Got the exact same thing a few hours ago.
My laziness was my first line of defense 😉
Said I was busy and moved on. I too had no idea what he was talking about, playing single most of the time.
Yup, don't let your guard down
Comment has been collapsed.
I can see from your Steam profile that we both have this phisher user in our friend list. Not really a surprise :)
Comment has been collapsed.
I don't play CSGO, so I am protected from such scammers 😎
Comment has been collapsed.
Not necessarily... The scammers add just about anyone and try to pull this scam. It just happens more if you have items in your inventory that are worth something, or if you're friends with someone who has items in their inventory worth something.
Comment has been collapsed.
It's the "standard" phishing method they've been using for at least a year or two (probably longer).
The entire premise is very bogus, to be honest: they ask you to "join their team" (in a popular game like Dota 2 or CS:GO)- what kind of a "team" isn't complete and asks random users to join in; then, when you refuse, they ask you to "vote" for their team- a vote where any random person can participate is completely worthless and won by account making bots, asking "fiends" to do it is ludicrous; you didn't get to that part, but if you still refuse they start guilt tripping you by saying how "a real friend" would have done it and threatening to remove you from their friends list. (On that note- you should write down that friend's Steam ID. These phishers often clear out people's friends lists when they're done with them for whatever reason... so when your friend gets their account back, you might need to re-add them. :/ )
It's really quite evil when you think about it (well, phishing is generally very evil...). They are betting on people being too nice and lowering their guard (or being unaware, but I've seen even aware people fall for it just because they were too kind and trying to help).
All in all, if a friend suddenly talks like an alien and refers to you as "bro", there's a 99.999% chance they've been phished and you're the next target. ;P
Comment has been collapsed.
type random things in the login/password field
Hmm.. couldn't one create some script/bot or whatever is needed to DDoS them ? I mean I hardly doubt those low life fuckheads have any "security" in place for their scamming forms... I mean it wouldn't probably really stop them or anything, but at least make some headaches for them
Comment has been collapsed.
This is the easiest way for those who lazy to check what exactly site they trying to log on
Comment has been collapsed.
I've gotten these plenty of times. I report the accounts as being hacked. The funny thing about these phishing attempts is they involve CSGO and a lot of times the accounts don't even own the game.
Comment has been collapsed.
fishing
phishing
phising
phishing
Now, I'm not saying you've had too much eggnog..
But it does seem likely that any eggnog you may have had, may have been a bit too strong. ~.^
Comment has been collapsed.
Another tip: Enable 2FA. They can find my user and password but they will never login since they need a confirmation code from the Steam mobile app.
Comment has been collapsed.
Their fake Steam log-in lookalike asks for the code and it definitely has a bot waiting to immediately use that code to log into your account. So, no, 2FA doesn't really protect against phishing.
Comment has been collapsed.
This is old and still used quite frequently but it still doesn't hurt to remind folks every now and then. Forever getting the "vote for my team" garbage too. SMH.
Comment has been collapsed.
Hello folks
As a generic reminder, always be careful when a website asks you to type your Steam credentials.
This morning I've been contacted by a SG user who is in my Steam friends list (my guess is that his account has been hacked). The guy asked me to take part in a CSGO competitive thing, which is already odd since I usually don't do multiplayer. When I explain I'm not interested, the user asks for me to enroll in their team list for a short time: "bro please can u be like placeholder on page at least so they wont disqualify us now ?we will kick u when get 5 it will take 30sec".
Sounds easy, why not give someone some help ?
Well, next step is to create an account on some shady website (I won't post the exact URL, just in case: it involves words like "rival" and "ecups"). When you try to create an account, the only option is to login with Steam Open ID. That's when things go wrong: the steam login popup is forged. If I'd try to put my credentials, they would have been sent to the scammer.
Another technique for users comfortables with IT: type random things in the login/password field, then check with the network observer where these fake credentials are sent: if it's not to valve, but to the site you try to use Steam login with, it is obviously a phishing attempt.
How to easily detect this kind of phising ?
1- go to steam store and to steam community pages as you always do (by using your own bookmark)
2- make sure you are logged in
3- try to login to the site you're not sure about, and check the Steam Login pop-up: you should only have the "login with Steam button", since you are logged in the Steam network. If you see a prompt for identifier and password, then it is a phishing attempt, a forged login popup.
TL;DR No harm done to me since I was careful, but be aware that something is ongoing.
Comment has been collapsed.