Jump to content

[Guide] Phishing and Scamming Techniques


♠Derpeh♤

Recommended Posts

With the increase of users asking me about phishing or friends who didn’t know any better I thought to write up a guide for the more common phishing/scams in tf2. This it to highlight the more elaborate techniques and how they work. If I have missed any or if there is any info wrong please tell me and ill fix it asap!

 

I shall try to keep this updated as more scams come around. 

 

Summary of common/popular scams:

 

                 Middleman/Trade to trusted friend: The scammer will often express interest in an item(s) you have and offer to buy it. They will then proceed to give some form of excuse requiring you to trade your hat to a trusted friend before they will trade with you. If you comply they will ask who it is you have traded the hat to and proceed to add them with their friends list. Your friend who now holds your precious items will then receive an invite to a group chat between the scammer and another user who has impersonated your account asking for your hat to be returned hence acquiring your items.

 

The most common reasons to get you to trade away your item:

-          Wanting to check if it's duped: Trading your hat to a friend doesnt allow someone to check if it's duped, to check if it is duped you need to look for previous backpacks, trading it to a friend does nothing.

        Trust issues: You are trying to sell if they actually have the intent to buy your item right now there would be no trust issues.

-          Middleman: For straight up trades you dont middle man, middle man is mainly for money trades or spycrabbing where you trade items to a respectable/trusted member of the community and they will only give your items to the buyer once you have confirmed they you have received the agreed amount to prevent people running away. There is absolutely no reason so middle man for straight up trades.

TIP: Set nicknames to users/friends who are on your friends list, this helps to for you to differentiate between users...etc (Steam client > friends list > right click you friend > set nickname)

 

 

                 Steam Email Confirmation/Forward trade offer: A somewhat relatively new scam which is a variation on the "trusted" friend scam where they will give an excuse for you to forward your steam confirmation email. Typically they will send a "test" trade for your items and request you forward them the confirmation email to "verify" that you can be trusted.

 

How does it work:

The confirmation email sent by steam is simply a randomly generated link that when opened allows the trade in question to go through and does not verify if they link is being opened on the same device. This is also the reason why trade offers can be confirmed via mobile, as long as the condition of the unique link/code is activated the trade can go through. If the scammer acquires this unique link it means that they can accept the trade offer on your behalf to acquire your goods. 

For a well documented video of this scam click here (Kindly provided by IndieMate)

 

 

                 Trade offer/Gift offer scam: A relatively new scam which has slowly been popping up more typically targeting newer unusual players which are online in game and or trading servers, not as popular as other conventional scams as it places the scammer at risk of losing items. The scammer will send you a trade offer seemingly great offer for a item in your backpack during this time when the victim is either doing a price check and/or background check the scammer quickly cancels the trade offer and sends a gift offer. The victim after seeing such a good offer will proceed to quickly click accept without realising it was now a gift offer.

 

 

                 Steam money trade offer scam: Normally this is an empty trade offer for your items however the “comment†for the trade offer will contain an “offer†of steam wallet money. Users can type whatever they want here, simply typing out that you will receive money does not mean you will.

Example of steam money trade offer scam here

 

Snippet from steam trade offers F.A.Q:

“Note that you cannot include Steam Wallet funds in a trade or trade offer. If someone sends you a trade offer claiming to include Steam Wallet funds it may be a scam. You can report scammers using the "Report Violation" link on their steam profile.â€

 

 

                 Valve employee impersonator: All Valve employees and moderators have the following badge on their steam profile Example of employee Here. Example of moderator's profile Here

 

                                                                          1BcswbK.png?1

They will never ask or threaten you for your account credentials, CD keys, credit card, and items or force you to trade. Scammers will often try to intimidate users into giving them items or account info.

 

 

                 Backpack.tf/Scrap.tf/[populartf2community] bot impersonator: Similar to the Valve employee impersonation above adds users giving an excuse to ask for items from the user. The most common reasons being "dupe checking". 

For more information on this scam click here

 

 

Summary of common phishing techniques:

 

                 Phishing links: These are links which are essentially made to appear like the official website at the first glance (Steamcomunity, Steamconmunity…etc) often these will be sent to you by a bot with a pre-recorded message. The more recent times scammers have placed the phishing links on their steam profile or using real links and sneaking a phishing link within them.

 

How does it work:

By clicking the link it will bring you to a fake steam website where you will be prompted to login followed by the steam security code. When you enter your login details the phisher on the other side will enter those details you have just provided into the official site which will send you the steam code via email where you will provide him the steam code by entering that into the fake site hence gaining access to your account.

