I'm a tourney player looking for a teammate, can you help me out?

[Ranx]

... continues scamming attempt...

- So would you like to join our team?

No thanks.

- Can you vote for our team on this website or post this link to your account so we can be voted to the top of this list?  Here's the link...

 

 

 

Got another one of these adds again today.  I've seen this scam attempt so many times now and it really strikes me as being so weak.  I'm guessing the end goal is a phishing attack when you go to vote or log in to their website, but it's really a poor attack.  Considering that these days most people have 2FA on every log in, it's particularly bad unless you're a complete noob.  Anyone who has anything to lose should really be using 2FA on their accounts (multiple factor authentication/steam gaurd etc).  It's particularly funny when they take forever to answer you back since they are likely having to use google translate to figure out what you are saying.

[D.Alex]

2FA doesn't really help victims on these phishing websites as they enter their 2FA code as well.

 

Then the scammers can use the hijacked account to try to phish others and also try to get victims items by intercepting their trades.

 

I would say these attacks overall are very successful in the number of victims, items and the confusion they create.

[Ranx]

They would have to instantly attempt to login in with your 2FA code otherwise it expires within 30 seconds.  I imagine most don't try to use 2FA in their phishing attacks, since you would have to code a means to figure out if you have 2FA and that can't really be done unless they attempt a login beforehand.  The reason for this is that 2FA always has an extra window popup on steam and most other security systems.  It would be a lot easier just making a normal looking login in window without 2FA to get those easy to claim accounts.

[D.Alex]

Apparently scammers (automatically) do log in and then create Steam API key on that account and possibly stay logged in for a while.

 

Valve sucks for not doing anything about it, cause the "pattern" should be pretty obvious: logging in from completely different location and creating API key.

The trade redirection thing:  a trade is created by a user and then immediately cancelled and recreated with API key from another IP address,

which never happens normally - should've been also very easy to stop on their side.

[Ranx]

I'm glad I brought this up for discussion.  Thanks for the new info.

[Amagi]

Got one of these few days ago too. The scammer was asking if I could join for them as medic/heavy within 30 minutes since the game is starting then. Now comes the funny part; his profile said he was from Switzerland, and it was literally 4am his time when he was asking to play a match. After questioning that he just stopped answering and removed me after I went to sleep.

Remember kids, if it's too good to be true or too fishy, it's propably some sort of a scam.

[Scott Bakula]

Another big thing is it's not just a Steam account that's at risk when a person falls for this. Because people are creatures of habit, they typically don't have unique passwords or usernames for every account. So, if a person gets phished, the phishers are going to also try to use that info to steal other accounts like email, facebook, or worst case, a banking account. And someone getting access to those can do far more damage than just taking a few tf2 items.