Much like the general population, cybercriminals have areas of expertise. Some grift people on social networks, other spread malware via emails and then there are the ones who know how to turn gamers items and accounts into money.
The main playgrounds for these types of criminals are the big gaming platforms like Steam, Origin or Battle.net. Typically, the fraudsters profile or target new users to the site along with others who know little about cybersecrutiy. As new gamers sign up in droves on a monthly basis, cybercriminals experience no shortage of potential victims, especially with the rise of multiplayer online games.
Forewarned is forearmed. With that in mind, we’ve decided to make a list of the most widespread Steam scams and share it with you, so that you would not fall for such tricks.
#Security tips for #gamers: https://t.co/tBfI5TrvU5 via @kaspersky #phishing pic.twitter.com/wg79zP3jl1
— Kaspersky Lab (@kaspersky) January 8, 2015
1. Phishing is just as efficient on Steam as it is on social networks and the greater Internet. Fraudsters often analyze victims profile to tilt the odds into their favor or to clone the accounts of their friends.
The criminals will then send a private message where they ask for “help,” offer access to an “amazing game guide,” exchange some items or something else. Regardless of the text, the sole purpose of the contact is to make the user click the fake link in the message. It leads to a malicious site, which looks similar to Steam and requires victim’s login information. When the deceived users authenticate on this site, they risk losing their Steam accounts forever.
Beware of live #phishing domain https://t.co/BV9KfUKQgS targeting Chinese users of Steam Community @Steam_Support pic.twitter.com/3aL1Som8Wp
— Marcin Ulikowski (@elceef) January 8, 2016
To prevent this kind of scum Valve has invented the Steam Guard – and we highly recommend you to turn it on and use the Steam variant of two-factor authentication: either via a mobile app (which is preferred) or via email. You should always check if you are on the real site each time when you enter your login and password. If you see a misprint in the site’s URL, a spacebar or some other excessive symbol, then you can be sure: this is a fake. Don’t do anything with fakes.
What is two-factor authentication and where should you enable it? http://t.co/WSvDc9oSvb #passwords #privacy #security
— Kaspersky Lab (@kaspersky) June 9, 2014
2. If the criminals fail to draw in victims via the social engineering, they will look to draw in easy prey from outside of Steam. To do that, the fraudsters write articles and publish videos on YouTube that “reveal” how to get something for free: gain extra experience, copy an item, find “secret” cheat codes, etc.
There are 3 pillars to basic gaming security and they can also apply to general PC security: https://t.co/tBfI5TrvU5 pic.twitter.com/Xx4fKKb0FA
— Kaspersky Lab (@kaspersky) January 10, 2015
Tips given in fraudsters’ content are mostly copied and pasted from other web resources. But throughout the text or the video fraudsters obtrusively offer to download some software or an extension that will boost victim’s game character to the unbelievable levels. If a deceived user downloads the malware the most interesting part begins: nobody knows what’s exactly is inside. One can lose his/her Steam account or become a victim of some powerful ransomware. The best way to protect yourself from such threats is to install a reliable security solution. You should also be very attentive and check twice before opening links and downloading files on the Internet.
More reason to backup your data: the #ransomware, Teslacrypt, is still targeting gamers – http://t.co/lKsBp44iMy pic.twitter.com/Kgm0NRitGD
— Kaspersky Lab (@kaspersky) April 21, 2015
3. Sometimes people pay for the items not on Steam, but via PayPal, WebMoney or other e-currency services instead. For the Steam system such bargains look like pure heart gifts, as the website does not monitor your wallets all over the world.
So, you can get real money for your items, but sometimes fraudsters pay for the purchase and then write a tearful letter to the support team of their e-currency service where they ask to freeze the transaction and bring money back. To prove their story they can even send a fabricated Skype screenshot, in which the victim looks like a fraudster.
If the support representatives believe the story (and it’s quite possible that they will, as the real victim is unaware of what’s going on and remains silent), then the users are left without both the money and items, given away as a “gift.” And there is no way to return it. That’s why you should not make bargains outside the Steam trade window.
If anyone gets asked to trade by @PompaRon don't do it. Says he will pay you with steam credit but he is just trying to scam you.
— AALtv_ (@AALtv_) January 17, 2016
4. Sometimes people try to befriend you or say that they are your old friends – that’s just you know, a second account they are using right now. In the end they ask to “try on those cool items” on the pledge of, “I’ll give it back, cross my heart and hope to die!”
Of course, you should not believe them. Even while there is a small chance they can actually be your friends. If you suspect that you really know this John or Jane, check them: call them or write a Skype or Viber message. Just remember: if you give an item to a fraudster, it’s never going back.
When you open up your steam and see one of your viewers is trying to scam you… LAWL pic.twitter.com/ka1891GQ5q
— msShadowfax (@ms_shadowfax) January 23, 2016
5. Fraudsters don’t limit themselves with the roles of “friends.” Sometimes they present themselves as Steam employees and try to pull a fast one: accuse users of a fraud and force them to give some of their game items for a “scan” and a “check.”
Of course, they don’t work at Valve Corporation. No Steam employee will ever ask a user to share items with anybody else. So you can freely report these scammers.
How scammers deceive gamers in #Steam #games #security
6. Fraudsters can ask you to send them an email letter with the confirmation link or the link itself. Don’t ever do this, no matter how they explain it! As when they have the link, they can finish the bargain without your real approval. You certainly won’t like the results.
7. In the majority of scams fraudsters will try to hurry or rush you. This is no accident: for example, they can offer you an item, which looks like a valuable one, but in reality it’s not. Moreover, the less attentive the victims are, the bigger are the chances that they will fall for this or that fraudsters trick.
So never yield to pressure and check twice and thrice what you are trading for what before you confirm the bargain.
@mikebauer74 (2/2) If you were scammed, you may report this scam to Steam Support so that action may be taken against the scammer.
— Steam Support (@Steam_Support) June 12, 2013
Remember: according to Steam policy, you cannot return the items that were given away due to scam. All you can do is report a fraudster to the Steam support service.
For this you need:
- open the fraudster’s account;
- click the More drop-down button in the upper right corner of the page;
- choose Report Violation;
- select the violation (for example, Attempted Trade Scam);
- click the Submit Report button.
Don’t hesitate to do it: if nobody teaches those bastards a lesson, they will continue their money grab activities.