Page 1 of 2

Beware!

Posted: 31 Mar 2009, 13:53
by goat
I know you're all probably smarter than me and won't fall for this, but, considering the details, I figured I should throw something up here.

About an hour ago, I received a message from someone in the LRR Steam community group. The messager said something along the lines of "Hey, just found this great offer, steam is actually giving away games for free, go to this link X".

So, I thought, "Well, I might as well at least check it out. Valve has done some cool things before, I would be remiss if I didn't at least look".

Clicking the link (which looked pretty much legit, it appeared to be a Steam domain), brought me to a very official looking site where, again the offer was mentioned on the page. It required me to login to see more of the details, so I entered my information.

And then, nothing. The page refreshed. Thinking something weird had happened, I tried again. This time it did actually bring me to the steam community page, but there was no information about the offer anywhere. Unbeknownst to me, some clever little douche-nugget set up a proxy with an almost exact copy of the Steam login splash page, with legit links to other areas of the Steam website and everything. Unfortunately, somewhere in the works there is a command line that dumps out whatever you enter into the login fields.

Then I got a dialog that said my account had been logged into elsewhere. Before I could change my password, I had been locked out. The account of the person who sent me the link appears to no longer be in the LRR group, or even exist under the same name.

I've filed a Steam support ticket for a hijacked account. I'm still waiting for a reply. I've also tracked down the proxy website that hijacked my info and reported it under a violation of ToS to the hosting company. I'm still waiting for a reply there too.

Updates as they happen. More at 11.

Re: Beware!

Posted: 31 Mar 2009, 13:57
by the amativeness
goat wrote:More at 11.


Well really that's it. But there'll be other stuff. Here I'll turn the thermostat down. See Diane's nipples at 11.

Also: this has happened before. NEVER pass your information along to a website unless the URL matches the home page PERFECTLY. No extra bits before the .com.

Re: Beware!

Posted: 31 Mar 2009, 14:10
by Bob The Magic Camel
the amativeness wrote:Also: this has happened before. NEVER pass your information along to a website unless the URL matches the home page PERFECTLY. No extra bits before the .com.


This.

Chrome highlights the domain part of a URL, there's a FF extension which does it too. It's very useful, and I advise using it.

Re: Beware!

Posted: 31 Mar 2009, 14:12
by goat
the amativeness wrote:Also: this has happened before. NEVER pass your information along to a website unless the URL matches the home page PERFECTLY. No extra bits before the .com.


Actually, it matched it exactly. The difference ended up being in the tags. It was a .us.tf. Something I had noticed, but assumed it was part of looking at steam in firefox (something I typically don't do).

Posted: 31 Mar 2009, 14:20
by Lyinginbedmon
Yeah, I got that message. Fortunately I'm one of the more cynical people that gets this stuff I guess.

A girl? On the Internet? Yeah right!

Posted: 31 Mar 2009, 14:52
by Cureless_Poison
Lyinginbedmon wrote:Fortunately I'm one of the more cynical people that gets this stuff I guess.


As am I.

Posted: 31 Mar 2009, 15:50
by whyarecarrots
One thing that should always be remembered that Valve post up all over the place on their site:

'Valve or Valve employees will never ask you for your Steam details'

I realise this is too late for you Goat, and I seriously hope you get your account back ASAP, but it's always a good thing for anyone to know for the future.

As I said: best of luck getting the account back: these account stealers are scumbags, and deserve anything they get.

Posted: 31 Mar 2009, 17:30
by goat
whyarecarrots wrote:One thing that should always be remembered that Valve post up all over the place on their site:

'Valve or Valve employees will never ask you for your Steam details'


They never asked for my details. It was a normal looking login page.

https://steamcommunity.com/

The only differences being that the message about the steam community was changed and that the address was different. I would link to the phony page itself, but that defeats the purpose, no?

It was convincing enough to fool me, so I warn you.

Re: Beware!

Posted: 01 Apr 2009, 06:26
by Bob The Magic Camel
goat wrote:
the amativeness wrote:Also: this has happened before. NEVER pass your information along to a website unless the URL matches the home page PERFECTLY. No extra bits before the .com.


Actually, it matched it exactly. The difference ended up being in the tags. It was a .us.tf. Something I had noticed, but assumed it was part of looking at steam in firefox (something I typically don't do).


I don't mean to kick you while you're down or anything, but then it didn't match it exactly did it? Another thing to note is HTTPS certificates. All compaines worth their salt will get theirs signed by an outside agency to confirm it is them.

