{"id":11317,"date":"2016-02-16T10:09:32","date_gmt":"2016-02-16T15:09:32","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=11317"},"modified":"2020-02-27T04:01:24","modified_gmt":"2020-02-26T17:01:24","slug":"steam-scam","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/steam-scam\/11317\/","title":{"rendered":"Enjoy your Steam: how criminals make money on gamers"},"content":{"rendered":"<p>Much like the general population, cybercriminals have areas of expertise. Some <a href=\"https:\/\/www.kaspersky.com.au\/blog\/1-in-5-phishing-attacks-targets-facebook\/5180\/\" target=\"_blank\" rel=\"noopener noreferrer\">grift people on social networks<\/a>, other <a href=\"https:\/\/www.kaspersky.com.au\/blog\/metel-gcman-carbanak\/11236\/\" target=\"_blank\" rel=\"noopener noreferrer\">spread malware via emails<\/a> and then there are the ones who know how to turn gamers items and accounts into money. <\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2016\/02\/06022950\/valve-steam-security-FB.jpg\" rel=\"attachment wp-att-11319\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2016\/02\/06022950\/valve-steam-security-FB.jpg\" alt=\"Enjoy your Steam: how criminals make money on gamers \" width=\"1280\" height=\"1280\" class=\"aligncenter size-full wp-image-11319\"><\/a><\/p>\n<p>The main playgrounds for these types of criminals are the big gaming platforms like Steam, Origin or Battle.net. Typically, the fraudsters profile or target new users to the site along with others who <a href=\"https:\/\/www.kaspersky.com.au\/blog\/cyber-savvy-quiz\/\" target=\"_blank\" rel=\"noopener noreferrer\">know little about cybersecrutiy<\/a>. As new gamers sign up in droves on a monthly basis, cybercriminals experience no shortage of potential victims, especially with the rise of multiplayer online games.<\/p>\n<p>Forewarned is forearmed. With that in mind, we\u2019ve decided to make a list of the most widespread Steam scams and share it with you, so that you would not fall for such tricks.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Security<\/a> tips for <a href=\"https:\/\/twitter.com\/hashtag\/gamers?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#gamers<\/a>: <a href=\"https:\/\/t.co\/tBfI5TrvU5\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/tBfI5TrvU5<\/a> via <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#phishing<\/a> <a href=\"http:\/\/t.co\/wg79zP3jl1\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/wg79zP3jl1<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/553217134361604096?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 8, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>1. <a href=\"https:\/\/www.kaspersky.com.au\/blog\/how-to-avoid-phishing\/6145\/\" target=\"_blank\" rel=\"noopener noreferrer\">Phishing<\/a> is just as efficient on Steam as it is on social networks and the greater Internet. Fraudsters often analyze victims profile to tilt the odds into their favor or to clone the accounts of their friends. <\/p>\n<p>The criminals will then send a private message where they ask for \u201chelp,\u201d offer access to an \u201camazing game guide,\u201d exchange some items or something else. Regardless of the text, the sole purpose of the contact is to make the user click the fake link in the message. It leads to a malicious site, which looks similar to Steam and requires victim\u2019s login information. When the deceived users authenticate on this site, they risk losing their Steam accounts forever.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Beware of live <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#phishing<\/a> domain <a href=\"https:\/\/t.co\/BV9KfUKQgS\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/BV9KfUKQgS<\/a> targeting Chinese users of Steam Community <a href=\"https:\/\/twitter.com\/Steam_Support?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Steam_Support<\/a> <a href=\"https:\/\/t.co\/3aL1Som8Wp\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/3aL1Som8Wp<\/a><\/p>\n<p>\u2014 elceef (@elceef) <a href=\"https:\/\/twitter.com\/elceef\/status\/685439105531023360?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 8, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>To prevent this kind of scum Valve has invented the Steam Guard \u2013 and we highly recommend you to turn it on and use the Steam variant of two-factor authentication: either via a mobile app (which is preferred) or via email. You should always check if you are on the real site each time when you enter your login and password. If you see a misprint in the site\u2019s URL, a spacebar or some other excessive symbol, then you can be sure: this is a fake. Don\u2019t do anything with fakes.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">What is two-factor authentication and where should you enable it? <a href=\"http:\/\/t.co\/WSvDc9oSvb\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/WSvDc9oSvb<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/passwords?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#passwords<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/privacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#privacy<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/476019700636614656?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 9, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>2. If the criminals fail to draw in victims via the social engineering, they will look to draw in easy prey from outside of Steam. To do that, the fraudsters write articles and publish videos on YouTube that \u201creveal\u201d how to get something for free: gain extra experience, copy an item, find \u201csecret\u201d cheat codes, etc.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">There are 3 pillars to basic gaming security and they can also apply to general PC security: <a href=\"https:\/\/t.co\/tBfI5TrvU5\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/tBfI5TrvU5<\/a> <a href=\"http:\/\/t.co\/Xx4fKKb0FA\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Xx4fKKb0FA<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/553918059984216064?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 10, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Tips given in fraudsters\u2019 content are mostly copied and pasted from other web resources. But throughout the text or the video fraudsters obtrusively offer to download some software or an extension that will boost victim\u2019s game character to the unbelievable levels. If a deceived user downloads the malware the most interesting part begins: nobody knows what\u2019s exactly is inside. One can lose his\/her Steam account or become a victim of some <a href=\"https:\/\/www.kaspersky.com.au\/blog\/ransomware-10-tips\/10673\/\" target=\"_blank\" rel=\"noopener noreferrer\">powerful ransomware<\/a>. The best way to protect yourself from such threats is to install a <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;thru&amp;reseller=gl_kdpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;_ga=1.123611330.838268831.1450706896\" target=\"_blank\" rel=\"noopener nofollow\">reliable security solution<\/a>. You should also be very attentive and check twice before opening links and downloading files on the Internet.