Sparda Posted June 19, 2009 Share Posted June 19, 2009 I received my first spam through Steam this evening. Given that Steam is running approximately 80% of the time I am at a computer that's quite low given that Steam has been around for 4 or 5 years. Although the friends system has only been working for the last 3 of those 5 years and even then only recently has the full community system been implemented. I am curious to know how much, if at all other, people receive these. Some thing to remember: There is a "Report Violation" button in the top right corner of every users account page, very useful and must be clicked at least once. Also, the URL in the phishing has a page that looks like the steam community login page. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted June 20, 2009 Share Posted June 20, 2009 I received my first spam through Steam this evening. Given that Steam is running approximately 80% of the time I am at a computer that's quite low given that Steam has been around for 4 or 5 years. Although the friends system has only been working for the last 3 of those 5 years and even then only recently has the full community system been implemented. I am curious to know how much, if at all other, people receive these. Some thing to remember: There is a "Report Violation" button in the top right corner of every users account page, very useful and must be clicked at least once. Also, the URL in the phishing has a page that looks like the steam community login page. It might be valid, though I've never used steam and don't know if the url is legitimate. I've logged on to other chat clients and had similar messages that then say press 1 here to use this session and disconnect the other. This happens when I leave myself logged in at home and then log in at work. Quote Link to comment Share on other sites More sharing options...
Seshan Posted June 20, 2009 Share Posted June 20, 2009 It might be valid, though I've never used steam and don't know if the url is legitimate. I've logged on to other chat clients and had similar messages that then say press 1 here to use this session and disconnect the other. This happens when I leave myself logged in at home and then log in at work. Dude, that URL is not real just look at it. First it would be a steampowered.com or steamcommunity.com. Second, it's a f-ing .tk domain. The hole thing is to make you panic "OMG some one is going to steal my account!!" *Clicks link, logs in* They now have your password and log in. Even if you haven't used steam before. Seeing a .tk domain should set off alarms. Quote Link to comment Share on other sites More sharing options...
moonlit Posted June 20, 2009 Share Posted June 20, 2009 Yup, absolutely not real, as Seshan said everything about that URL is sketchy, the lack of an official Steam domain, the .tk TLD, the message itself isn't technically sound either. I have to agree with Sparda though, they've managed to keep it relatively clean for an awfully long time, and kudos to them for that. Quote Link to comment Share on other sites More sharing options...
italiano40 Posted June 20, 2009 Share Posted June 20, 2009 i would go and use a fake name and fake password just to F with them LOL :D Quote Link to comment Share on other sites More sharing options...
digip Posted June 21, 2009 Share Posted June 21, 2009 i would go and use a fake name and fake password just to F with them LOL :D Thats funny, because I had actually already done that when I read Spardas post. I often do that when I get spam, I copy the link snad visit the sites sometimes with wireshark running to see where the data gets psoted to and what shows up. Often you can find databases of stored email, names and passwords on these sites by tracking the information down, so long as they leave some holes in the way they collect the data. Other sites are smart enough to keep all the data hidden. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted June 22, 2009 Share Posted June 22, 2009 You have to admire Valves attempts to prevent this sort of attack, the "Never tell your password to anyone" helps lots of people who don't know better. Maybe it should say "Never tell your password to anyone, even if you think we're the ones asking" PS: ahhh, that url is down :( now i'll never get my account validated. Quote Link to comment Share on other sites More sharing options...
RobLoos Posted June 22, 2009 Share Posted June 22, 2009 Steam phishing isn't all that popular more popular are steam password stealers, they are included in many trojan/Rats (remote administration tools) basicly don't download "OMG WORKING HACK'S" or anything like that. most people here are smart enough not to fall for phishing attacks anyway Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted June 23, 2009 Share Posted June 23, 2009 OMG you guys sign up for the L4D-2 Beta Yet!?! It's nice little scam it looks real, say for the fake url/login screen. Hmm, I should find a copy of Access Diver and spam them, lol Quote Link to comment Share on other sites More sharing options...
miT Posted June 24, 2009 Share Posted June 24, 2009 It might be valid, though I've never used steam and don't know if the url is legitimate. I've logged on to other chat clients and had similar messages that then say press 1 here to use this session and disconnect the other. This happens when I leave myself logged in at home and then log in at work. I am completely thrown back by your reply. It can only mean one of two things: 1) It is the uninformed users like yourself that are fueling these phishing scams by actually believing it and upping their success rate. or 2) You are the one that is sending out the phishing scam and are trying to prove its legitimacy so you can up your success rate. Thoughts? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted June 25, 2009 Share Posted June 25, 2009 I am completely thrown back by your reply. It can only mean one of two things: 1) It is the uninformed users like yourself that are fueling these phishing scams by actually believing it and upping their success rate. or 2) You are the one that is sending out the phishing scam and are trying to prove its legitimacy so you can up your success rate. Thoughts? My guess would be the former, though perhaps he just didn't understand the context... Quote Link to comment Share on other sites More sharing options...
Arrowofdarkness Posted July 5, 2009 Share Posted July 5, 2009 i would go and use a fake name and fake password just to F with them LOL :D I found a site that stole my friends info and spammed the hell out of them, just randomly generated correct POST data flooding them with useless crap, until he took the site down ... FTW? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.