on another character who is also in a different location. In such situations, scammers offer to conduct the deal via mail, assuring you that it is faster, more convenient, and “everyone does it this way”. In reality, this is a classic scam: you send money or an item, and receive nothing in return. We strongly advise against using a courier for any deals. Always use the direct exchange function — it protects both parties of the deal and minimizes risks.

[h2]Lotteries and giveaways[/h2]
The player introduces themselves as a YouTuber or streamer and offers to participate in a giveaway of an expensive item, claiming that they are a public figure. As a result, they will try to get your money in every way possible, saying that your bet will be the first and, most likely, the winning one.

This category also includes messages such as “Give me 1kk, I'll give you 2kk”.

Instead of participating in suspicious giveaways, it is wiser to choose an in-game auction, which guarantees that you will receive the gear you need.

[h2]Artefact rerolling for other players[/h2]
It is not always possible to obtain Changing Serum or Reset Essence, so some rely on this method to reroll artefacts. As a rule, the scammer claims that they have rerolled many times before, and you can trust them, but they don't have the money to put down a deposit for the artefact.

There is also a drawback: a player may request to change their artefact, but will require a deposit equal to its auction price. However, this may turn out to be an attempt of fraud. The same player may place a similar artefact up for auction from another character at an excessively high price and refer to its value in order to obtain a deposit. After that, the player can simply exit the game. Always check the actual cost of artefacts before making such deals.

[h2]Selling promo codes[/h2]
Promo codes are usually available to everybody: they’re published during events or streams, or given out as compensation for technical issues. Such promo codes are always distributed for free and do not require exchanging any in-game items. However, from time to time truly unique promo codes appear, for example, Golden Tickets promos. They grant unique items, so it's not surprising that players desire to get them — and that’s exactly what scammers take advantage of. We do not recommend buying such promo codes, since the risk of being deceived is extremely high. A common scenario looks like this: you’re offered a valuable code, you purchase it, and then it turns out the promo code has already been activated or doesn’t exist at all.

Remember: if you are offered to buy a promo or exchange for it, it’s highly likely to be a scam attempt.

[h2]“Profitable” exchange[/h2]
In chat, you can often see messages like “I’ll trade my ZIVCAS for a legendary Embryo,” or something similar. An inexperienced player who notices an offer like that might check the auction and see that the proposed trade seems very profitable, but at the same time the artefact’s price is clearly inflated. Still, the chance to make a quick deal can push them to take the risk. This is similar to scams involving artefact rerolls, where a player lists the needed artefact on the auction from a different character at a high price.

After you buy it from the auction, the scammer will most likely just ignore you, because they’ve already logged in on another character to collect your money.

[h2]Trade warrantor[/h2]
Whether you’re trading through a courier or via the direct trade window, someone may suggest using a so-called warrantor. This is a third party who supposedly ensures the safety of both buyer and seller. In reality, it’s an illusion of security that benefits only the scammer. This is especially true if they offer using a bot as a warrantor — that’s a major red flag and a clear sign of an attempted scam.

[h2]Account sharing[/h2]
A scammer may offer to swap accounts for various reasons, for example, to try out cool gear, participate in tournaments, or “help” level up your character. In the end, the scammer can use or steal valuable items from your character.

Any situation where you voluntarily give another person access to your account violates the Licence Agreement (clause 4.1.2). If you break this rule, you will be denied account recovery if you lose access to it!

[h2]Giveaways on streaming platforms[/h2]
Some streamers run fake giveaways that require an entry fee and urge everyone to share the link to the stream. After they collect the fees, either the prizes go to assigned winners who are in on it with the streamer, or the stream ends and the scammer disappears along with everything they collected.

Even if the first few giveaways seem legitimate, that’s just bait — the goal is to gather more valuables later and then run.

These streams usually have few viewers and subscribers, but that doesn’t mean larger streams can’t be fraudulent as well. Don’t take part in such giveaways to avoid being scammed this way. Real giveaways are held by official media partners and on our own platforms — their list will be provided at the end of the article.

[h2]How not to become a victim of scammers?[/h2]

To protect yourself and your account, it’s important to follow a few simple but highly effective rules. Scammers use fake websites, “profitable” offers, and attempts to gain your trust, but most of these schemes are easy to spot if you stay cautious.

  • EXBO representatives will never ask you for confidential data, such as your password.
  • Never share your account details with third parties. Buying, selling, or sharing accounts is prohibited by the Licence Agreement. This can cause serious damage to your account.
  • The ways to claim prizes from official contests and giveaways, as well as organizer contacts, are always stated in the event rules. Any other messages from unknown players offering you a prize are scams.
  • All news about promotions and in-game events is published on the game’s official resources and in the in-game Events Hub. The company will not inform you about promotions involving prizes or discounts through private messages or third-party platforms.
  • Carefully check the website address before entering your account data. Even if it looks like our official site, if the URL differs by even one character, it’s a phishing site.


Phishing means creating a fake site to steal users’ logins and passwords. Don’t let visual similarity to EXBO resources mislead you. Remember: you can’t receive anything through a website — promo codes and rewards must be redeemed only in the game!
  • Buy gear and useful items only in the in-game shop or from other players for in-game currency, but always be careful to avoid suspicious offers.
  • Avoid downloading suspicious software from untrusted sources so you don’t put your data at risk.


What should you do if you run into a scammer?
  • Do not do anything the scammer asks you to do under any circumstances.
  • You can always report the player via the in-game chat, and also through our support website.
[h2]What account sharing can lead to?[/h2]
Sharing your account with other people is prohibited under clause 4.1.2 of the Licence Agreement. It can have serious consequences. If you give access to your account to friends or clanmates, you are fully responsible for anything that happens next. Support may apply sanctions: limit assistance with account recovery, refuse to return lost items, and so on.
Remember: by sharing your account, you violate the Licence Agreement and risk your data, achievements, and your entire in-game history.

[h2]Official company resources[/h2]
EXBO does not hold giveaways, prize draws, promotions, contests or similar events on third-party resources, except for our official platforms. We also never request personal data unless it is specifically stated in the rules of an official contest or event. All promo codes are distributed only through official EXBO resources or by company employees whose accounts are verified and listed on these resources. Promo codes are always activated in the game, not on third-party websites or services — any attempts to obtain a code via a link are fraudulent.

Here is a list of the company's official English-language resources:

Discord server;
Reddit page;
X page;
Facebook page;
Game website;
EXBO website;
Telegram channel.

Remember that you are primarily responsible for protecting your personal data. Scammers often rely on carelessness and trustingness.

We hope that after reading this article, you feel much more confident about protecting your account and items in STALCRAFT: X, as well as in other games and services.

The simplest and most effective action you can take right now is to set up two-factor authentication and a password manager, and replace all your important passwords with unique, automatically generated ones.

If you have not yet enabled Google Authenticator, we strongly recommend you do so.

Taking care of your security takes just a few minutes, but protects you for years — take these steps now!

Sincerely,
EXBO Team