How to spot OSRS account scams in 2026
Seven scam patterns that hit OSRS buyers in 2026, with real Sythe and r/2007scape threads, dollar amounts, and the structural defences that actually stop them.
The biggest risk in buying an OSRS account is not Jagex. It's the seller, or someone pretending to be the seller. The same five or six scam patterns repeat across Sythe, Discord, and Telegram, and most buyers who lose money lose it to a pattern that's been on Sythe's Report A Scammer archive for years.
This is a tour of those patterns with real thread URLs, dollar amounts, and the structural defences that actually shut them down. The defences matter more than the patterns. A marketplace with automated delivery and a written replacement policy doesn't have much room for any of these to land.
Pattern 1: the seller recovers the account after payment
The most common scam in the niche. Seller hands over credentials, takes payment, then uses the original creation email or recovery detail they kept to recover the account back. Three cases worth having on file:
- T33 (BTC, August 2018): Scammed by T33 thread on Sythe. Buyer paid in BTC, account recovered shortly after. Crypto means no chargeback, the buyer eats the full loss.
- Frenchy ($450, November 2019): Frenchy scammed me for $450 through Paypal. Skilling account, "recovered the account just one day after the purchase." Note: this scam combined recovery with PayPal abuse on the same victim.
- ACCKINGS (2.5 months later): ACCKINGS.com Account Recovered after 2 1/2 months. Recovery happened 75 days after the sale. Kills the "if I survive a week I'm safe" assumption.
The mechanism is simple. Jagex's recovery flow honours the original creator if they can prove deeper account history (creation IP, billing history, first email used). Sellers who never deliberately gave up that proof have a lever to pull.
Defence: buy from sellers where the credentials route through automated delivery rather than DMs, where the creation email is documented on file (so you can pre-empt the recovery flow), and where the seller has a structural reason not to scam (4,000+ vouches, a public storefront whose reputation is the asset). DM-only sellers operating from a freshly-created Sythe account fail all three.
Pattern 2: PayPal chargebacks (both directions)
PayPal is structurally awkward for digital goods. Two sides of the same problem:
- Seller-side scam: Frenchy above is the canonical case. PayPal Goods and Services lets the buyer chargeback claiming non-delivery even after credentials are handed over. The seller refuses to use PayPal again, or shifts to Friends and Family to dodge the protection.
- Buyer-side scam: a buyer pays via PayPal G&S, gets the account, then files a chargeback. PayPal refunds them, the seller loses both the account and the money. The Beware of PayPal Scams thread on Sythe is the seller-side warning. The How to avoid being scammed with PayPal as a seller thread is the protocol most legitimate Sythe sellers settled on: no G&S, or carry the chargeback risk knowingly.
The buyer-side outcome is that any seller asking for PayPal Friends and Family is asking you to strip your buyer protection. That's a red flag from your side. Any seller refusing PayPal entirely in favour of crypto isn't a scammer, they're just trying to avoid becoming a victim of pattern 2b.
Defence: pay through a processor that's structurally adversarial to chargebacks, accept crypto as the lower-friction option, and treat a "Friends and Family or no deal" insistence as a stop sign.
Pattern 3: fake middleman
The buyer and seller agree to use a middleman to hold funds and credentials until both sides are happy. A scammer pretends to be that middleman, gets added to the chat, takes the deposits, and disappears. Real Sythe threads:
- KBD scam attempt (fake Sythe middleman PM) documents the group-chat-invite vector: scammer adds victim to a Discord group containing a fake middleman.
- Adramax attempting to scam with a fake middleman is a named-actor case.
- Someone trying to middleman scam shows the Discord-username-spoof tactic ("tyler SythePrince#0112" impersonating a real Sythe staff handle).
- Reporting two account scammers + staff impersonation has scammers impersonating Sythe staff, not just middlemen.
The Sythe forum maintains a list of approved middlemen for exactly this reason. The mistake is using someone outside that list because "a friend of a friend recommended them," or accepting a middleman invite from a Discord DM rather than starting the chat from the Sythe approved-middleman page.
Defence: marketplaces with built-in escrow or automated delivery take the middleman concept off the table entirely. There's nothing for an impersonator to impersonate when the credentials route from the seller's order system to your order page without a human in the loop.
Pattern 4: donor status, recycled vouches, bulk recovery weekend
A long-game variant of pattern 1. The scammer buys high donor status on Sythe, collects a handful of legitimate vouches (paid bait transactions, real product), then in one weekend sells multiple high-value accounts and recovers all of them before the marketplace realises.
- scammed by donor references PAK with a total reported loss of $2,205.
- LuckyCharmGold's buying guide describes the pattern in plain language: scammers "buy a high donor status on Sythe or Osbot with some vouches to then sell multiple OSRS accounts. When they have sold all... they will then recover."
- Sythe's Trading 101 thread is the community's defensive primer: donor tier + post count + account age + vouch quality together, not any single one alone.
The threshold luckycharmgold uses is "500+ genuine long-term vouches" and "active for over a few years." That floor knocks out the new-donor-with-five-vouches pattern but not the long-con. The long-con is harder.
Defence: pick sellers with both vouch density and persistent infrastructure they'd lose by scamming. A vouched seller who's also operating a website with on-site automated delivery, a written replacement policy, and a brand they've spent years building has a much higher opportunity cost on a single bulk scam.