/Always/ type in the domains yourself rather than clicking on links. Check the address when you're there to make sure your browser hasn't been hijacked, finally check the HTTPS certifcate. This may seem a little extreme, but most people have a lot of money tied up in their steam accounts.

Posted: 01 Apr 2009, 06:26
by InsaneFool
I got the same request...I had heard about this happening earlier when Far Cry 2 first came out, so I immediately blocked the person and closed the chat window.

Posted: 01 Apr 2009, 13:43
by iEatNinjaZ
You mean this?
Image
I hate it when i get messages like this.

Posted: 01 Apr 2009, 13:45
by Matt
iEatNinjaZ wrote:You mean this?
Image
I hate it when i get messages like this.


how can you possibly use that background image? it's SOOOOOO busy! Augh my wyws would be swimming constantly.

-m

Posted: 01 Apr 2009, 14:36
by iEatNinjaZ
Matt wrote:
how can you possibly use that background image? it's SOOOOOO busy! Augh my wyws would be swimming constantly.

-m


I rarely see the desktop anyways. doesn't matter to me.

Posted: 01 Apr 2009, 14:47
by goat
Yep, that'd be the one.

Now tell me that link doesn't look convincing for someone who doesn't typically browse steam in FF.

Posted: 01 Apr 2009, 14:48
by InsaneFool
It is pretty convincing, but the key with using the internet is to remain skeptical of everything and everyone.

Posted: 02 Apr 2009, 04:47
by goat
So.... 36 hours later, still no reply from Steam.

Anyone have any experience with how long Steam help takes to get back to people?

Posted: 02 Apr 2009, 07:05
by Terin
I got my account back within 30 hours a little before the Pyro update back then. It was due to a similar website, but it was from someone on my friend's list, so I was caught unawares. I had a moderator from Steam hurry the request along, so you'll probably have to wait a little longer.

Posted: 02 Apr 2009, 09:52
by Citin
Easy way to spot a lot of these things whether they happen in Steam or MSN or whatever.

1) Whenever someone sends you a message and then immediately logs out be suspicious

2) If it sounds to good to be true it is. If you really want to believe it's true try doing a quick google search first, you had better believe there'd be some serious blogging going on if Steam was offering free games.

Posted: 03 Apr 2009, 11:27
by goat
Aaaaand it's all better, thanks to the fine folks at Valve. I've got my games back, and I wasn't banned in any of them (near as I can tell), so all is well!

Posted: 03 Apr 2009, 11:57
by iEatNinjaZ
Im glad you got your account back!

Posted: 05 Apr 2009, 20:47
by the amativeness
Side note:

Earlier, when I said "before the .com" I meant before as in top-level routing:

com
is before
loadingreadyrun
is before
www

So, if you're viewing this page in ANY browser, and it's saying www .loading readyrun.com.tk, then DON'T USE THE PAGE.

</stupid example>

Edited for URL removal

Posted: 05 Apr 2009, 22:00
by Sieg Reyu
Back in ye old days when I surfed the Gaia Onlines, I received a message from some random naked man. He sent me a link to "An online game he was working on and needed some people to try it out." It consisted of a mainly blank page, with a lot of links to creating accounts, but none to login, and a few flimsy urls that lead to sites that were clearly not in the same domain, or even related in the slightest. The create account page was barren with the exception of a field for e-mail, password, and username. Thats it. I put in straight gibberish into all fields, and it led to a blank page.

Worst. Scam. Ever

Posted: 05 Apr 2009, 23:24
by wedrinkritalin
goat wrote:So.... 36 hours later, still no reply from Steam.

Anyone have any experience with how long Steam help takes to get back to people?


I didn't fall for websites infact I basically invited the hacker in for coffee and a footrub as they fooled me into believing they were a steam admin. Got mine back after two weeks, I had to send valve a picture of me with my copy of half life 2

Posted: 07 Apr 2009, 14:01
by Fraszoid
I haven't encountered that one yet, but the people that message me as Steam Admins are amusing. I just keep sending them completely different login details when they ask for them until they give up. Most get the hint after 15 minutes, 1 guy went on for 2 hours trying all the fake logins I could come up with. Glad you got you account back.

Posted: 07 Apr 2009, 16:09
by InsaneFool
I just got one that seemed suspicious through MSN...I got a message from the "Windows LIVE Team" with an e-mail of "[email protected]" saying that I had to click a link and change my e-mail address, or else I'd be locked out of MSN.

I didn't think to grab a pic