Jump to content

Archived

This topic is now archived and is closed to further replies.

centran

**WARNING*** Phishing through Steam

By centran, in News Archive

Recommended Posts

centran    4457

centran
Posted

Phishing attacks have always been a problem with any electronic communication and more relevant to this community through Steam. As of late a couple sG community members have had their accounts compromised. These attackers then use the accounts they gain access to to pose as the person and try to scam that accounts friends list. Since sG community members and their friends have fallen victim we are seeing more and more attacks against our members. Staff would like to take a moment to remind you of best practices.

 

Steam Messages

 

Be careful while interacting with anything that takes you out of the steam message and/or steam client. Even if the request is coming from a close friend their account could have been compromised. You should always try to verify who you are chatting with is who you think if you feel suspicious. Here are some common ways they try to gain access to your account.

  • Try to get you to visit a website that looks similar to steam and have you input your username/password. 
  • Get you to install software
  • Connect manually to a game server and/or third party client such as Team Speak
  • Let them access your computer through a product like Team Viewer or Log Me In

Be careful when clicking links as sometimes they could look like a familiar site but slightly misspelled. You should never install anything someone tells you to for any reason. One scam is to claim you need an anti-cheat to join their server or they want to give you admin on the server and you need a program. Do not play on servers that claim you need third-party software. If you are given a direct IP to connect to a server then be very suspicious. You should be able to find the server in the global server list or they should be able to send you an invite to join through steam. Lastly, never give access to your computer for any reason.

 

Safe interactions

 

Trade requests done through Steam are safe. Do not click links to outside and do not let them trick you that you must do the trade through the website since they are having problems. Trade requests have a distinctive look and are not links to websites. 

Server invites. An invite to join a server through steam should be safe. Never manually enter IP in the console of the game.

 

Known attacks

  • Asking for username and password. No one not even a steam rep should ask you for this information
  • Link to familiar looking website that asks you to login. The site is probably a look-a-like that will steal your information
  • Link to malware website. Browsers have gotten a lot better over the years but you can still get infected by visiting some sites
  • Connecting to Team Speak server. Upon connect you will be asked to download an update. Team Speak will only ever check for updates when first opening and never when connecting to a server.
  • Installing anti-cheat. If you are asked to install a program before you can join a server then you are most liking going to infect your computer.
  • Asking to connect to game server by IP address through the game console. It is possible there still could be or in the future be an exploit where a modified server can run unverified files/code on your client and infect your computer. It is less likely that such a modified server would be allowed to join the global server list. Always verify the server is in the global list by searching for it in the list but as always if you are suspicious just don't join at all.
  • Installing admin program. Sometimes they need to entice victims by offering something such as free admin. You do not need a program for this and they are trying to gain access to your computer.
  • Offering to help you by connecting to you with Team Viewer or other product such as Log Me In.

Ways to protect yourself

  • Do not visit strange sites
  • Have a separate password for your steam account then your email. If they can gain access to your email it helps them to social engineer Steam into giving them access to your account. Use password safes such as KeePass to store unique passwords for all your different logins you use to all sites/services
  • Enable Steam Guard!!!!
  • Enter your phone number in your Steam account settings

Actions to take if your account/computer is compromised

  • Contact steam to let them know what happened
  • Do not log into any accounts such as website/email/banking
  • Run a full virus scan on your computer
  • Run a full Malwarebytes scan on your computer
  • Run ComboFix on your computer
  • Run HijackThis on your computer and post the results to the BleepingComputer forums

Links

 

Online Virus Scanner - http://housecall.trendmicro.com/

Malwarebytes - https://www.malwarebytes.org/

Combo Fix - http://www.bleepingcomputer.com/download/combofix/

HijackThis - http://www.bleepingcomputer.com/download/hijackthis/

Forums to Help clean your computer - http://www.bleepingcomputer.com/forums/f/79/security/

 

sG policy for compromised accounts

 

If we discover someone on our servers has been compromised staff will remove any privileged access to that account such as admin. We will also ban that steamID from our servers until we verify the correct person has re-taken control of their account.

Share this post

Link to post
Share on other sites

Ryziou    538

Ryziou
Posted

Let's not forget common sense, it's a very good anti-virus and even though it's a given, it's still a big thing that people like to not listen to *cough*

Share this post

Link to post
Share on other sites

Dakka    854

Dakka
Posted

Keep getting friend invites from people in my Steam groups that turned out to be phishers, should I just start leaving groups or just endure the barrage of invites?

Share this post

Link to post
Share on other sites

Reaper0470    1123

Reaper0470
Posted

Keep getting friend invites from people in my Steam groups that turned out to be phishers, should I just start leaving groups or just endure the barrage of invites?

That's up to you. It's no surprise steam groups would be a playground for phishers. Lots of people to try.

 

 

 

 

 

Actions to take if your account/computer is compromised

  • Contact steam to let them know what happened
  • Do not log into any accounts such as website/email/banking
  • Run a full virus scan on your computer
  • Run a full Malwarebytes scan on your computer
  • Run ComboFix on your computer
  • Run HijackThis on your computer and post the results to the BleepingComputer forums

Links

 

Online Virus Scanner - http://housecall.trendmicro.com/

Malwarebytes - https://www.malwarebytes.org/

Combo Fix - http://www.bleepingcomputer.com/download/combofix/

HijackThis - http://www.bleepingcomputer.com/download/hijackthis/

Forums to Help clean your computer - http://www.bleepingcomputer.com/forums/f/79/security/

 

 

 

As for anti-virus removals, ADWCleaner, TDSSKiller, Junkware Removal Tool, HitmanPro (30 day trial, basically good for one use) are others that are good to use and if anyone is uncomfortable running certain tools can just message me or I'm sure any staff member who knows what they are doing. 

 

In the end it is really up to educating users to not fall for these scams and I believe this post does just that. Hopefully most of our visitors read this and actually take it to heart. Of course everyone can make a mistake. 

Share this post

Link to post
Share on other sites
Go To Topic Listing
×
×
  • Create New...