RootyCat 59 Posted October 13, 2015 Recently there have been accounts in sG that have been compromised by a phisher who is unknown, hes been targeting people in sG such as Sweetrock, JFK, to get access to the friendlist and identity. The phisher approches and ask you to join a server for a number of reasons such as to be an admin or to join a tournament, when you attempt to join the server an error message pops up and you are kicked from the server when you read the error message it ask you to download an antivirus from a website in which the phisher links you to the website. After downloading the anit-virus the phisher ask you to turn off smartscreen where you are to log back into steam, Thats when the key logger you downloaded in the anti-virus activates and steals you account. I know there have been discussions about phishing recently, this isnt so much a disscussion but more a warning to everyone. The phishers goals havent really been identified but from my understanding he is targeting the sG community for access to the servers and the money in skins and knives. -RootyCat Share this post Link to post Share on other sites
Destin 1958 Posted October 13, 2015 I doubt he is targeting sG members. He got sweetrock and was just using her friends list Share this post Link to post Share on other sites
Paul_Waffle 579 Posted October 13, 2015 they target everyone on the friends list of accounts they steal normally not just people in sG Share this post Link to post Share on other sites
JFK 546 Posted October 13, 2015 Yeah, definitely not my brightest moment and I'm still feeling pretty down because of it. Thankfully, I wasn't stupid enough to not immediately realize that I was keylogged when that .exe opened up no visible program and certain keys were disabled for the Steam password input box. Of course, I'll admit I'm still pretty dumb for even falling for it, but I'll just say in my crumbling defense that this Russian phisher really didn't type that much differently than Sweetrock as far as I could tell. All bad half jokes aside and after realizing what had happened, I had immediately shut down Windows and used a Live Linux USB to change my steam and E-Mail passwords before he could do any too much serious damage. Besides my Steam password which I immediately changed and a couple of nasty comments in Google's search bar, his keylogger recorded nothing but useless keystrokes. Funnily enough, I had decided the night before that today was the day I was finally going to install Windows 10 and I backed up most of my files in advance for this so I couldn't have been phished on a better day. And yes, it was a full installation that completely wipes the drive rather than an upgrade installation if you're worried about me being stupid again. As far damages go, I'm fairly sure he only harassed Piero, Sean, Pike and someone named "Derp". with my account. Of course the first 3 weren't fooled since they all know how I type and one of them told the phisher to fuck off. As for Derp though, I'm pretty damn sure he was phished through my account. I don't really know him all that well besides the fact he plays JB. But what I do know is that at the end of the Russian JFK's conversation with Derp, the fake was trying to explain to him how to disable smartscreen. Which is a feature in IE that detects phishing websites... Unfortunately, I'm pretty sure he was also conned since not only did I not get a reply back from him after messaging to him that any earlier messages from me that day weren't from me, he was removed from my friend's list. Since the most expensive skin on my account is $0.75, that the phisher was extremely quick to go after the people I just mentioned, and these people "coincidentally" have some fairly expensive inventories, I'm almost certain that he was monitoring the inventories of the people on my friend's list for quite some time before phishing me and wanted to use me as a network for phishing more people with decent inventories. There's no other reason why they would go after someone with close to literal shit for an inventory. Ultimately, besides now having a reputation as a moron who idiotically fell for a phishing scam, there were no lasting consequences on my end. The keylogger was of course completely erased with the full Windows 10 installation and the Russian phisher never gained lasting access to any accounts I own because I changed the passwords through a Linux OS that obviously wasn't infected. And yes, I know he's Russian because a half hour after my account was hijacked, I had gotten a steam verification e-mail for something in Russian. I don't know for what exactly since I immediately deleted it upon first sight. TLDR: Everything is back to normal on my end and I'll no longer offer anymore free AWP | Asiimovs. Derp, I'm truly sorry that you may have been phished because of my carelessness.19162018 Share this post Link to post Share on other sites
Sean 3760 Posted October 13, 2015 Just for people to understand before you read JFKs wall of text... It's not a keylogger. It recovers your steam information instantly and steals your account. Keyloggers need to be installed into the backdoor and patiently wait until the information is inputted. All you had to do is do a windows system restore to an earlier date to remove the file and just focus on getting your steam account back Sent from my SM-G920W8 using Tapatalk Share this post Link to post Share on other sites
JFK 546 Posted October 13, 2015 Just for people to understand before you read JFKs wall of text... It's not a keylogged. It recovers your steam information instantly and steals your account. Keyloggers need to be installed into the backdoor and patiently wait until the information is inputted. All you had to do is do a windows system restore to an earlier date to remove the file and just focus on getting your steam account back Sent from my SM-G920W8 using Tapatalk You know for a fact it's not a keylogger? I should have mentioned this in the wall, but the program crashes CSGO and automatically logs you out from Steam. All to bait you into typing your Steam password in Steam. They wouldn't have to wait very patiently either, since the phisher has you under the impression that you need to get into a server. I'm sure a simple system restore probably would have worked but like I said, I planned on a new installation of Windows 10 anyways. Share this post Link to post Share on other sites
Sean 3760 Posted October 13, 2015 Its most likely a rat and nothing more. Did you end up trying to re-login after downloading the file? Me and a few other people deduced that it's most likely the .scr file that's executed and steals your login details. It's not the file that crashed your CSGO, it was a bot kicking you out of your account, which causes csgo to crash. Share this post Link to post Share on other sites
JFK 546 Posted October 13, 2015 It was the first thing I tried, but I was blocked from entering the last character of my password so I was locked out up until I reset it. Share this post Link to post Share on other sites
centran 4457 Posted October 13, 2015 FYI there are several phishing scams over the years. This latest one involves logging into a team speak server. After doing so it requests to install an update which is a Trojan. Not sure what it does but it is probably a keylogger. Team speak will only ask you to update at first launch! Never when you join a server. Sent from my LGLS991 using Tapatalk Share this post Link to post Share on other sites
sweetrock 420 Posted October 13, 2015 Im never going to get a aswer from steam support, he already sold my p90s! I dont think i can do this shit anymore! I am depressed I just want penny lane back! Share this post Link to post Share on other sites
Dakka 854 Posted October 13, 2015 I'm all too familiar with phishers, once one of your friends gets hit, a few more are guaranteed after that. Damn shame that all their good stuff gets stolen or sold off before they get their account back. Share this post Link to post Share on other sites
Swed 2651 Posted October 13, 2015 Im never going to get a aswer from steam support, he already sold my p90s! I dont think i can do this shit anymore! I am depressed I just want penny lane back!Did you turn off e-mail verification for trades? Share this post Link to post Share on other sites
Poseidon 269 Posted October 13, 2015 Did you turn off e-mail verification for trades?I mean if he has the account he can change that email to another Share this post Link to post Share on other sites
shikaku 706 Posted October 13, 2015 i was so close to joining sweetrock, i think the only reason i didn't was i was playing league. I should've known it wasn't her by the person typing in great grammar. Share this post Link to post Share on other sites