PSA: There's an active phishing scheme going on right now with CS GO team voting.

I've been messaged in the past days with rather inactive - or even offline (invisible online) friends - asking them to vote for their CS GO team. The phishers send you a link to a website where they ask the password & steam account. DO NOT give them the information, it's a phishing website, you will lose your Steam account.

From my side, it's pretty funny to see people who never played CS GO in their life, asking to vote for their CS GO teams. I assume this is the new "method" because it's starting to spread and it's getting rather worrying. Two of our Org members have already "messaged" me about this, it's clearly not them, but still.

Do not vote and DO NOT introduce your Steam account & password anywhere other than the Steam website. Stay safe.

:bow:

So I fell for this because I trust far too much lol. You dont lose your account (or at least I didnt) but they do send messages to all your contacts. I changed my password, de-authorized all other devices and that seems to be the end of it. I scanned for malware and keyloggers and found none so far.

In general it's good practice to not use any logins through a third-party source, unless you explicitly trust the source(linking Discord-Steam, etc.) I'd be wary of logging in to any website via a link in general, there's all kinds of ways to make a delegitimate site have the appearance of a legitimate one. So just be wary of that in general in my opinion. Like Edyz said just don't sign in through anything other than Steam itself and that holds true for most apps/websites imo.

Steam has a mobile authentication you can use with the Steam mobile app, which is two-factor authentication where when you sign-in, you have to also input a randomly generated series of characters that you access through the mobile app, and input into whatever device you're signing in on. So you can't sign in to steam without access to your mobile.

Thanks for the heads up Edyz:bow:

See I should have realized that since I've gone through cyber security training for work and whatnot. If it had come through email I am fairly certain I would not have clicked it. But for some reason since it was just Steam I felt less on my guard. At least there doesnt seem to be any significant damage done, besides loss of pride that is lol.

Yeah, I can understand why you wouldn't be on guard with something like that coming through steam. I don't know what kind of damage can be done through steam tbh, so I don't really know the value of such a scheme.

I did some digging and it seems like this has been around for a while actually and it appears to just be a username harvesting scheme.

Glad it helped, keep your accounts safe fellas. :bow: