Jump to content

Steam phishing


Sparda

Recommended Posts

I received my first spam through Steam this evening. Given that Steam is running approximately 80% of the time I am at a computer that's quite low given that Steam has been around for 4 or 5 years. Although the friends system has only been working for the last 3 of those 5 years and even then only recently has the full community system been implemented.

I am curious to know how much, if at all other, people receive these.

phishing.png

Some thing to remember: There is a "Report Violation" button in the top right corner of every users account page, very useful and must be clicked at least once.

Also, the URL in the phishing has a page that looks like the steam community login page.

Link to comment
Share on other sites

I received my first spam through Steam this evening. Given that Steam is running approximately 80% of the time I am at a computer that's quite low given that Steam has been around for 4 or 5 years. Although the friends system has only been working for the last 3 of those 5 years and even then only recently has the full community system been implemented.

I am curious to know how much, if at all other, people receive these.

phishing.png

Some thing to remember: There is a "Report Violation" button in the top right corner of every users account page, very useful and must be clicked at least once.

Also, the URL in the phishing has a page that looks like the steam community login page.

It might be valid, though I've never used steam and don't know if the url is legitimate. I've logged on to other chat clients and had similar messages that then say press 1 here to use this session and disconnect the other. This happens when I leave myself logged in at home and then log in at work.

Link to comment
Share on other sites

It might be valid, though I've never used steam and don't know if the url is legitimate. I've logged on to other chat clients and had similar messages that then say press 1 here to use this session and disconnect the other. This happens when I leave myself logged in at home and then log in at work.

Dude, that URL is not real just look at it. First it would be a steampowered.com or steamcommunity.com. Second, it's a f-ing .tk domain. The hole thing is to make you panic "OMG some one is going to steal my account!!" *Clicks link, logs in* They now have your password and log in. Even if you haven't used steam before. Seeing a .tk domain should set off alarms.

Link to comment
Share on other sites

Yup, absolutely not real, as Seshan said everything about that URL is sketchy, the lack of an official Steam domain, the .tk TLD, the message itself isn't technically sound either. I have to agree with Sparda though, they've managed to keep it relatively clean for an awfully long time, and kudos to them for that.

Link to comment
Share on other sites

i would go and use a fake name and fake password just to F with them LOL :D

Thats funny, because I had actually already done that when I read Spardas post. I often do that when I get spam, I copy the link snad visit the sites sometimes with wireshark running to see where the data gets psoted to and what shows up. Often you can find databases of stored email, names and passwords on these sites by tracking the information down, so long as they leave some holes in the way they collect the data. Other sites are smart enough to keep all the data hidden.

Link to comment
Share on other sites

You have to admire Valves attempts to prevent this sort of attack, the "Never tell your password to anyone" helps lots of people who don't know better. Maybe it should say "Never tell your password to anyone, even if you think we're the ones asking"

PS: ahhh, that url is down :( now i'll never get my account validated.

Link to comment
Share on other sites

Steam phishing isn't all that popular

more popular are steam password stealers, they are included in many trojan/Rats (remote administration tools)

basicly

don't download "OMG WORKING HACK'S" or anything like that.

most people here are smart enough not to fall for phishing attacks anyway

Link to comment
Share on other sites

OMG you guys sign up for the L4D-2 Beta Yet!?!

v58mu1.jpg

It's nice little scam it looks real, say for the fake url/login screen. Hmm, I should find a copy of Access Diver and spam them, lol

Link to comment
Share on other sites

It might be valid, though I've never used steam and don't know if the url is legitimate. I've logged on to other chat clients and had similar messages that then say press 1 here to use this session and disconnect the other. This happens when I leave myself logged in at home and then log in at work.

I am completely thrown back by your reply. It can only mean one of two things:

1) It is the uninformed users like yourself that are fueling these phishing scams by actually believing it and upping their success rate.

or

2) You are the one that is sending out the phishing scam and are trying to prove its legitimacy so you can up your success rate.

Thoughts?

Link to comment
Share on other sites

I am completely thrown back by your reply. It can only mean one of two things:

1) It is the uninformed users like yourself that are fueling these phishing scams by actually believing it and upping their success rate.

or

2) You are the one that is sending out the phishing scam and are trying to prove its legitimacy so you can up your success rate.

Thoughts?

My guess would be the former, though perhaps he just didn't understand the context...

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...