Pattern 5: Discord DM and Telegram sellers
Cold DMs offering accounts cheaper than market rate, no escrow, no automated delivery, often demanding Friends and Family or crypto to a randomly named wallet. This is the unconditional bottom of the market. tonsofxp's common scams piece puts it plainly: "Be doubtful of players messaging you randomly... real sellers usually operate through websites with proper support."
Telegram-specific scam volume jumped in 2025-2026 per Kaspersky's 2025 Telegram report: Telegram-specific fraud rose 43% year-on-year, Telegram-based crypto malware attacks surged 2,000% from late 2024 into early 2025. That spillover hit OSRS account markets within months.
Defence: never start a deal from an unsolicited DM. Always initiate from a marketplace listing, an established seller's website, or a public storefront on a forum you trust. If you do need to talk to a seller in DMs (Discord or otherwise), it should be after you found them on a marketplace, not before.
Pattern 6: stolen accounts being resold
The seller doesn't own the account they're selling. It was hijacked, flipped quickly at a steep discount, and the original owner reclaims it through Jagex's recovery flow weeks later. The buyer loses the account with no recourse against either the scammer or Jagex.
LuckyCharmGold's recovery guide notes the mechanic from Jagex's side: "sudden IP address change might cause the account to be locked... most account sellers create accounts with fake login emails." Tons of XP's account recovery guide adds the appeal angle: "rapid, suspicious IP address changes... they lock it to protect the account's progress until the rightful owner can prove their identity."
Jagex sides with the demonstrable original creator. If the seller isn't the demonstrable original creator and the account had a real prior owner, the buyer is in second place by design.
Defence: low price below market is the leading signal. A maxed main listed at 1/10th of comparable Eldorado listings is not a deal, it's a stolen account being moved fast. Cross-check the price against recent listings on legitimate storefronts. Sellers who train their own supply chain (or document their sourcing on an about page) are a structurally different category from sellers flipping anonymous inventory.
Pattern 7: post-purchase "send me your login to fix it"
After a legitimate sale, a scammer (sometimes the original seller trying for a second bite, sometimes a Discord impersonator) contacts the buyer claiming there's an issue: a Jagex flag, a bank PIN problem, a verification step. They ask for the new credentials, promising to fix it.
The OSRS Wiki's Scams page states it without qualification: "Jagex will never ask you to reveal sensitive information." Jagex's own Phishing support article covers the same rule. Any "support" DM after purchase asking for your password, your Authenticator code, or your backup codes is a scam, full stop. There is no scenario where a legitimate seller or Jagex employee needs that information.
Defence: refuse to share credentials with anyone after the sale completes. If the seller needs to "fix" something, they can do it through the order system or a screen-share where you control the inputs. If they need your live password to fix a problem, the problem they're fixing is "we haven't scammed you yet."
Shop impersonation
The 2026 variant worth flagging: copy-cat shops that mimic a known brand's listings, name, and Discord. Sythe has a Discord Impersonator Checker tool because the problem is bad enough to need automated detection. Examples like Fake Names Shop and Scammed by an impersonator are the typical cases: the impersonator copies the real shop's listing text, screenshots, and Discord setup, then runs the seller- recover scam against buyers who think they're dealing with the legitimate brand.
Defence: only buy through links that originate from the seller's own posts or website. If a "Fury Accounts" Discord adds you out of nowhere, check the invite URL against the one on my storefront. Check that the Discord ID matches mine (mine is linked from every product page). Don't trust a username alone.
The structural defences in one table
| Scam pattern | Structural defence | Where it fails |
|---|---|---|
| Seller recovers after payment | Documented original creation email + automated delivery + persistent shop | DM seller with no infrastructure |
| PayPal chargeback (both ways) | Crypto-first checkout, no F&F demands | F&F-only sellers |
| Fake middleman | Built-in escrow / automated delivery (no middleman needed) | Off-platform deals |
| Recycled-vouch bulk scam | Long-term operational signals beyond vouch count | New donor with sparse history |
| Discord/Telegram DM seller | Buy only through marketplace listings | Cold DM "deals" |
| Stolen account being resold | Sourcing disclosure, market-rate pricing | Below-market headline price |
| Post-purchase credential request | "Never share credentials after sale" rule | Trust-based handoffs |
| Shop impersonation | Verify Discord/store URLs from the brand's own posts | Username-trust |
What this looks like on my side
Most of the above is why my checkout looks the way it does. Credentials route from Sell.app to your order page directly with no DM handover. Crypto is the default to keep both of us out of the PayPal chargeback loop. The original credentials stay retrievable on your order page indefinitely so any future replacement claim has verifiable provenance. The about page is where I document the sourcing chain (every account is trained by me or my farm, no resold supply). The FAQ has the written replacement policy.
None of this is unique to me. Probemas, RPGStash, and a couple of others run similar structural defences. The point is to recognise the structure rather than the brand. If a seller is missing the defences in the table above, the patterns are going to find them sooner or later.
If you're in the market, the accounts in stock right now page lists everything available with the format, the replacement scope, and the delivery flow labelled. The safety post covers the Jagex-side risk if that's the question on your mind too.