Jump to content

New Scam Tactic?


diablofan1211

Recommended Posts

Greetings Malwarebytes forums!

 

     A few weeks ago i stumbled across a stream that was streaming Counter Strike Global Offensive, a game I play occasionally and watch. The catch was that the stream was actually advertising a giveaway. For those of you who aren't firmiliar with Counter Strike Global Offensive, the game is a competitive first-person shooter that has valuable in game items which is extremely lucrative. The site seemed legitimate and the viewer count gave me the notion that it was a safe giveaway to enter. I did some looking around on their site and decided to enter their giveaway. Instead of having an online form to enter, the site had a download link for the entry form. It was an executable file that appeared to be normal at first sight, the only information the form required was name and aliases but nothing confidential.

     

     About a week later, I noticed that my friends list grew one friend larger without my knowing. I thought nothing of this and continued my day eventually leaving to get food if my memory serves me correct. Around the time i get back to my computer and browse the internet, I notice that one of my items is missing. Apparently I had gifted it to him through Steam trade offer, which would be impossible considering I wasn't even near my computer. I've since then used anti-virus software scans to scan my computer to cleanse my computer. I've also changed my e-mail and Steam passwords and have also contacted Steam support. I still haven't got word back from them.

 

     This story is MY account of being scammed. I have no idea whether it will spread any awareness let alone help anybody, but it's nonetheless an entertaining story - i hope. The first portion of the story is my leading theory of the security breach. I hope this story serves as entertainment and a topic which we can discuss. I believe that my security was compromised by the executable file downloaded from the malicious giveaway site. I am completely aware of the common phishing methods used to scam Steam users, mainly the most common one utilizing the fake Steam site. With that being said, I believe my account could not have been breached with any other method other than the executable downloaded. I'm not knowledgeable about software security enough to find any concrete evidence on my computer, so i'm hoping that anybody on this forum has the knowledge to help me understand the situation. To my understanding, there is an SSFN file within the Steam folder that authorizes computers to access a Steam account without e-mail confirmation.This is what I believe the executable uploaded, but i'm still unsure if they still need my account information? I'm seeking help from these forums because of Malwarebytes' Youtube channel. The channel was entertaining but also gave me confidence that they could help give me a solution no matter how small scale the scam is. I hope you enjoyed my story and I hope there is someone who can help enlighten me. I don't care if Steam returns my items or not, i'm purely interested in understanding the scam and learning more about software and security. I'd like to add that Twitch is a very large live game streaming site and i'm afraid there are many more victims like myself. So please correct me if my theory is ludicrous.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.