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">More reason to backup your data: the <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a>, Teslacrypt, is still targeting gamers \u2013 <a href=\"http:\/\/t.co\/lKsBp44iMy\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/lKsBp44iMy<\/a> <a href=\"http:\/\/t.co\/Kgm0NRitGD\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Kgm0NRitGD<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/590499033837400064?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>3. Sometimes people pay for the items not on Steam, but via PayPal, WebMoney or other e-currency services instead. For the Steam system such bargains look like pure heart gifts, as the website does not monitor your wallets all over the world. <\/p>\n<p>So, you can get real money for your items, but sometimes fraudsters pay for the purchase and then write a tearful letter to the support team of their e-currency service where they ask to freeze the transaction and bring money back. To prove their story they can even send a fabricated Skype screenshot, in which the victim looks like a fraudster.<\/p>\n<p>If the support representatives believe the story (and it\u2019s quite possible that they will, as the real victim is unaware of what\u2019s going on and remains silent), then the users are left without both the money and items, given away as a \u201cgift.\u201d And there is no way to return it. That\u2019s why you should not make bargains outside the Steam trade window.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">If anyone gets asked to trade by <a href=\"https:\/\/twitter.com\/PompaRon?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@PompaRon<\/a> don't do it. Says he will pay you with steam credit but he is just trying to scam you.<\/p>\n<p>\u2014 AALtv_ (@AALtv_) <a href=\"https:\/\/twitter.com\/AALtv_\/status\/688845843097501696?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 17, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>4. Sometimes people try to befriend you or say that they are your old friends \u2013 that\u2019s just you know, a second account they are using right now. In the end they ask to \u201ctry on those cool items\u201d on the pledge of, \u201cI\u2019ll give it back, cross my heart and hope to die!\u201d<\/p>\n<p>Of course, you should not believe them. Even while there is a small chance they can actually be your friends. If you suspect that you really know this John or Jane, check them: call them or write a Skype or Viber message. Just remember: if you give an item to a fraudster, it\u2019s never going back.<\/p>\n<p>https:\/\/twitter.com\/ms_shadowfax\/status\/690810392805670916<\/p>\n<p>5. Fraudsters don\u2019t limit themselves with the roles of \u201cfriends.\u201d Sometimes they present themselves as Steam employees and try to pull a fast one: accuse users of a fraud and force them to give some of their game items for a \u201cscan\u201d and a \u201ccheck.\u201d<\/p>\n<p>Of course, they don\u2019t work at Valve Corporation. No Steam employee will ever ask a user to share items with anybody else. So you can freely report these scammers.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>How scammers deceive gamers in #Steam #games #security<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F3sEZ&amp;text=How+scammers+deceive+gamers+in+%23Steam+%23games+%23security\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>6. Fraudsters can ask you to send them an email letter with the confirmation link or the link itself. Don\u2019t ever do this, no matter how they explain it! As when they have the link, they can finish the bargain without your real approval. You certainly won\u2019t like the results.<\/p>\n<p>7. In the majority of scams fraudsters will try to hurry or rush you. This is no accident: for example, they can offer you an item, which looks like a valuable one, but in reality it\u2019s not. Moreover, the less attentive the victims are, the bigger are the chances that they will fall for this or that fraudsters trick.<\/p>\n<p>So never yield to pressure and check twice and thrice what you are trading for what before you confirm the bargain.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/mikebauer74?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@mikebauer74<\/a> (2\/2) If you were scammed, you may report this scam to Steam Support so that action may be taken against the scammer.<\/p>\n<p>\u2014 Steam Support (@Steam_Support) <a href=\"https:\/\/twitter.com\/Steam_Support\/status\/344956633597751296?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 12, 2013<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Remember: according to Steam policy, you cannot return the items that were given away due to scam. All you can do is report a fraudster to the Steam support service.<\/p>\n<p>For this you need:<\/p>\n<ul>\n<li>open the fraudster\u2019s account;<\/li>\n<li>click the <b>More<\/b> drop-down button in the upper right corner of the page;<\/li>\n<li>choose <b>Report Violation<\/b>;<\/li>\n<li>select the violation (for example, <b>Attempted Trade Scam<\/b>);<\/li>\n<li>click the <b>Submit Report<\/b> button.<\/li>\n<\/ul>\n<p>Don\u2019t hesitate to do it: if nobody teaches those bastards a lesson, they will continue their money grab activities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why Steam users often fall victims to scams and frauds and how to avoid it. <\/p>\n","protected":false},"author":522,"featured_media":11318,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[93,1161,1069,647,363,192,97,164],"class_list":{"0":"post-11317","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-cybercriminals","9":"tag-finance","10":"tag-fraudsters","11":"tag-gamers","12":"tag-personal-data","13":"tag-protection","14":"tag-security-2","15":"tag-steam"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/steam-scam\/11317\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/steam-scam\/6706\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/steam-scam\/6774\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/steam-scam\/6695\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/steam-scam\/7745\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/steam-scam\/7505\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/steam-scam\/10879\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/steam-scam\/11317\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/steam-scam\/5993\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/steam-scam\/7020\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/steam-scam\/10431\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/steam-scam\/10879\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/steam-scam\/11317\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/cybercriminals\/","name":"cybercriminals"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/11317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=11317"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/11317\/revisions"}],"predecessor-version":[{"id":26823,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/11317\/revisions\/26823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/11318"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=11317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=11317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=11317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}