[German]Brief warning for users of the Steam platform. A reader has alerted me about a campaign causing a wave of scams that is currently running and operates with fake accounts. Inquiries from supposed friends offer participation in a sweepstakes. If you fall for this, you will probably end up on a page where Steam login data is requested and then stolen by cybercriminals.
Advertising
German blog reader Franz S. emailed me the other day to describe this case and the scam on the Steam platform (thanks for that). Franz wrote under the subject Steam Fake Accounts and Scam Methods that this might be a topic for the blog, because there is currently a wave of fraud attempts (scam) with and via Steam. The scammers are using several stages, which were outlined to me by the reader in the following steps.
- The user [meaning a user of the Steam platform] was found by the scammers through market activity or open inventory.
- There is a fake account of the scammers with huge game hours + Achievments in various games (especially csgo), see above screenshot.
- This fake account sends a friend request to a Steam user, see the following screenshot. It is obvious that players like to accept such great "friend requests".
Thus prepared, the scam can be attempted in due course. After a few days, weeks or months, there is a direct message from such a contact from the "friends list", asking whether one would like to participate in a raffle. In Franz's case, the message said that a "buddy was participating in a raffle, and the participant who had the most votes would get the prize." This is something like a chain letter for a third party.
Franz wrote me that no link to the relevant page (of the sweepstakes) was provided in the message. Those behind the scam are sure that players will find the specified sweepstakes themselves by searching Google. If the player then goes to the relevant sweepstakes page, he will be asked for his Steam access on this page for authorization.
Advertising
Dazu teilte mir Franz seine Erfahrung mit und schrieb "Ich hatte die Seite gefunden, aber den Vorgang aufgrund von Faulheit abgebrochen. Der Fake Account wusste ohne mein zutun davon und wurde dann wütend." Es ging also ausschließlich darum, die Steam-Zugangsdaten abzugreifen, um Missbrauch zu treiben, schätze ich mal.
Franz shared his experience with me and wrote "I found the page, but cancelled the process due to laziness. The fake account knew about it without my doing and then got angry." So it was solely about grabbing Steam credentials to abuse, I guess.
Franz writes that he currently gets more such friend requests, but they always come from other profiles. Funnily enough, the fake accounts have several hundreds of hours logged in Dota, but do not show a single Achievment. Such fake accounts has even been bought cosmetic items for the fake profile, Franz has observed.
Advertising
