STEAM GROUP
S.F.O. SFORPG
STEAM GROUP
S.F.O. SFORPG
2
IN-GAME
10
ONLINE
Founded
24 June, 2017
Another Phisher offensive.
Although the methode is nothing new, it's is a new campaign. Several known sites involved.
Format, used as a profile comment :
{link removed} - case, key and/or promocode offer - (site adress . com)

Apparently many are silly enough to ignore the warning from the Linkfilter
{Link removed}
and still copy/paste the adress from within brackets. Victims do not seem to notice their accounts get hijacked to spread the message via their friendslists.

So gear up for the big wave when they finally notice......
Last edited by Bumbefly (we/All); 20 Jan, 2018 @ 2:33am
< >
Showing 1-11 of 11 comments
So I just came across a weird realization. Apparently the phrase "of CSGO one" gets filtered into hearts. (e.g. http://gtm.steamproxy.vip/discussions/forum/10/1693785669857338580/#c1693785669857389694 "if you get bored of CSGO one day").

A quick google search suggests it may be due to the existence (or prior existence?) of a site called CSGO.one, which was implicated in a match-fixing scandal.
Last edited by Quint the Alligator Snapper; 26 Jan, 2018 @ 7:32pm
Originally posted by Quint the Pondering Ghost:
So I just came across a weird realization. Apparently the phrase "of CSGO one" gets filtered into hearts. (e.g. http://gtm.steamproxy.vip/discussions/forum/10/1693785669857338580/#c1693785669857389694 "if you get bored of CSGO one day").

A quick google search suggests it may be due to the existence (or prior existence?) of a site called CSGO.one, which was implicated in a match-fixing scandal.
Turned into CSGOGEM and CSMoney. Either way those posts are going to be summarily locked from now on.
Bumbefly (we/All) 24 Mar, 2018 @ 12:28am 
3rd month of this spam campaign. Although the spamming has come to a halt, the victim accounts keep popping up :
http://gtm.steamproxy.vip/groups/SteamClientBeta/discussions/1/1698294337769779438/#c1698294337775369173
I recently came across a post asking if bit skins was legit. The user was part of the OPKims trade group as their main group.
Recently got a friend request from https://gtm.steamproxy.vip/profiles/76561198027175440 .

Considering that its most recently played game was last played in 2014, this looks like an old account that was dug up and hijacked.
Bumbefly (we/All) 15 Jul, 2018 @ 11:42am 
Obviously.
Did you run the site through VirusTotal? Comes up clean there but since it's likely to be a scamming and/or phishing site no malware would be expected. Still, won't hurt (the honoust Ppl & sites).

Notes from ScamAdvisor :
High Number Of Suspicous Websites On This Server (check the server tab)
This registrar is used by a high % of spammers and fraud sites
This website may be related to a number of high risk sites
This website is 1 Days old
The website expected life (365 days) is relatively short.
This website setup involves countries known to be high risk
Last edited by Bumbefly (we/All); 15 Jul, 2018 @ 11:44am
I went ahead and reported that profile, as well as another one, which came up in a Google search. Aside from "playing" (for 0.3 hours) Dota 2 in 2017, the pattern seems similar -- long-unused account.

https://gtm.steamproxy.vip/profiles/76561198082781270
Last edited by Quint the Alligator Snapper; 15 Jul, 2018 @ 11:45am
Bumbefly (we/All) 15 Jul, 2018 @ 12:29pm 
Yeah... {link removed out of piety to the legit owner of the account} a 14 year old account, is just one more of 1800+ search results on the Steam Community. Many stolen or ortherwise hijacked accounts, probably a lot of newly created accounts as well.
This definitively qualifies as a fullblown "offensive".
Last edited by Bumbefly (we/All); 15 Jul, 2018 @ 12:30pm
Bumbefly (we/All) 15 Jul, 2018 @ 12:52pm 
"FREE 10-20 $ FOR CASES" is another profile nickname (also many hundreds) to lure Ppl in. In previous offensive this cartel used a dot win adress in stead of dot top they use now.
TTMXMP 15 Jul, 2018 @ 1:41pm 
Does anybody know if there is some public info on how many accounts on Steam get hijacked and used for scams each year?
- MrTT :cure:
Bumbefly (we/All) 15 Jul, 2018 @ 2:15pm 
I don't know current amounts.
These 1800+ is just 1 cartel and that with only the single most obvious search, the sites name. They undoubtly have a portion of their accounts stached to start anew after all the acc's they use in current offensive have been closed (new acc's) or placed under restrictions for the legit owners to reclaim them.
< >
Showing 1-11 of 11 comments
Per page: 1530 50