ShadowZtar Mar 10 @ 11:17am
Unnatural amount of 'Phishers/Hijackers' Recently - Theory
From my understanding there has been a great increase in adds from phishers/hijackers, messaging something such as 'Hi. My friend want to trade with you. (phishing link) Add him.', and the like. I've a theory on how exactly they go about the phishing and why there's an increase in them.

I'm just curious as to what you guys think about my theory on it, or maybe just the situation in general, and if you can shed some light on the situation. My theory may be far from perfect, but here I go:

How they hijack the accounts

The said phishers/hijackers use accounts that have previously been hijacked. They're then programmed to add the person who made the most recent trade on TF2Outpost, and probably other trading sites as well such as Bazaar.tf/Dota2Outpost (not too sure), sending an automated message with a phishing link, then remove friend a few minutes later to move onto the next guy.

If the victim clicks on the link and tries to log in on the site the account gets stolen a few minutes later (captain obvious approves of this statement). Upon attempting to log in, they're told there's some sort of error, and they need to upload a file, which has the Steam Guard details (etc.). This is how the phishers/hijackers get past the Steam Guard as they obtain the victim's Steam Guard details (to put it vaguely).

Why are there so many recently?

I'm not 100% sure. Maybe not even 75%, but it's possible that it started out with a few guys doing the same phishing/hijacking process, but with their own alts. Some people fell for them, lost their accounts, then the compromised accounts were used to do the same thing via some sort of bot. It's like a big long chain of hijacked accounts attempting to hijack other accounts, with the amount of accounts getting hijacked becoming greater, and continues to do so to this day.



So yeah...that's it I guess. If there's anything overly vague, or flawed (or whatever) in my theory, feel free to comment on it. I know some parts seem like common knowledge to know, but I didn't want to miss out any details, and it'd be great if I could get some additional info I should be aware of. Lastly, I haven't seen any other discussion regarding the recent increase of phishers/hijackers, but if there is then sorry for the possibly duplicate thread.
Last edited by ShadowZtar; Mar 10 @ 11:17am
Showing 1-12 of 12 comments
< >
Black Blade (card rain) Mar 10 @ 11:32am 
I think so far there were maybe not a good bot as of now... and now i think the bot is much better then so far... and is why number 1

Second of all i think there is some were now a guide on how to get so bot... what makes many users use the same bot for there own allowing them to get it... and that is why i think its really growing as of the bot getting better or/and someone giving that bot out so any one can use it

Abut the outpost idea is some what a nice one... will be intresting to look out

Abut the login a fake site... sometime it will ask you for the file some time it will not... that shows that there are more then one type of guys doing it out there... some work with the file and some just the code.... and i seen thsee a long time ago... it was just not so comman
Last edited by Black Blade (card rain); Mar 10 @ 11:33am
ShadowZtar Mar 10 @ 11:41am 
Originally posted by Black Blade (Study again \(-.-)/:
I think so far there were maybe not a good bot as of now... and now i think the bot is much better then so far... and is why number 1

Second of all i think there is some were now a guide on how to get so bot... what makes many users use the same bot for there own allowing them to get it... and that is why i think its really growing as of the bot getting better or/and someone giving that bot out so any one can use it

Abut the outpost idea is some what a nice one... will be intresting to look out

Abut the login a fake site... sometime it will ask you for the file some time it will not... that shows that there are more then one type of guys doing it out there... some work with the file and some just the code.... and i seen thsee a long time ago... it was just not so comman

Alright, thanks for your input. c: It does make sense there'd be an increase of them because of a guide telling people how to do it (and would also explain how more than one group of people are doing it). I didn't realise some of the sites didn't ask for the files since that's key to getting past the steam guard I think, but I guess not every phishing site is perfect.

And yeah I'm aware it's probably been done a long time ago and have just become more common now.
Black Blade (card rain) Mar 10 @ 11:45am 
Originally posted by ShadowZtar:
Alright, thanks for your input. c: It does make sense there'd be an increase of them because of a guide telling people how to do it (and would also explain how more than one group of people are doing it). I didn't realise some of the sites didn't ask for the files since that's key to getting past the steam guard I think, but I guess not every phishing site is perfect.

And yeah I'm aware it's probably been done a long time ago and have just become more common now.
no when i say long time ago i mean the asking for the file
I notice some were thinking its something some what new

There are mainly two ways to pass the Steam Guard that are used...
1. ask for the code for your Steam Guard (problem is then someone get an email saying they login and he may notice the wrong IP)

2. Ask for the Steam Guard Cookie then Seduce Steam guard to allow you to pass (problem here is it may look suspense to any one that can think ... hell these looks ood for Steam to ask me to upload a file like these)
ShadowZtar Mar 10 @ 12:01pm 
Originally posted by Black Blade (Study again \(-.-)/:
Originally posted by ShadowZtar:
Alright, thanks for your input. c: It does make sense there'd be an increase of them because of a guide telling people how to do it (and would also explain how more than one group of people are doing it). I didn't realise some of the sites didn't ask for the files since that's key to getting past the steam guard I think, but I guess not every phishing site is perfect.

