Phishing in Sawmill

I think I may have taken this a tad too literally...
I think I may have taken this a tad too literally…

So, lately, it seems that Team Fortress 2’s trading system has been full of ups and downs. But while no one can predict when the item servers are going to die or when the trading system will go down for the umpteenth time, there IS something you can protect yourself from. Today, we’ll discuss the recent phishing spree.

What’s phishing then? Well, according to Wikipedia, it is:

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

In Team Fortress 2, it’s essentially the same thing. Someone comes along and says “Hey, I have this item to trade, click this dubious link!” or “Hey, click here for free earbuds (and viruses!)” or something along those lines. The victim clicks the link and is asked to log in to Steam. They do that and pow, account stolen. Alright, it’s slightly more complicated than that. Generally, the link leads to a page that looks exactly like Steam, works exactly like Steam and asks for a code, just like Steam. When you fill in the form, it’ll appear that you signed in normally, when in fact you’ve just signed your TF2 backpack’s death warrant.

The people who send these are two-fold. Some are accounts created by the phishers themselves. Others are hijacked accounts, i.e. people who have fallen for the phishing scam. Quite often, once an account has been hacked, they’ll start unwillingly sending out even more phishing links to everyone on their friends list.

“But Medic, how do we avoid these?”

I’m glad you asked. There’s several key things you can do to protect yourself. These aren’t in any particular order, but if you just do the first two, you’ll be okay.

1. Check all URLs carefully. If you click on a link that isn’t related to Steam in chat, Steam will pop up with a window saying that it’s unknown and may be risky. Many phishing links LOOK like steamcommunity.com but have a letter changed. It could be anything from stteamcommunity.com to steamcornmunity.com or even st3amc0rnmuniti.com. Steam warns you whether a link looks unsafe. Be smart and take its advice. Also, don’t forget that official Steam sites use HTTPS and give you SSL certificates from Valve. Just look at the image below.

phishingssl*

2. Turn on Steam Guard and, more importantly, make sure the email address you use has a different password. This is a biggy. Every time you access your account from a new device, Steam Guard asks you for a unique code. This code is sent to your email address. Should a phisher get hold of your account name and password, if they don’t have the Steam Guard code, they can’t get in… Unless they figure out the password for your email address. Lots of people use the same password for multiple things, so if you’ve got the same one for both Steam and your email, you’re screwed.

3. Make your backpack private or Friends Only. While you’re at it, avoid trading in general. While a phisher will try and take anything they can get their hands on, the more valuable the backpack, the more you’ll be pestered and get phishing links thrown at you. Some phishers use profile scanners that check the amount of playtime and the value of someone’s backpack to target higher valued players. Setting your backpack to private or Friends Only will help. Another suggestion is to avoid TF2 Outpost for a while. A vast amount of phishing links and dodgey friend requests are being sent from TF2 Outpost every time someone bumps their trade. This isn’t as prominent, to the point of nonexistence on other trading sites, and trading servers are generally less affected by this as the people on the server are generally active.

4. Get this nice script for Chrome, Opera or Firefox. What that fancy thing does is warn you if a link isn’t a official Steam site or one of the popular trading sites. If you click on a dodgy link by accident, the script will get to work and warn you in big red letters that you should turn around and go back. It also does the nice thing of getting rid of the Show More button on profiles, showing you ALL the text, not just the first two lines. As a bonus, it’s easy to update.

“How can I stop this?”

Well, you can’t just stop phishing, because it’s crime and crime will almost always exist no matter what because humans are scum, but there are ways you can help. The best way to help is to report people sending phishing links by clicking on their profile and reporting them there. You can also report people to SteamRep, but the process is slow.

Remember, you can check suspicious people using SteamRep or TradeRep. And always check who you’re trading with before doing any sort of trade.

“Medic! I’ve been phished! What can I do?”

First off, don’t panic. And don’t go crying to SPUF or any other TF2-related forum. The only people who can get your stuff back are the people from Steam Support. As soon as possible, go to Steam Support and make a new ticket, explaining what happened. You’ll generally be asked to provide proof that the account is yours, which can be sorted out with a key from a game you own on Steam. A photo of a key for a CD is nice and quick and you can save it on your computer in advance. Keep in mind that Steam Support can be very slow at times, especially outside US hours.

Also do not forget that Steam Support will only give you back your items ONCE. Get phished again and you’ll never see your circling Earbuds HOUWAR ever again.

Hopefully, if you use your brain, you won’t ever have a problem. Happy trading!

* I will give you a cookie and a GMod picture of your choice if you can guess what the two bookmarks I removed are. Post your answers here.

Medic

Medic, also known as Arkay, the resident god of death in a local pocket dimension, is the chief editor and main writer of the Daily SPUF, producing most of this site's articles and keeping the website daily.

4 thoughts on “Phishing in Sawmill

Leave a Reply

Your email address will not be published. Required fields are marked *