Scams that run the gamut; what are they for?

[SnapSlav]

So, I'm (right NOW) a pretty prolific Steam Item Trader, though my productivity has both waxed and waned. Before that I enjoyed in-game marketplaces in various MMOs. I traded in Diablo II and even contemplated being an item farmer, trading items for cash, until I realized there was no way I could compete with botters. I've played many different games, and I've watched each game fall under attack from scammers. People acting on their own, or entire waves of programming that targets untold numbers of players. I usually can make sense out of it: Trick user into giving up log-in info, steal user's account, take digital valuables, liquidate, abandon stolen account, repeat en mass. I've personally fallen victim to an appallingly simplistic scam, myself, in my Diablo II days, though I picked myself back up, made a new account, and recovered. I've had an account hacked and pillaged. I've fallen for TWO different steam trading scams. Each time I fall for a scam, I learn and move on.

But unlike those other games, Steam is an entire gaming platform. Like that month-long PlayStation Network blackout back in 2011, when an entire platform is targeted, the repercussions have the potential to be pretty severe. When you're scammed in Diablo II, you lose your D2 account, with the possibility of compromising your other Bnet accounts, but you don't necessarily lose them. If you get your STEAM account taken, there goes your entire Steam Library, and all that time and money you've invested in it!

I'd grown wise to the scams in my years of Steam Item Trading, so when I started seeing phishing scams, I knew better than to click them. I'd read enough about them (without clicking them, myself) to know that they'd send me to a copycat page masquerading as a Steam log-in, prompting me to sign in, where they'd steal my information and take my account from me. Well, it's more complicated than that, but the phishing spamming was so prolific, I realized that countless thousands of unwitting, newbie traders had fallen victim to these scams and had their Steam accounts stolen from them. I felt bad for them, because they'd just gotten started. They didn't have the experience of being fucked over by lower-level scams like I had to know better than to fall for these more dangerous scams. Sure, you want to say "Well if you fall for it, your fault!" But they were just getting started! They didn't know better. =(

But yesterday I encountered something new...

A Steam Friend sent me a message I immediately recognized to be suspicious (I won't post it, including the link, for obvious reasons) that went along the lines of, "Hi let's trade this: suspiciousimageurl" It made me think, "Damn, this friend got phished and his account was stolen. That sucks. =(" so I took the time to post a warning on his profile to all his friends that he'd been phished and to not click that link, and also potentially to him if he should track down his stolen account and see my message, that I'd still be here, should be ever get his account back. But..... his account was never stolen! He messaged me and realized something had happened, asking me for my advice. I gave him the simple suggestions: change passwords, possibly change account email, run antivirus. All the while asking him what happened, exactly.

A friend of HIS with whom he was used to sharing links with had sent him that same message, and he clicked the link. Apparently that was when his profile sent that same message to all his Steam Friends, and presumably the process would repeat itself for every friend-of-a-friend-of-a-friend-and-so-on who clicked the link, spreading the message. But the link just sent a script that would generate more of the message. It got me thinking, what's the point of this? When, after a few hours of scanning his system and checking for any cracks in his security, he felt like he was pretty safe, it seemed like nothing had been done which would actually take ANYTHING. So why was this thing being done? I couldn't make sense of it, but I knew it was SOME kind of scam. Very puzzling.

So, if anyone knows, feel free to share. Fall for any scams in recent history OR well into the past? Share that too! There's all kinds of different scams, be they those oooooooooooooooooold "enlarge your penis" spam ads at the onset of the internet's rise in the mid 90s, or the latest attempts to steal entire Steam profiles! What's your story- or your knowledge on the subject?

 

[1fps-warlock]

There's various exploit kits being sold that target systemadmins.
Even they get pwned sometimes by 0-day, and these people run read-only systems.

Your average user has no chance to detect a backdoor until it's too late.
Having a closed source gaming platform on top of closed source operating system only makes things worse.
Since they're both closed, only the source owner knows about the holes and they leak that stuff regulary.
Even symantec admitted that AV can't protect the user, search for their corporate blog and you'll learn.

There's some advice I could give you, but it's mostly up to you. (and also your wallet)

A Steam Friend sent me a message

Choose your friends very carefully. Exploit normally requires user input.
So if they click steamcommmunity.com or similar variation without reading, it's their own fault.
IT support actually counts on user being dumb, so they can charge him extra for 'security' which consists of firewall rules.