And yeah I'm aware it's probably been done a long time ago and have just become more common now.
no when i say long time ago i mean the asking for the file
I notice some were thinking its something some what new

There are mainly two ways to pass the Steam Guard that are used...
1. ask for the code for your Steam Guard (problem is then someone get an email saying they login and he may notice the wrong IP)

2. Ask for the Steam Guard Cookie then Seduce Steam guard to allow you to pass :D: (problem here is it may look suspense to any one that can think ... hell these looks ood for Steam to ask me to upload a file like these)

Oh right, sorry for the misunderstanding. And thanks for the explanation, I understand a bit more about the Steam Guard thing now.
Black Blade (card rain) Mar 10 @ 1:46pm 
Sorry for what XD i need to be sorry for not been clear
Good for you please do not use that to hack someone
ShadowZtar Mar 10 @ 2:38pm 
Originally posted by Black Blade (Study again \(-.-)/:
Sorry for what XD i need to be sorry for not been clear
Good for you please do not use that to hack someone :D:

Heheh, don't worry, I've no interest in doing that to anyone.
Agent-1138[GB] Mar 10 @ 3:53pm 
OP you are almost 100% Correct, that is how the operation has always worked. Welcome to the internet.
Last edited by Agent-1138[GB]; Mar 10 @ 3:54pm
Kablam0 Mar 10 @ 5:56pm 
How VALVe can ever possibly manage this mess is a mystery to me. It just seems to get worse and worse exponentionally. I can only imagine what it is like for their support staff to have to deal with this chaos on a daily basis.
ShadowZtar Mar 11 @ 12:52am 
Originally posted by ๖ۣۜAgent-1138GB:
OP you are almost 100% Correct, that is how the operation has always worked. Welcome to the internet.

I've only had an interest in how people go about it recently since I've (as well as some of my friends) been getting a ♥♥♥♥ ton of phishing links over the past week, so yeah.

Originally posted by Joh Mahmah:
How VALVe can ever possibly manage this mess is a mystery to me. It just seems to get worse and worse exponentionally. I can only imagine what it is like for their support staff to have to deal with this chaos on a daily basis.

Yeah, I definitely wouldn't want to be in their shoes at the moment.
~Ren~ Mar 11 @ 1:17am 
The situation in general is not nice to see, every day I log in and I see yet another account lost or that account has had items stolen from the inventory, the majority of these attempts could be prevented if people use a little more common sense but they don't. The temptation of cash or whatever is too great.

The only solution I can see is for Valve to forcibly make everyones inventory private, I'm not saying this will stop these attacks but it will stop potential phishers from viewing the more expensive items in a persons inventory making them a target.
Agent-1138[GB] Mar 11 @ 6:49am 
Originally posted by ShadowZtar:
I've only had an interest in how people go about it recently since I've (as well as some of my friends) been getting a ♥♥♥♥ ton of phishing links over the past week, so yeah.

Received a few myself, got to their profile page and report them.
crunchyfrog Mar 11 @ 1:36pm 
The reason there's an influx of late is basically this - popularity.

If there's firstly value in something (such as a game account, bank account or whatever), then it's worthy of trying to steal. If it becomes popular, then that only ups the ante.

Steam had an influx of over 10 million new accounts since October, plus the recent changes to trading, opening the market.

Set the pot of honey, and the wasps will come. It is nothing more mysterious than this.

As a legal advisor I could give you many similar examples.


Originally posted by ~Ren~:
The situation in general is not nice to see, every day I log in and I see yet another account lost or that account has had items stolen from the inventory, the majority of these attempts could be prevented if people use a little more common sense but they don't. The temptation of cash or whatever is too great.

The only solution I can see is for Valve to forcibly make everyones inventory private, I'm not saying this will stop these attacks but it will stop potential phishers from viewing the more expensive items in a persons inventory making them a target.

On the face of it, it appears worrying, but you need to have perspective.

There are currently over 75 million active (i.e. used within the last 30 days) accounts. Only a small fraction use these forums (I believe it's around a couple of percent). That's still several hundred thousand users at minimum. Now, if you see say, 10 different threads per day concerning stolen accounts, I'd say their system is working pretty damned well.

It's worth underlining that this is an issue that can never be solved, only reduced as much as you can, and I believe that Valve are doing a damned good job - the figures speak for themselves.

The best thing we can do is to help Valve by educating the others - after all, almost ALL the cases of stolen accounts are down to this - gullibility and/or ignorance. Very few are sincere error.
Last edited by crunchyfrog; Mar 11 @ 1:49pm
Showing 1-12 of 12 comments
< >
Per page: 15 30 50
Date Posted: Mar 10 @ 11:17am
Posts: 12