There is yet another way hackers are trying to get game account info. They are also using this method to steal gmail, bank account info, and any other username / password info you might have.
Here is how it works:
You open up your favorite browser (IE, Firefox, Chrome, etc) and go to multiple websites (thus opening TABS on a browser window).
Once the malicious website notices your focus is no longer on their site (you have another TAB active), the site reloads with a very convincing duplicate of gmail, Lord of the Rings official website, etc. Except of course, you are not really on that site - it just LOOKS like you are. And of course, you are logged out.
The idea, is that you will not remember that you really don't have gmail, Lord of the Rings Online official website, etc open and you will enter your username/password in the bogus site.
As soon as you do that, the hacker has your info!
Supposedly, Firefox's 'No-Script' add-on combats this... However, a better method would be to open up a new window and navigate to the website yourself if you see a page that is asking for your log-in information.