They didn't know better.

And who's to blame for that? The education system and government share the blame, imo.

I couldn't make sense of it, but I knew it was SOME kind of scam. Very puzzling.

It's the software holes that authorities hide from users, and they do it with a specific agenda.
They sometimes intentionally weaken password encryption so that the agencies have less trouble decrypting it.
Sadly, this also saves a lot of time for malware developers, because they don't have to worry about complicated algorithms.

You've got options, one being a (paid) corporate firewall and other a static system that runs from memory and uses external storage.
Note that you might need to compile that mofo from source and keep it up to date, unless you want to end up with 'heartbleed' and the like.
Also note that whitelist is always better than a blacklist.

 

[Crni Vuk]

don't click on links. Don't open emails. By people you dont trust 100%.

Or. Dont have friends.

Both worked for me and I am virus free since, no clue :p

 

[SnapSlav]

There's some advice I could give you, but it's mostly up to you. (and also your wallet)

I think you're missing the point. I'm perfectly safe (at the moment). The scams I've fallen for were simple. Bait-and-switch types of things. In the one instance where my account got hacked, there was LITERALLY nothing I could do, because it was for a game/site/company that had really notoriously shoddy security, and the hackers were being very systematic; they could take your account at any time, but they left you alone until you didn't log-in for at least 2 weeks, at which point they'd raid you for very specific items of interest. When I returned from a 2-month hiatus, I still had my account, and records of transactions that I didn't make, and I had almost everything intact, but particular KEY items had been taken. These were very nitpicky hackers. XD Anyway, point being, I don't fall for phishing scams and backdoors and keyloggers. Hasn't happened yet, and the closest I've come was through porn... but what else is new?

A Steam Friend sent me a message

Choose your friends very carefully. Exploit normally requires user input.

Not in this case. The point of that example is that it WASN'T normal. It was very unusual. ALL that Steam Friend did was click the link. Nothing else. He didn't fall for a fake log-in page, he didn't do anything AFTER the link, he just clicked it. Upon clicking it was when his account messaged EVERY Steam Friend that exact same message with that same link. It's very unusual, in my experience.

Also, I pick my friends VERY carefully. This is the first time I've been sent a suspicious link by a friend. In over 2 years of Steam Item Trading, hundreds of friends added, and thousands of transactions, that says a lot. Besides, he didn't get compromised, he just clicked that link, and that in turn made more link messages. His account remained untouched, ESPECIALLY after spending a couple hours cleaning his system just to be on the safe side.

Also also:

So if they click steamcommmunity.com or similar variation without reading, it's their own fault.

I see that link (and variations of it: RNM, MNN, RRM, .CORN, etc) all the time. Like I said, "it's their own fault" is a really easy conclusion to arrive at. But you also have to realize that the vast majority of people who DO fall for it are just starting out. They aren't seasoned enough to realize they need to be THAT careful. But that's besides the point, this was NOT a "steamcommunity" fake. This was a link claiming to be an image. A "tinyurl" fake. imgurl or something like that. As the message indicated, it was trying to tell them "let's trade this [link to image of item in question]", which looks really simple. The reason I know it's suspicious is because it's a site I'm not familiar with, and it's unnecessary to make screenshots of Steam Items you want to do business with, because Steam has a built-in service to do exactly that. So, either I'm dealing with novice traders, which I don't want to waste my time with, or I'm dealing with a scam attempt, which naturally I don't wanna check out. Either way, I'M perfectly safe, cause I'm cautious. But I see all these profiles that ARE compromised, and it's disheartening.

What I don't understand is WHAT was that particular fakeimageurl scam supposed to accomplish? Was it like that hack 3 years ago that "waited" for users to be away just to make a point and demonstrate user susceptibility? Was is like that anon attack on PSN in 2011 just to make a statement? Or was it a more insidious, somehow-more-complicated method of backdooring that didn't require ANY input on the user's end besides clicking of said link?

If you guys seem to be confusing this topic with "Oh no, hackers! I'm scared, any suggestions?" you're not understanding this topic at all. XD It's a space to share tales about "scams that run the gamut", hence the title. IF you know a thing or two about them, that's fine. But this isn't meant for troubleshooting or begging for help. I don't need it. =P

 

[Emperor]

New scam in town huh?

