Phisher targeting sG members

[RootyCat 59]

Recently there have been accounts in sG that have been compromised by a phisher who is unknown, hes been targeting people in sG such as Sweetrock, JFK, to get access to the friendlist and identity. The phisher approches and ask you to join a server for a number of reasons such as to be an admin or to join a tournament, when you attempt to join the server an error message pops up and you are kicked from the server when you read the error message it ask you to download an antivirus from a website in which the phisher links you to the website. After downloading the anit-virus the phisher ask you to turn off smartscreen where you are to log back into steam, Thats when the key logger you downloaded in the anti-virus activates and steals you account. I know there have been discussions about phishing recently, this isnt so much a disscussion but more a warning to everyone.  The phishers goals havent really been identified but from my understanding he is targeting the sG community for access to the servers and the money in skins and knives.

 

 

 

 

                                                   -RootyCat

[Destin 1958]

I doubt he is targeting sG members. He got sweetrock and was just using her friends list

[Paul_Waffle 579]

they target everyone on the friends list of accounts they steal normally not just people in sG

[JFK 546]

Yeah, definitely not my brightest moment and I'm still feeling pretty down because of it. Thankfully, I wasn't stupid enough to not immediately realize that I was keylogged when that .exe opened up no visible program and certain keys were disabled for the Steam password input box. Of course, I'll admit I'm still pretty dumb for even falling for it, but I'll just say in my crumbling defense that this Russian phisher really didn't type that much differently than Sweetrock as far as I could tell.

 

All bad half jokes aside and after realizing what had happened, I had immediately shut down Windows and used a Live Linux USB to change my steam and E-Mail passwords before he could do any too much serious damage. Besides my Steam password which I immediately changed and a couple of nasty comments in Google's search bar, his keylogger recorded nothing but useless keystrokes.

 

Funnily enough, I had decided the night before that today was the day I was finally going to install Windows 10 and I backed up most of my files in advance for this so I couldn't have been phished on a better day. And yes, it was a full installation that completely wipes the drive rather than an upgrade installation if you're worried about me being stupid again.

 

As far damages go, I'm fairly sure he only harassed Piero, Sean, Pike and someone named "Derp". with my account. Of course the first 3 weren't fooled since they all know how I type and one of them told the phisher to fuck off. As for Derp though, I'm pretty damn sure he was phished through my account. I don't really know him all that well besides the fact he plays JB. But what I do know is that at the end of the Russian JFK's conversation with Derp, the fake was trying to explain to him how to disable smartscreen. Which is a feature in IE that detects phishing websites... Unfortunately, I'm pretty sure he was also conned since not only did I not get a reply back from him after messaging to him that any earlier messages from me that day weren't from me, he was removed from my friend's list.

 

Since the most expensive skin on my account is $0.75, that the phisher was extremely quick to go after the people I just mentioned, and these people "coincidentally" have some fairly expensive inventories, I'm almost certain that he was monitoring the inventories of the people on my friend's list for quite some time before phishing me and wanted to use me as a network for phishing more people with decent inventories. There's no other reason why they would go after someone with close to literal shit for an inventory.

 

Ultimately, besides now having a reputation as a moron who idiotically fell for a phishing scam, there were no lasting consequences on my end. The keylogger was of course completely erased with the full Windows 10 installation and the Russian phisher never gained lasting access to any accounts I own because I changed the passwords through a Linux OS that obviously wasn't infected. And yes, I know he's Russian because a half hour after my account was hijacked, I had gotten a steam verification e-mail for something in Russian. I don't know for what exactly since I immediately deleted it upon first sight.

 

TLDR: Everything is back to normal on my end and I'll no longer offer anymore free AWP | Asiimovs. Derp, I'm truly sorry that you may have been phished because of my carelessness.

1916

2018

[Sean 3760]

Just for people to understand before you read JFKs wall of text... It's not a keylogger. It recovers your steam information instantly and steals your account. Keyloggers need to be installed into the backdoor and patiently wait until the information is inputted. All you had to do is do a windows system restore to an earlier date to remove the file and just focus on getting your steam account back

Sent from my SM-G920W8 using Tapatalk

[JFK 546]

Just for people to understand before you read JFKs wall of text... It's not a keylogged. It recovers your steam information instantly and steals your account. Keyloggers need to be installed into the backdoor and patiently wait until the information is inputted. All you had to do is do a windows system restore to an earlier date to remove the file and just focus on getting your steam account back Sent from my SM-G920W8 using Tapatalk

 

You know for a fact it's not a keylogger? I should have mentioned this in the wall, but the program crashes CSGO and automatically logs you out from Steam. All to bait you into typing your Steam password in Steam. They wouldn't have to wait very patiently either, since the phisher has you under the impression that you need to get into a server.

 

I'm sure a simple system restore probably would have worked but like I said, I planned on a new installation of Windows 10 anyways.

[Sean 3760]

Its most likely a rat and nothing more. Did you end up trying to re-login after downloading the file?

Me and a few other people deduced that it's most likely the .scr file that's executed and steals your login details.

It's not the file that crashed your CSGO, it was a bot kicking you out of your account, which causes csgo to crash.

[JFK 546]

It was the first thing I tried, but I was blocked from entering the last character of my password so I was locked out up until I reset it.

[centran 4457]

FYI there are several phishing scams over the years. This latest one involves logging into a team speak server. After doing so it requests to install an update which is a Trojan. Not sure what it does but it is probably a keylogger.

Team speak will only ask you to update at first launch! Never when you join a server.

Sent from my LGLS991 using Tapatalk

[sweetrock 420]

Im never going to get a aswer from steam support, he already sold my p90s! I dont think i can do this shit anymore! I am depressed I just want penny lane back!

[Dakka 854]

I'm all too familiar with phishers, once one of your friends gets hit, a few more are guaranteed after that. Damn shame that all their good stuff gets stolen or sold off before they get their account back.

[Swed 2651]

Im never going to get a aswer from steam support, he already sold my p90s! I dont think i can do this shit anymore! I am depressed I just want penny lane back!

Did you turn off e-mail verification for trades?

[Poseidon 269]

Did you turn off e-mail verification for trades?

I mean if he has the account he can change that email to another 

[shikaku 706]

i was so close to joining sweetrock, i think the only reason i didn't was i was playing league. I should've known it wasn't her by the person typing in great grammar.