The Daily Neopets › Neopets Articles › Cookie Grabber ProtectionThere are two types of cookie grabbers - the good kind, and the bad kind. The good kind is the type that steals those little tasty chocolate-chipped pastries fresh from the oven, right after your mom finished baking them. That's right, your little brother or sister. Needless to say, these do not endanger the life of an average Neopian. :D Yay?
The bad kind, in all seriousness, is technically a type of a scam. Let's establish now, though, that cookie grabbers are NOT hacks. First, let's define a cookie. Cookies (no, I'm not talking about the chocolate chip kind) are little blips of data that a website sends to your computer. Cookies are stored specifically for your browser.
To be more specific, the cookies used on Neopets (and on almost every site) are used to store login information, in a sense. These cookies tell the website that you're logged in and who you are. For instance, when I log on as myself (of course) on Neopets, neopets.com sends my computer a cookie, saying that I am logged on as grantauy. When I log out, this cookie is deleted. It's as simple as that.
Cookie grabbers are malicious scripts that can steal (hence the name) or make a carbon copy of these cookies. Therefore, they can essentially masquerade as you, using your cookie. In this case, they are usually placed in Neopian shops, galleries, and userlookups. At the time of writing, no, they cannot be coded into Neomails, on the boards, into your inventory page, etc. Don't worry; they only steal the cookie of the site you are on. Therefore, if you run into a Neopets CGer, they're not going to gain access to your TDN account, your email account, etc.
If you were to visit a shop/gallery/userlookup with a CGer on it, and you don't take the appropriate measures, you can quite possibly be frozen for "suspicious activity" if and when the scammer gets onto your account. We'll get more in-depth a bit later.
Obviously, the best way to prevent being CGed is to avoid them in the first place. Don't fall for the common tricks that scammers employ to get you to visit CGer pages! If something is too good to be true, it's too good to be true. Let's say that someone claims to be lending a MSPP (TCG)...and says that proof is in his gallery. He provides a link. There may be a CGer in that person's gallery, so don't click that link! In this case, the safest thing to do would be to search for a MSPP (TCG) using the Shop Wizard in Gallery mode. If one shows up in his gallery...then it's true. Promises of cheap uber-rare items, fake large-ticket-item lending (as mentioned), and such can be traps laid out by scammers.
No, I'm not saying that every shop in Neopia has a CGer. No, I'm not saying that everyone is a scammer out to steal your precious cookies. No, I'm not saying that you should hide in a corner and stay off neopets.com for the next five years. However, you still have to be careful. Think twice before entering a shop or gallery...but don't immediately alert everyone in Neopia until you are ABSOLUTELY SURE it's a CGer. Unfortunately, it's very hard to prove that it's a CGer without going into the shop/gallery yourself...and that's definitely not a good idea.
The most widely used method of preventing CGing is to switch to Firefox and install the forever-useful add-on NoScript 
. NoScript prevents malicious scripts, including CGers! It may seem like an absolute pain, but it's WORTH IT. I myself have walked into THREE shops/galleries with CGers in them. The only thing that saved me from losing my account? NoScript. NoScript. NoScript. Maybe Chrome is faster, maybe you have all your bookmarks saved on Opera, or maybe you're just attached to Safari. But at the time of writing, there is no equivalent of NoScript on any other browser. Firefox with NoScript is just safer!
Password security is also VERY IMPORTANT. The weaker your password is, the faster the CGer can get your password, quite obviously. This is because your password is not saved directly in the cookie, but different data that can reveal your password can be found in the cookie. Therefore, you should have a strong password (in addition to a PIN) at all times, not just to protect yourself against CGers. After all, if your password is "opensesame" or something obvious like that, how long do you think it would take someone to get into your account...even without stealing your cookie? For more information, please view our Password Security article.
So maybe that wasn't enough. Don't blame yourself! It could happen to anyone. Like I said, I fell for CGers three times! If you think you've fallen for one of these tricks, IMMEDIATELY log out, log back in, and change your password. Logging out and logging back in will reset your cookie, making the cookie that the CGer stole useless! Just in case, make sure you have PINs set on everything, too, especially the option of changing your email address. If that's not PIN-protected, the CGer could just change your email and request the password/PIN!
What if your account was frozen for "suspicious activity?" The only thing you can do at that point is to send a ticket to TNT (not us here at TDN, please, since we can't do anything regarding neopets.com accounts) and be patient. You're going to have to prove that you are the real owner of your account! If possible, you should have access to the original email associated with your account. In other words, the email you used to sign up for your account. Don't have it anymore? Forgot it? Don't stress - although it speeds things up, it isn't necessary for every situation. Just wait for feedback from TNT.
CGers can be menacing, malicious "scams," per se, but you can avoid them if you are careful. (NoScript helps a lot too, of course. =P) Give everything you do a second thought and take precautions, and you should be fine.
This Neopets help article was written for The Daily Neopets by staff member Grant.
Incorrect or old information? Contact Us right away! Help us keep this page up-to-date!
