First off, before I go into this article, I do want to point out that even though the title of this article I do say "Steam", this steams out over all platforms. I use Steam in the title because this article covers what just happened to me on Steam, and I knew the signs to know that this was an attempt to social engineering.
So, what is "Social Engineering"?
Social engineering is the art of manipulating people, so they give up confidential information. The information that they are trying to get varies, but mostly to get passwords, or they ask questions that you may have used for recovering lost or forgotten passwords, even bank information in some cases. Other cases is to gain access to your computer, so they can implement malware, key loggers, ect..., to get information without you really knowing it's happening.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).
Now, how did they try getting me. Well, I will show you. Here is my full conversation with this person. The name has been removed since I believe that this persons account is a stolen account, (already reported). Also, I have been in contact with Steam already and it has been confirmed that this is a social engineering attempt on me, and that my suspicion was 100% accurate.
Here, you can see the conversation that we had. I will brake it down into the sections of where I knew something was up.
- The first sign that stood out to me of this being a scam was when he said my account would be suspended if I didn't contact the Admin. First off, they wouldn't say "we are going to suspend your account if you don't contact us.". They would contact me through official channels.
- Second, if he truly did make the mistake, and said, I mess up, I reported the wrong person, then they wouldn't need to talk to me for I had nothing to do with it.
- Next, you can see how admit that he is trying to warn me that my account will be suspended, but when I mention to have him contact me through "official means", for example, like though a steam email address, (admin @ steam.com), to the email I used to register on with. He basically refused to inform him and kept trying to warn me that my account will be suspended. It was almost like he knew that "Admin" couldn't do that. So it got me thinking, why is he so adamant on not relaying my message to this so-called "Admin", but instead, keep trying to convince me to contact him my self to give him personal information.
Overall, even if they are your friends, and you have them on your friends list, watch out, for their accounts may be compromised. I had many years ago, someone come onto our TS3 with the name "Biteme", trying to impersonate a friend, and he poked me asking to give him full admin rights do to an issue he had on his computer, and I responded with, send me with a text message on the phone, and he left. So, always be cautious on who you are talking to and what information you give out to others, even to your friends.
So, what can you do to spot this types of Social Engineering?
Well, first off, never give out personal information to anyone "Claiming" to be an admin, company, or someone of some importance without them being able to prove who they are, or, you contact them through official means. Watch out for people asking questions like, What high school you went to, or what was your schools mascot. Anything with personal info like family maiden name, your mothers maiden name, ect..., should never be given out to anyone.
Another form of this is Phishing, and you can see these a lot with fake websites, basically websites that look like the real site, but they aren't. Sort of fits with my last news article about , to why Google is looking at cleaning up the address bar of the browser. I am not going to go too much into details on that for you can just look at these sites that already answer a lot of this.
There are literally hundreds of websites, videos, threads, ect... on this topic you can do a quick search, but to show you how scary this can be, watch this YouTube video:
[Watch this video on YouTube]
I hope this will enlighten some of you to be more cautious of the type of information you give out and tells that something is might not be right.
Well, be smart, and be safe,
#2: Re: Social Engineering on Steam Author: PatPgtips,
Posted: Mon Aug 03, 2020 3:13 am
my sons steam account had exactly the same thing but it was from an player he was playing some games with a few days before
he also ended up talking to the admin they were fishing hard for his password
he came and got me i grabbed as much information i could and reported the 2 of them
i know the main player account that contacted him got a ban
its all bs luckily my son of 14 came to me before things got to far
also i am the one that receives the emails for verification just incase these things happen
good post corpse
here is site you can check if users have been banned
the users account you posted above has got a trade ban
output generated using printer-friendly topic mod. All times are GMT - 7 Hours