The more common forms of phishing links can be found here

 

 

                 Verify/Send us your .ssfn file: This is a more popular variant of the traditional phishing link which works the same way except rather than trying to acquire your steam code they ask you to attach your personal .ssfn file to “verify the integrity of your accountâ€.

 

How does it work:

.SSFN is the file which controls steam’s verification of your identity via Steam Guard, if you delete this file you will be asked to be verified again and a new SSFN file will be generated and stored. If you upload your SSFN file to a phishing page the phisher can use this file with username & password to take control of your account.

Example of Verify/Send us your .ssfn file here

 

 

                 Screenshot/PDF file: This is normally under some guise (too many variations for me to name them all) but typically asking for some reason for you to download a file which seems to be a pdf/image file however is actually a virus. The most popular variant of this is the user saying “I can’t believe you did this [insert link]† or linking you to "check my offer"

 

How does it work:

There are a few variations most common:

         When the file detects that you are afk the phisher will take temporary control over your computer sending himself a trade offer with all your items. Sadly steam would recognize this as a trade from your computer and refuse to restore your backpack. R.I.P Best the sfm artist Alex From Security.

         Key logger, which sends the phisher a log of everything you have typed which doesn’t limit simply taking your steam backpack but taking over your bank account, paypal…etc

 

Example of the screenshot/pdf scam here

 

 

                 Download this program for free hats/[insert an excuse to download and run a file]: the generic old school scam, just a placed in a different form. [see above]

Link to comment
Share on other sites

TL;DR: Don't click links, download unknown files or log into browser Steam without the little 3d7c35bfebafba4acf869033014d99ad.png at the top

And don't trust anyone but yourself

  • Like 1
Link to comment
Share on other sites

the thread's title seemed like this was a thread about how to phish and scam

am disappointed 

From what I know all scams/phishing websites originated from a few Russian users who sell them and keep in contact with their buyers via skype apparently there was a time when a admin was in contact with them but was quickly found out? If you find them let us know ;D

Link to comment
Share on other sites

Sad that you had to make a guide. I highly commend you and thank you for putting this together. However, i feel that all your work and valves is wasted on people who just wonton do things.

 

Upvote from me.

Link to comment
Share on other sites

When you say "on their profile" you should say steam profile, some might be confused as this is on backpack.tf and we badges too.

 

But that's none of my buisness, nice guide.

  • Like 1
Link to comment
Share on other sites

When you say "on their profile" you should say steam profile, some might be confused as this is on backpack.tf and we badges too.

 

But that's none of my buisness, nice guide.

 

Fixed and thanks :)

 

link to a moderator and employee profile? Curious to see what that looks like.

Added, most employees and mods have private profiles tho xD

  • Like 1
Link to comment
Share on other sites

i thought this was in GB 

telling how to fake scam / phish

Well technically if you know how the scam works you can use that to scam someone... Maybe I didn't think this out out through D:

Link to comment
Share on other sites

TL;DR: Don't click links, download unknown files or log into browser Steam without the little 3d7c35bfebafba4acf869033014d99ad.png at the top

And don't trust anyone but yourself

TL;DR Don't trust anyone, not even yourself

Link to comment
Share on other sites

  • 2 weeks later...

you could add a "Lend me your item, i'll give it back in 10 minutes" scam

 

That isnt exactly elaborate, any user who can turn on a computer to trade and falls for this I would say they deserve to be scammed. Even a kid knows that you don't give your precious toys to a someone you don't know...

Link to comment
Share on other sites

I've been seeing a bunch of phishers sending messages pretending to be Russian girls who want to "b freinds and play gamez". Then they send some weird link to their "profile" that I haven't bothered to click on. Just another link scam, just figured you might want to make it a sub-category there.

 

You should also mention the famous csgolounge and backpack.tf scams, where they send offers saying you have duped items and they need to "check" the validity of your items that they put in the offer.

Link to comment
Share on other sites

  • 2 months later...

You make the best guides ever!  Every single one of them covers everything thoroughly and is top notch :D

Thanks! Glad I can help :DDDD

Link to comment
Share on other sites

  • 3 weeks later...

Add a brokering service section, thats becoming popular.

I know about that "scam" but brokering requires a large amount of rep and the service itself practically requires the "victim" to research the broker thoroughly to ensure that they wont run away hence it is rarely successfully nor popular in any sense. Unless you're an idiot.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...