First off, before I go into this article, I do want to point out that even though the title of this article I do say "Steam", this stems out over all platforms. I use Steam in the title because this article covers what just happened to me on Steam, and I knew the signs to know that this was an attempt to social engineering.
So, what is "Social Engineering"?
Social engineering is the art of manipulating people, so they give up confidential information. The information that they are trying to get varies, but mostly to get passwords, or they ask questions that you may have used for recovering lost or forgotten passwords, even bank information in some cases. Other cases is to gain access to your computer, so they can implement malware, key loggers, ect..., to get information without you really knowing it's happening.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).
Now, how did they try getting me. Well, I will show you. Here is my full conversation with this person. The name has been removed since I believe that this persons account is a stolen account, (already reported). Also, I have been in contact with Steam already and it has been confirmed that this is a social engineering attempt on me, and that my suspicion was 100% accurate.
Here, you can see the conversation that we had. I will brake it down into the sections of where I knew something was up.
The first sign that stood out to me of this being a scam was when he said my account would be suspended if I didn't contact the Admin. First off, they wouldn't say "we are going to suspend your account if you don't contact us.". They would contact me through official channels.
Second, if he truly did make the mistake, and said, "I messed up, I reported the wrong person.", then they wouldn't need to talk to me for I had nothing to do with it.
Next, you can see how adamant he is trying to warn me that my account will be suspended, but when I mention to have him contact me through "official means", for example, like though a steam email address, (admin @ steam.com), to the email I used to register on with. He basically refused to inform him and kept trying to warn me that my account will be suspended. It was almost like he knew that "Admin" couldn't do that. So it got me thinking, why is he so adamant on not relaying my message to this so-called "Admin", but instead, keep trying to convince me to contact him my self to give him personal information.
Overall, even if they are your friends, and you have them on your friends list, watch out, for their accounts may be compromised. I had many years ago, someone come onto our TS3 with the name "Biteme", trying to impersonate a friend, and he poked me asking to give him full admin rights do to an issue he had on his computer, and I responded with, send me with a text message on the phone, and he left. So, always be cautious on who you are talking to and what information you give out to others, even to your friends.
So, what can you do to spot this types of Social Engineering? Well, first off, never give out personal information to anyone "Claiming" to be an admin, company, or someone of some importance without them being able to prove who they are, or, you contact them through official means. Watch out for people asking questions like, What high school you went to, or what was your schools mascot. Anything with personal info like family maiden name, your mothers maiden name, ect..., should never be given out to anyone.
Link From PatPgtips Here is site you can check if users have been banned
Good thing your son did come to you. Luckily, in my case, I never talked to the "Admin" as he claimed. I went right to Steam and contacted them through a support ticket. My biggest grip I have with Steam, was the difficulty I went through just to find out how to send in a ticket, especially on something like this. They have it buried and hidden like they don't want you to contact them.
Thanks for the link as well. I will post it in the main post.
Nuke Dev / Coder
JoinedJan 12, 2012
coRpSE Currently Offline Offline Most Played: This week: 25.9hrs. Total Played: 1,645hrs.
Taking a break from work!
All times are UTC - 7 Hours [DST enabled]
Page 1 of 1
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum