{"id":18555,"date":"2022-03-21T14:10:06","date_gmt":"2022-03-21T22:10:06","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/03\/21\/news-12288\/"},"modified":"2022-03-21T14:10:06","modified_gmt":"2022-03-21T22:10:06","slug":"news-12288","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/03\/21\/news-12288\/","title":{"rendered":"Fake Esports voting sites looking to phish Steam users"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 21 Mar 2022 21:41:07 +0000<\/strong><\/p>\n

We\u2019ve seen Esports occasionally become the focus of gaming or Steam scams. One particular tactic of note was to claim joining an official league is an easy process. Links to third-party hosted files would offer up a supposedly cracked ESEA Esports league client. In reality, it was a data stealing Trojan<\/a>.<\/p>\n

One current twist on Esports where Steam scams are concerned is the \u201cvote for my team\u201d fakeout. <\/p>\n

Crying foul on bogus voting<\/h2>\n

This trick has been around for a while now, but shows no signs of going away. As some have noticed, it is indeed \u201cflaring up again<\/a>\u201d. The scam routinely separates unwary gamers from their logins. It\u2019s also used to spam people from compromised accounts. On top of all that, the social pressure of \u201cPlease help me out\u201d is often too good to let go.<\/p>\n

An additional headache here is that people change usernames on Steam all the time. As a result, some people assume the message sender is actually a friend<\/a> and not a stranger. This makes it even more likely they\u2019ll feel obliged to assist.<\/p>\n

People want to be helpful, and this slice of social engineering takes full advantage of this.<\/p>\n

How does it work?<\/h2>\n

A Steam user receives an unsolicited message from a stranger. It may be sent via Steam\u2019s own messenger service, or it could be in a Steam-themed Discord channel. The scammer presents the \u201coffer\u201d as a way to help a fellow Steam enthusiast out, or tie it to fictional rewards if the message recipient takes part. The message may also be sent in a different language<\/a>. Some scammers simply won\u2019t care about this, on the basis they can just send it to a seemingly never-ending pool of other recipients.<\/p>\n

After some small talk<\/a>, the scammer will ask the message recipient if they want to join their Esports team. More likely, they\u2019ll ask them to vote for their team in an upcoming competition, or do some form of nomination to take part.<\/p>\n

Clicking into the site and hitting the specified team vote button will typically open up a phishing page or window. If the intended victim uses some form of account protection such as Steam Guard, they\u2019ll be asked to switch it off. Once this is all done and dusted, the account is officially phished and at the mercy of the phisher(s).<\/p>\n

What’s the impact from being phished in this manner?<\/h2>\n

We\u2019ve touched on a few of the impacts, but they include:<\/p>\n