I'm also a trader, specially in Team Fortress 2, although you could call me a novice at it I have some years under my belt of online gaming trading so I know when the deal is good or not... sometimes... but I know better to not click nothing that I don't trust 110%. I'm cautions specially with my Steam account, because of my games and the amount of time and money spent on it.
Lately I have been noticing that the amount of phishing bots and scam are increasing in the Steam community but this method is new to me, probably is just a prank ( likely not) or something bigger, time probably will tell.

Since we are in the topic of scam and cia, I must tell something that happened with me, in my youth in online gaming. I was playing Tibia ( the game, not the bone) and a guy wanted to show me his new items that he recently had bought, instead of showing trough the ''trade button'' or over the box in the Deposit ( public place where you store your items) he led me to a NPC's house near the city's wall, I had no malice in that age so I followed. Reaching there he showed his items, good items and I was in awe with, he told me ' If you show me your best item, I may give one of mine since you are a nice guy' I took the bait and showed my best item, my sword which had a value of 2500 gold ( Spend most of my savings on it). When I showed to him, he chanted a fire spell on it ( which created a bonfire on top of it, so the weapons couldn't be reached) and bumped me to the next room and blocked the door. Last thing I saw was he destroying the spell and fleeing with my sword. Took some time to found him and begged him to give me back my sword. In the end I did manage to get my sword but it costed the rest of my savings.

Since that day I try to help novices in trading to not fall in the same traps that I did, I tell them to always check the URL, is really your friend talking with you and etc. Most of the time they listen but when a scammer make an offer you can refuse they fall for it. Basically, is greed that makes novices fall into these traps, no matter how much you warn them.

I know how it feels trying to compete with botters, they were and are the main problem in Tibia in the past few years. I don't play it anymore ( although I want but not alone) but I always hear that they are getting out of control and the ''ban waves'' from the admins ( which are counted 1000+) are not enough. Huh, I even heard the was an Inquisition of sort on the hunt for botters because ''Bot bom é bot morto'' ( Good bot is dead bot)

 

[naossano]

Call me an idiot, but i never heard about phishing or scam on Steam.
How can that thing happen ? How to avoid this ?

 

[SnapSlav]

Call me an idiot, but i never heard about phishing or scam on Steam.
How can that thing happen ? How to avoid this ?

Since I've never fallen victim to phishing on Steam, I can't tell you exactly how it works. Only how I believe it works...

One variety of scam I'm aware of of involves the scambot getting a hold of your Steam ID through some means (usually through a website you frequent that uses "sign in through Steam") and from there they will either send you a message on an associated website to your profile, or add you to Steam, directly. Either way, the scambot's goal is to send you a message, and if it doesn't have to send you a friend invite on Steam and if it can just send you a message on a website, then that skips a step. It'll send you a message with a link, masked as an attempt at business, like "Hi, can we trade? [insert shady URL]" and when you click it, you'll be send to a dummy page ran by the originators of the scambot, but made to look like either Steam, telling you that you need to sign in. Because you can be signed into Steam on your PC, but head over to a Steam page on your web browser, and Steam won't recognize that you're signed in already so you need to sign in on your browser, many users will fall for this trick, because it's just replicating something Steam already does. Once you "log in" into the dummy page, they have your info and they can steal your account.

Sometimes the message that scambots run will stay the same for MONTHS, so an easy way to spot a scam/phishing attempt is if you see the EXACT same message, word for word, being sent to you across many different users. One message that I saw for many months was something along the lines of (complete with poor English), "Hi, my friend wanna add you but steam dont let him. Can you add him? [insert phony steam id phishing link]"

Where it gets fuzzy for me is how they get the account despite the fact that ANYTIME you try to sign into your Steam profile through "a new device" it will send you an email which you must open and read/copy a code and input that code in the "new device" accessing the profile, and that's not something they can do through these methods.

Another method I've HEARD of uses much of the same steps explained above, but when they take you to the fake Steam page, it will contain a message telling the soon-to-be-scammed user to "update their Steam account", and that part of the process involves downloading a simple file. Not only will they submit their Stem login data to the scambot, but the file they download, which they're told is an update for Steam, will send the scambot specific files from your system which it can use to "be identified" by Steam as your system! That way, they circumvent the entire process of Steam "detecting a new device" and you getting an email, because once they use your data to sign into your account, the files sent to them from that file you downloaded will make their system recognized as yours!

