Get Some
Games => First-Person Shooter => Team Fortress 2 => Topic started by: Gutty on December 03, 2014, 08:28:11 pm
-
Okay so I have decided to put this up to help you know what to look for when it comes to phishing attempts.
Use this thread to view, or add to. so you can let others know about them too.
REMEMBER NOT TO CLICK ON ANY LINKS!!!
-
Never tell your password to anyone.
beneaston: add this guy for trade,he just can't add you for some reason...
[url]http://staemcommuniti.com/id:/76561198034214672[/url] ([url]http://staemcommuniti.com/id:/76561198034214672[/url])
Gutty.OP (ᴳѕ) |PsYCo|: get fucked
beneaston is now Offline.
beneaston is currently offline, they will receive your message the next time they log in.
Gutty.OP (ᴳѕ) |PsYCo|: find a real fucking domain name
-
Here are some good fishing links.
http://www.fishinginnewzealand.com/ (http://www.fishinginnewzealand.com/)
http://www.fishing.net.nz/ (http://www.fishing.net.nz/)
http://www.fishnewzealand.com/ (http://www.fishnewzealand.com/)
-
what?? no fish and game??
-
Just for shits and giggles and as I have a semi professional interest in computer security I had a play with the phishing site. Reasonably good facsimile of steam, every link on the pages redirects you to a login prompt which will fairly obviously be a keylogger, but not content with that it pops up a decent look alike of the "Steam Guard" 2FA window, that indicates that as an added security measure to access Steam from this PC you will need to download the latest SteamGuard.exe tool and install it. Doing so would be a terribly bad move because it installs a particularly nasty backdoor trojan.
Not the usual bad spelling phishing site, some effort went into this, the default page and the 404 are all redirected to a steam themed "Website under Construction" page.
PS: I did this all in a VM which is going to be reverted afterwards, not from my home PC, and any login credentials used were blatently fake :-)
-
Also worth noting if you use a smart password manager like LastPass, it helps stop this sort of shit, as it won't recognise the fake domain as a valid domain for those credentials unless you explicitly go in and add it as an equivalent domain.