Social Engineering on Steam
Select messages from # through # Forum FAQ
[/[Print]\]

HeadShot Extreme -> News

#1: No icon Social Engineering on Steam Author: coRpSELocation: Back of your mind!!! PostPosted: Tue Jul 28, 2020 4:22 pm
    —
Expand


First off, before I go into this article, I do want to point out that even though the title of this article I do say "Steam", this steams out over all platforms. I use Steam in the title because this article covers what just happened to me on Steam, and I knew the signs to know that this was an attempt to social engineering.

So, what is "Social Engineering"?

Social engineering is the art of manipulating people, so they give up confidential information. The information that they are trying to get varies, but mostly to get passwords, or they ask questions that you may have used for recovering lost or forgotten passwords, even bank information in some cases. Other cases is to gain access to your computer, so they can implement malware, key loggers, ect..., to get information without you really knowing it's happening.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.  For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).

Now, how did they try getting me. Well, I will show you. Here is my full conversation with this person. The name has been removed since I believe that this persons account is a stolen account, (already reported). Also, I have been in contact with Steam already and it has been confirmed that this is a social engineering attempt on me, and that my suspicion was 100% accurate.
Hidden: 
[8:32 PM]
CRIMINAL:
hi

[8:33 PM]
coRpSE:
hello

[8:34 PM]
CRIMINAL:
Sorry for bothering you brother please give me time to talk with you

[8:34 PM]
coRpSE:
what's up?

[8:34 PM]
CRIMINAL:
because i accidentally report you for doing illegal purchased instead of someone else. The admin said that your account will be suspended on steam

[8:35 PM]
coRpSE:
my account?
I am not sure if I follow.

[8:37 PM]
CRIMINAL:
I accidentally report your i thought it was you because your the same name and profile and the admin said will be suspended your account
sorry
I didn`t mean to report you
it was accident only
help me to the admin to explain so he can`t suspended your  account
sorry bro

[8:38 PM]
coRpSE:
suspended on what? Steam? Because I am on Steam ATM, and I haven't got any notices

[8:40 PM]
CRIMINAL:
Steam Community :: JasonM
https://steamcommunity.com/profiles/76561198086254183

this is the admin
Add him and wait until he accept
and explain to him
that it was a accident only that i report you.
Im really sorry bro

[8:40 PM]
coRpSE:
What am I supposed to be suspended from?

[8:40 PM]
CRIMINAL:
I thought it was you
your all games will be useless and your account permanently clos
close*

[8:41 PM]
coRpSE:
yeah, I don't see how that is possible
sorry, but that makes no sense

[8:42 PM]
CRIMINAL:
I got scammed with your same name and profile

[8:42 PM]
coRpSE:
yeah, but if I was "suspended" or "banned", I would have been notified.

[8:43 PM]
CRIMINAL:
and i report this account

[8:43 PM]
coRpSE:
Easy way to check this is to load into game

[8:43 PM]
CRIMINAL:
the admin will be explain to you
Bro next time private your profile so no one can impersonate you

[8:44 PM]
coRpSE:
yeah, I think I can contact steam separately, for that doesn't look like an admin account.

[8:44 PM]
CRIMINAL:
lesson learn to me
the admin put a friends only
don`t hessitate to talk to him
can you help me to fixed this issue or what

[8:45 PM]
coRpSE:
Well, if you made a mistake, then there is no reason for him to talk to me.

[8:45 PM]
CRIMINAL:
no you don`t understand.
The admin need to talk to you to give a proof of your history of your purchased on steam
that it was not you
who toke my items on steam

[8:46 PM]
coRpSE:
um, no

[8:46 PM]
CRIMINAL:
or else you will be suspended

[8:48 PM]
coRpSE:
well, I will contact steam independently for this sounds like BS. I mean really, the story has changed a few times from I am suspended to I am going to be suspended, How do I know that this account hasn't been compromised and you're trying to skim information off me. I am sorry, you have to admit that it sounds like BS and I don't provide skimming information. If he is staff, he can send me an email from steam through steams email servers to contact me.