Other versions request that they re-input their email info as well. There's lots of ways that these scams take shape to try and trick users into giving up their login data. The actual phishing methods, however, I really don't know much about (like the "click a link and your profile will automatically generate messages to every friend more links" method explained in my opening post) because I've never fallen victim to them, or so much as clicked those phony links, so I don't even know what's on the other end of the link, much less how clicking it compromises my system/profiles.

Avoiding these is really, really easy: use common sense. That's why so many people fall prey to scams and phishing links, because they're rushing or they just don't stop to think about what they're doing. As mentioned "elsewhere", common sense is just not common at all. So something as simple as "I don't know what that link leads to, therefore I'm not clicking it" somehow eludes many many people. If all you do is act cautiously, and avoid most links, you should have no trouble preventing yourself from getting scammed/phished.

Another tip I can offer is, if there are any websites that involve Steam logins which you use, and you KNOW they're safe, anytime you're sent to a "sign in through Steam" page, sign in through THAT website that you know. If you refresh the page where you were sent to sign in again and you're signed in, then it's officially Steam. If it still asks you to sign in, close the window/tab and never visit it again.

 

[1fps-warlock]

ALL that Steam Friend did was click the link. Nothing else. He didn't fall for a fake log-in page, he didn't do anything AFTER the link, he just clicked it. Upon clicking it was when his account messaged EVERY Steam Friend that exact same message with that same link. It's very unusual, in my experience.

A click is considered user input. If that leads to malicious site, it is user error.
From what I can tell, it's not a fake login page, but a script that automatically executes steam:// url.
So if you have steam running and hit one of those sites, your system will redirect the request to steam client.
And then the client will do "what it's told" and spam all your friends with the same url.

This was a link claiming to be an image. A "tinyurl" fake. imgurl or something like that.

They're called url shorteners, banned on most respectful sites. They can lead anywhere, you never know.
Firewall whitelist helps here, because it doesn't allow access to any site that isn't listed.
Could also look into No-Script which blocks all sites by default, and adblock plus malware list.

 

[SnapSlav]

From what I can tell, it's not a fake login page, but a script that automatically executes steam:// url.
So if you have steam running and hit one of those sites, your system will redirect the request to steam client.
And then the client will do "what it's told" and spam all your friends with the same url.

That's what I said I assumed it was doing.

This was a link claiming to be an image. A "tinyurl" fake. imgurl or something like that.

They're called url shorteners, banned on most respectful sites. They can lead anywhere, you never know.

I was using them as an example. It was some "generic sounding" URL that seemed like an image hosting site, but it wasn't one I recognized. It wasn't tinyurl, though I never click those unless it's from a friend who's having a conversation with me about it at the time we're speaking. Example: "That was pretty funny. Oh, checkout this screenshot when you get the chance. Look at what dropped! tinurlblahblahblah" But, unlike my Steam acquaintance who clicked that link, if a link is the FIRST thing said to me in a message without any sort of primer, I'll wait for conversation to ensue, and answers for some questions (primer, if you will) before I venture into that link.

Again, this is all common sense, and I've got no shortage of it. But most people just seem to lack any whatsoever...

 

[BigBoss]

I remember in the early D2 days there was a hack that, under specific settings, you could trigger someone who was in game with you to drop all their items and then boot them from D2, forcing them to reset the game after they just dropped all their items and logged out. People were pretty scared of it for awhile, but Blizzard jumped on it pretty quick.

I used to use name spoofer in Warcraft 3, but that was just to screw around.

 

[SnapSlav]

Ah, spoof check. Those were the days.

Never encountered that D2 bug, though. Can't imagine I WOULD have, even when it was going around, cause my friend and I always ran our own exclusive lobbies. We rarely had any business with random folks, and we'd always kick suspicious users almost immediately (not because "we're afraid they might do something" but because, if we NEED more people than just the couple of us, we're not gonna have assholes waste a perfectly good spot). I can imagine it would impact players who just went into public lobbies all day every day, I'm sure, but I stopped doing that when I discovered efficiency. XD

 

[BigBoss]

D2's player base sadly isn't big enough for that any more. Even public lobbies aren't that populated unless it's bot runs. That game's online community has been ruined, just like WC3.