Recently, it was brought to my attention that a malicious link was being shared around the community. Though the distributors may not have known, the link is an attempt to retrieve and compromise steam account information.

Obviously, I will not be sharing the link here, but I advise all members of the community to be cautious when clicking on unknown links. Furthermore, any third party website (even if it has "steam" in the link) that offers free skins, steam wallet and/or games should not be trusted.

We hope that everyone in the community stays well protected from any phishing attempt. If you believe your account has been compromised, please change your password immediately. Also, if you want an extra level of protection, I encourage mobile guard for maximum security.

Thank you for reading, and I wish you all an excellent evening.

Regards,

Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke

[C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

EDIT: IF you have any tips or details you would like to share about possible scams, please do so. Safety is a community effort!

EDIT 2: Needless to say, if you are involved with spreading these links, please stop. It is a SCAM, and if you continue to do so you will be punished

Thanks for the PSA hEad GA C.I.O Coke

Keep in mind: There will NEVER been an official Steam promotion that is advertised anywhere EXCEPT your main Steam client. And said promotions will NEVER ask you to log in anywhere except the Steam client. If a friend sends you a link, do NOT open it. Try to inform them and tell them to change their passwords immediately.

The way these scams work is by encouraging people to spread it to their peers. So you will earn "points" for each person that logs in off your link. Don't fall for it and don't spread it.

Thanks A lot [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

thank u [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

Great reminder!

Thanks Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke

I approve of this message

C.I.O.A.E.G.A (Chief Inspection Officer and Elite Global Admin) Shuggy

Good Shit note taken <3

thanks [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

Quote

thank u [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

careful now, you may just get demoted from your rank from a whole community away

Quote

KR D1 75 LP

Shut up coke

Thanks Coke appreciate it and whats with all the ranks?? @Coke

Quote

Thanks Coke appreciate it and whats with all the ranks?? @Coke

His new rank is Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]

honestly kinda sad how a PSA like this needs to be made. I get the phising part, but do people really need to be told not to click on links promising free shit.

Quote

[C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

Thanks for the warning [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

Quote

honestly kinda sad how a PSA like this needs to be made. I get the phising part, but do people really need to be told not to click on links promising free shit.

Obviously because many people got banned for promoting that link, and I heard about others getting malware/adware/spyware and their accounts taken over for a short period of time.

Quote

Great reminder!

> Thanks Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke

Quote

His new rank is Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]

Oh snap that was pretty impressive bruhhhhhh

@Coke isn't it supposed to be

Chief Information Officer Supreme Roast Master Guardian First Class KR D1 75 LP Head GA Coke

[C.I.O.S.R.M.G.F.C.K.D.75.L.H.G.A]Coke

Quote

Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

I would like to see someone say this with one breath

Thanks for the warning and good memes

Thanks for the heads up!

Now i know!

This was said in a staff meeting many months ago when it was an issue, but anyways @Coke is encouraging advice to be given to players on their own security, so, here's mine.

If you see a goo.gl link, or any other shortened link on the server/ts/forums, It'd most likely be in your best interest to not click it without expanding the url first (unless that link was made by an SA+, who already has your IP) The reason why is because many skids use url shorteners to hide grabify links inside them. So when you click it, the person who sent you the link now has your IP.

This was an issue on SUP before. The person who was permad for sending malicious links recently was also a victim of having their IP address made public by people doing this very thing. Our very own @Vladimir-Putin had also clicked a shortened link from a player once, and then that same player had DOSed him when Vlad tried banning him after I had told him that it was a malicious link. Funny, right?

Anyways, people do this sort of thing with url shorteners all the time. Be wary of links you don't know because people seriously do this a lot, and it's happened a lot at SUP specifically, quite a few times. Even if it's a custom domain, people can easily turn their own domains into url shorteners. Though, keep in mind people with custom domains dont even need to shorten their URLs to get your IP, just visiting their site is enough for them to get it.

My suggestion to you all is to use this website: http://urlex.org/ to expand any short URLs. If they expand to something like youtube.com, or any other site you know, the link is safe. If it expands to something like Grabify, the link is an IP logger and is not safe. all-in-all, use a VPN.

Never give anybody your private email(AKA the ones you use to make all your website/service accounts with) and if you ever do need/want to give somebody your email, make sure you give them an email that was made specifically for communicating with people, rather than one used for making accounts. As unlikely as it seems, people can use your email to track you down. It's been done at SUP before, and it can lead to them getting your address, phone number, blah blah blah, etc. etc. Also keep in mind that Facebook, by default, allows people to search you up just by entering your account email. So it'd be best to turn that off as well. People can also crossref that email with database dumps. database dumps usually hold things like your email, IP address, ZIP code, address, name, etc. Otherwise, just w/e information you used to register the account. A good way to check if your email is in any easily accessible db dump, is by typing your email into this website: https://haveibeenpwned.com/ This website also has links to database dumps and will link you to any that you are in, so that you could see exactly what kind of info is leaked on certain websites. People who have these dumps will sometimes be able to get passwords as well. Which is another reason to use a password generator and manager; so that doesn't happen to you.

That all may sound a little far fetched, but all of it is from what I've seen happen at SUP before.

Quote

This was said in a staff meeting many months ago when it was an issue, but anyways @Coke is encouraging advice to be given to players on their own security, so, here's mine. If you see a goo.gl link, or any other shortened link on the server/ts/forums, It'd most likely be in your best interest to not click it without expanding the url first (unless that link was made by an SA+, who already has your IP) The reason why is because many skids use url shorteners to hide grabify links inside them. So when you click it, the person who sent you the link now has your IP.

This was an issue on SUP before. The person who was permad for sending malicious links recently was also a victim of having their IP address made public by people doing this very thing. Our very own @Vladimir-Putin had also clicked a shortened link from a player once, and then that same player had DOSed him when Vlad tried banning him after I had told him that it was a malicious link. Funny, right?

Anyways, people do this sort of thing with url shorteners all the time. Be wary of links you don't know because people seriously do this a lot, and it's happened a lot at SUP specifically, quite a few times. Even if it's a custom domain, people can easily turn their own domains into url shorteners. Though, keep in mind people with custom domains dont even need to shorten their URLs to get your IP, just visiting their site is enough for them to get it.

My suggestion to you all is to use this website: http://urlex.org/ to expand any short URLs. If they expand to something like youtube.com, or any other site you know, the link is safe. If it expands to something like Grabify, the link is an IP logger and is not safe. all-in-all, use a VPN.

Never give anybody your private email(AKA the ones you use to make all your website/service accounts with) and if you ever do need/want to give somebody your email, make sure you give them an email that was made specifically for communicating with people, rather than one used for making accounts. As unlikely as it seems, people can use your email to track you down. It's been done at SUP before, and it can lead to them getting your address, phone number, blah blah blah, etc. etc. Also keep in mind that Facebook, by default, allows people to search you up just by entering your account email. So it'd be best to turn that off as well. People can also crossref that email with database dumps. database dumps usually hold things like your email, IP address, ZIP code, address, name, etc. Otherwise, just w/e information you used to register the account. A good way to check if your email is in any easily accessible db dump, is by typing your email into this website: https://haveibeenpwned.com/ This website also has links to database dumps and will link you to any that you are in, so that you could see exactly what kind of info is leaked on certain websites. People who have these dumps will sometimes be able to get passwords as well. Which is another reason to use a password generator and manager; so that doesn't happen to you.

This post should be pinned. Really, really useful. Thanks!