[8:49 PM]
CRIMINAL:
yeh the admin will be validate your account and after you add the admin will contact you and send your on your gmail
understand?

[8:49 PM]
coRpSE:
I didn't say gmail

[8:49 PM]
CRIMINAL:
how he can send your gmail if your not add him
lmao

[8:49 PM]
coRpSE:
I said through steams mail servers

[8:49 PM]
CRIMINAL:
email*

[8:50 PM]
coRpSE:
because when I created this account, I linked my email
seriously, that is common knowledge

[8:50 PM]
CRIMINAL:
yeah admin will talk to you
that`s why add him to explain
Well if you think this is joking issue well gl bro

[8:51 PM]
coRpSE:
How about this, I will just take this log and submit it to steam for evaluation


Here, you can see the conversation that we had. I will brake it down into the sections of where I knew something was up.

  1. The first sign that stood out to me of this being a scam was when he said my account would be suspended if I didn't contact the Admin. First off, they wouldn't say "we are going to suspend your account if you don't contact us.". They would contact me through official channels.

  2. Second, if he truly did make the mistake, and said, I mess up, I reported the wrong person, then they wouldn't need to talk to me for I had nothing to do with it.

  3. Next, you can see how admit that he is trying to warn me that my account will be suspended, but when I mention to have him contact me through "official means", for example, like though a steam email address, (admin @ steam.com), to the email I used to register on with. He basically refused to inform him and kept trying to warn me that my account will be suspended. It was almost like he knew that "Admin" couldn't do that. So it got me thinking, why is he so adamant on not relaying my message to this so-called "Admin", but instead, keep trying to convince me to contact him my self to give him personal information.


Overall, even if they are your friends, and you have them on your friends list, watch out, for their accounts may be compromised. I had many years ago, someone come onto our TS3 with the name "Biteme", trying to impersonate a friend, and he poked me asking to give him full admin rights do to an issue he had on his computer, and I responded with, send me with a text message on the phone, and he left. So, always be cautious on who you are talking to and what information you give out to others, even to your friends.

So, what can you do to spot this types of Social Engineering?
Well, first off, never give out personal information to anyone "Claiming" to be an admin, company, or someone of some importance without them being able to prove who they are, or, you contact them through official means. Watch out for people asking questions like, What high school you went to, or what was your schools mascot. Anything with personal info like family maiden name, your mothers maiden name, ect..., should never be given out to anyone.

Another form of this is Phishing, and you can see these a lot with fake websites, basically websites that look like the real site, but they aren't. Sort of fits with my last news article about
Please login to see this link
Get registered or Log in
, to why Google is looking at cleaning up the address bar of the browser. I am not going to go too much into details on that for you can just look at these sites that already answer a lot of this.

Please login to see this link
Get registered or Log in

Please login to see this link
Get registered or Log in


There are literally hundreds of websites, videos, threads, ect... on this topic you can do a quick search, but to show you how scary this can be, watch this YouTube video:

[Watch this video on YouTube]

I hope this will enlighten some of you to be more cautious of the type of information you give out and tells that something is might not be right.
Well, be smart, and be safe,

#2: No icon Re: Social Engineering on Steam Author: PatPgtips PostPosted: Mon Aug 03, 2020 3:13 am
    —
my sons steam account had exactly the same thing but it was from an player he was playing some games with a few days before

he also ended up talking to the admin they were fishing hard for his password

he came and got me i grabbed as much information i could and reported the 2 of them

i know the main player account that contacted him got a ban

its all bs luckily my son of 14 came to me before things got to far

also i am the one that receives the emails for verification just incase these things happen

good post corpse

here is site you can check if users have been banned
Please login to see this link
Get registered or Log in


the users account you posted above has got a trade ban



HeadShot Extreme -> News


output generated using printer-friendly topic mod. All times are GMT - 7 Hours

Page 1 of 1