Jump to content

[COMMUNITY PSA] Phishing Attempts


Coke
 Share

Recommended Posts

Recently, it was brought to my attention that a malicious link was being shared around the community. Though the distributors may not have known, the link is an attempt to retrieve and compromise steam account information.

Obviously, I will not be sharing the link here, but I advise all members of the community to be cautious when clicking on unknown links. Furthermore, any third party website (even if it has "steam" in the link) that offers free skins, steam wallet and/or games should not be trusted.

We hope that everyone in the community stays well protected from any phishing attempt. If you believe your account has been compromised, please change your password immediately. Also, if you want an extra level of protection, I encourage mobile guard for maximum security.

Thank you for reading, and I wish you all an excellent evening.

Regards,

Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke

[C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke

EDIT: IF you have any tips or details you would like to share about possible scams, please do so. Safety is a community effort!

EDIT 2: Needless to say, if you are involved with spreading these links, please stop. It is a SCAM, and if you continue to do so you will be punished

  • Agree 3
Link to comment
Share on other sites

Keep in mind: There will NEVER been an official Steam promotion that is advertised anywhere EXCEPT your main Steam client. And said promotions will NEVER ask you to log in anywhere except the Steam client. If a friend sends you a link, do NOT open it. Try to inform them and tell them to change their passwords immediately.

The way these scams work is by encouraging people to spread it to their peers. So you will earn "points" for each person that logs in off your link. Don't fall for it and don't spread it.

Link to comment
Share on other sites

Quote

Thanks Coke appreciate it and whats with all the ranks?? @Coke


His new rank is Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]
Link to comment
Share on other sites

Quote

honestly kinda sad how a PSA like this needs to be made. I get the phising part, but do people really need to be told not to click on links promising free shit.


Obviously because many people got banned for promoting that link, and I heard about others getting malware/adware/spyware and their accounts taken over for a short period of time.
Link to comment
Share on other sites

Quote

Chief Information Officer Supreme Master Guardian First Class KR D1 75 LP Head GA Coke [C.I.O.S.M.G.F.C.K.D.75.L.H.G.A]Coke


I would like to see someone say this with one breath
Link to comment
Share on other sites

This was said in a staff meeting many months ago when it was an issue, but anyways @Coke is encouraging advice to be given to players on their own security, so, here's mine.

If you see a goo.gl link, or any other shortened link on the server/ts/forums, It'd most likely be in your best interest to not click it without expanding the url first (unless that link was made by an SA+, who already has your IP) The reason why is because many skids use url shorteners to hide grabify links inside them. So when you click it, the person who sent you the link now has your IP.

This was an issue on SUP before. The person who was permad for sending malicious links recently was also a victim of having their IP address made public by people doing this very thing. Our very own @Vladimir-Putin had also clicked a shortened link from a player once, and then that same player had DOSed him when Vlad tried banning him after I had told him that it was a malicious link. Funny, right?

Anyways, people do this sort of thing with url shorteners all the time. Be wary of links you don't know because people seriously do this a lot, and it's happened a lot at SUP specifically, quite a few times. Even if it's a custom domain, people can easily turn their own domains into url shorteners. Though, keep in mind people with custom domains dont even need to shorten their URLs to get your IP, just visiting their site is enough for them to get it.

My suggestion to you all is to use this website: http://urlex.org/ to expand any short URLs. If they expand to something like youtube.com, or any other site you know, the link is safe. If it expands to something like Grabify, the link is an IP logger and is not safe. all-in-all, use a VPN.

Never give anybody your private email(AKA the ones you use to make all your website/service accounts with) and if you ever do need/want to give somebody your email, make sure you give them an email that was made specifically for communicating with people, rather than one used for making accounts. As unlikely as it seems, people can use your email to track you down. It's been done at SUP before, and it can lead to them getting your address, phone number, blah blah blah, etc. etc. Also keep in mind that Facebook, by default, allows people to search you up just by entering your account email. So it'd be best to turn that off as well. People can also crossref that email with database dumps. database dumps usually hold things like your email, IP address, ZIP code, address, name, etc. Otherwise, just w/e information you used to register the account. A good way to check if your email is in any easily accessible db dump, is by typing your email into this website: https://haveibeenpwned.com/ This website also has links to database dumps and will link you to any that you are in, so that you could see exactly what kind of info is leaked on certain websites. People who have these dumps will sometimes be able to get passwords as well. Which is another reason to use a password generator and manager; so that doesn't happen to you.

Link to comment
Share on other sites

Quote

This was said in a staff meeting many months ago when it was an issue, but anyways @Coke is encouraging advice to be given to players on their own security, so, here's mine. If you see a goo.gl link, or any other shortened link on the server/ts/forums, It'd most likely be in your best interest to not click it without expanding the url first (unless that link was made by an SA+, who already has your IP) The reason why is because many skids use url shorteners to hide grabify links inside them. So when you click it, the person who sent you the link now has your IP.

This was an issue on SUP before. The person who was permad for sending malicious links recently was also a victim of having their IP address made public by people doing this very thing. Our very own @Vladimir-Putin had also clicked a shortened link from a player once, and then that same player had DOSed him when Vlad tried banning him after I had told him that it was a malicious link. Funny, right?

Anyways, people do this sort of thing with url shorteners all the time. Be wary of links you don't know because people seriously do this a lot, and it's happened a lot at SUP specifically, quite a few times. Even if it's a custom domain, people can easily turn their own domains into url shorteners. Though, keep in mind people with custom domains dont even need to shorten their URLs to get your IP, just visiting their site is enough for them to get it.

My suggestion to you all is to use this website: http://urlex.org/ to expand any short URLs. If they expand to something like youtube.com, or any other site you know, the link is safe. If it expands to something like Grabify, the link is an IP logger and is not safe. all-in-all, use a VPN.

Never give anybody your private email(AKA the ones you use to make all your website/service accounts with) and if you ever do need/want to give somebody your email, make sure you give them an email that was made specifically for communicating with people, rather than one used for making accounts. As unlikely as it seems, people can use your email to track you down. It's been done at SUP before, and it can lead to them getting your address, phone number, blah blah blah, etc. etc. Also keep in mind that Facebook, by default, allows people to search you up just by entering your account email. So it'd be best to turn that off as well. People can also crossref that email with database dumps. database dumps usually hold things like your email, IP address, ZIP code, address, name, etc. Otherwise, just w/e information you used to register the account. A good way to check if your email is in any easily accessible db dump, is by typing your email into this website: https://haveibeenpwned.com/ This website also has links to database dumps and will link you to any that you are in, so that you could see exactly what kind of info is leaked on certain websites. People who have these dumps will sometimes be able to get passwords as well. Which is another reason to use a password generator and manager; so that doesn't happen to you.


This post should be pinned. Really, really useful. Thanks!
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...