Remove Ads

Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 2
» Latest member: MalloryTes
» Forum threads: 15
» Forum posts: 15

Full Statistics

Online Users
There are currently 0 online users.
» 0 Member(s) | 0 Guest(s)

Latest Threads
Posting on social media
Forum: Tips
Last Post: Veysel
04-25-2022, 02:44 AM
» Replies: 0
» Views: 36
Account recovery/Security...
Forum: Tips
Last Post: Veysel
04-04-2022, 08:12 AM
» Replies: 0
» Views: 23
2FA, Steamguard and backu...
Forum: Tips
Last Post: Veysel
02-19-2022, 04:44 AM
» Replies: 0
» Views: 21
Phishing - a common way o...
Forum: Tips
Last Post: Veysel
12-15-2021, 08:26 AM
» Replies: 0
» Views: 36
Doxxing yourself / Reveal...
Forum: Tips
Last Post: Veysel
12-14-2021, 06:56 AM
» Replies: 0
» Views: 38
Passwords and how to prot...
Forum: Tips
Last Post: Veysel
12-14-2021, 05:02 AM
» Replies: 0
» Views: 32
Greed can play a big part...
Forum: Tips
Last Post: Veysel
12-07-2021, 02:12 AM
» Replies: 0
» Views: 96
Links being dressed up to...
Forum: Tips
Last Post: Veysel
12-06-2021, 09:22 AM
» Replies: 0
» Views: 36
List of confirmed scams a...
Forum: Tips
Last Post: Veysel
12-06-2021, 09:08 AM
» Replies: 0
» Views: 78
Discord and Steam Scams
Forum: Tips
Last Post: Veysel
12-06-2021, 08:28 AM
» Replies: 0
» Views: 40

 
  Posting on social media
Posted by: Veysel - 04-25-2022, 02:44 AM - Forum: Tips - No Replies

Social media has become such an important part in some people's lives, to the point where they post everything on their social account. Specifically, "I'm going on vacation for 5 weeks!", a child posting "I have the house all to myself", "I won the lottery!", etc.  Posting things like you'll be on vacation, or you're home alone, or "I won the lottery" is an invitation that your stuff is available for the taking. I'm sure some people are thinking 'I can post whatever I want, I'm not inviting people to commit a crime!' You're right, but that's not how these people think.  When they see that you're on vacation, lets say with your family, they know that your house will always be empty, thus, they can break in 10 minutes after you leave and you won't know until you come back. By that point, your shit is gone and the case is cold.

While you can set your profile to private and only have family/close friends, do you really trust every single person on your friends list? Do you know them all? Here is where the lottery aspect comes in. Say you win the lottery and you post it on FaceBook.  If your profile is public, everyone can see this and come out of the woodwork to try and get a piece of that pie. Even if your profile is private, the same thing can happen with family/friends. Why? Because people are vultures when money is involved.  If you win the lottery, there will be cousins coming to you that you never heard of.

This isn't about telling you what you can and can't post, it's about being smart and protecting yourself and your property. I'm guilty of doing it previously. When I was a teen, my mom left for a week and I was blabbing on social media about having the house to myself. If the wrong person saw that and knew me, I could have been in for a bad time.  Social media is not important, you don't need to post and share every little detail about your life. Be smart, think before hand if this is something that needs to be shared with others.

Print this item

  Account recovery/Security questions
Posted by: Veysel - 04-04-2022, 08:12 AM - Forum: Tips - No Replies

Recovery/Security questions are used by some sites as a way to verify your identity if you need to request a password reset or change your password. Some sites have a couple premade questions for you to choose from and pick which you want to use. Once you've selected the question, you'll put in the answer.  On the other hand, some sites will have you make up your own questions.  These questions are almost always personal ones.  Some of them kinda-not-really aren't that bad, like what is the name of your elementary school? For me, in terms of privacy, these questions are still invasive and leave the door open for someone to compromise your account.

With the premade questions, the mindset of the website owner is 'only you know the answer to the question'. However, that is not always the case. For example, if my sister made up her own recovery question of "what is the birthdate of my daughter?", family and friends know the answer. Strangers can figure it out if they are crafty enough and care. Ideally, these questions should be things that only you can answer. If it was up to me, these questions would never be used, but some sites force it. If you do have to put in questions, here is some tailored advice:

If the website forces premade questions: Choose one, and make up a random answer. IE, if the question is "what is the name of your elementary school?" then the answer would be Pie.  If the question is "what is the name of your childhood pet", answer is bubbles.  You get the gist of it, random answers that can't be guessed.

IMPORTANT: It is absolutely important that you write down the answer to these questions somewhere so you always have it. If you lose the answers, some sites will not help you! Remember to not leave these answers laying around for anyone to easily find.

If the website lets you make your own questions: The important message above also applies here as well!  If you can make up your own questions, this gives you more leeway and lets you put in real answers. IE "What is on my desk at all times?" Answer: mouse.  Again, it is not recommended to use personal things as questions unless you are 100% sure no one else knows the answer.

As a final note, please remember to not make your question and/or answers obvious. For example, "what is the tattoo on my right hand?" Everyone can see your hand, everyone knows what it is.

Print this item

  2FA, Steamguard and backup codes
Posted by: Veysel - 02-19-2022, 04:44 AM - Forum: Tips - No Replies

2 factor authentication, also known as 2FA, and backup codes. What are they?

2 factor authentication is an extra security step meant to help protect your account.  Most gaming platforms have it, as do certain big websites.  How 2 factor auth works varies between what platform or site you're using. In some cases, aside from logging in via username and password, you need to enter a verification code that was sent to your phone. In other cases, you need to click a link that was sent to your email.  2FA has been proven to significantly help protect your account and is recommended.  However, if you use 2FA, you need to be on top of everything relating to the 2FA method you chose.

For example, if you chose text message 2FA, you need to remember to change the phone number in your account. Otherwise, when you try logging in, that 2FA code will go to your old number, which either no longer exists or a stranger who has your old number. Same thing applies to emails (minus someone else getting it).  If any of your 2FA methods change, you need to change them on the platform you use it.

2FA can also be in the form of authentication apps like Authy (Trusted app), where upon logging in, you need to enter a code that is shown on the app. Personally, this method is the best and is very simple.

For those of us Steam users, SteamGuard is essentially 2FA.  With Steam, you have 2 options of SteamGuard protection. Either you use the SteamGuard authentication app, or the send an email to you to verify with. I used the Steam authentication app previously and do not recommend it.  If you get locked out or  even signed out of your Steam account on mobile, it can lead to bullshit where you have to try and get the SteamGuard auth code, while at the same time trying to log back into Steam on your phone.  It's a huge hassle and not worth it. If you use SteamGuard (which I do recommend), get your code sent via email.

The overly popular, yet growing garbage Discord app offers backup codes.  These codes are one time use and will allow you to do essential Discord functions (like delete a server) and recover the account. The only "problem" (I use that term very loosely) is that Discord backup codes require you, the user, to either write down and save the codes, or download and store them on you PC. This is a problem because people either don't save them, or they do, but lose the codes. If you choose to use backup codes, you have to save them somewhere!!

Print this item

  Phishing - a common way of receiving personal information
Posted by: Veysel - 12-15-2021, 08:26 AM - Forum: Tips - No Replies

Phishing has been around for decades, it's one of the common methods used by scammers - and it works.  How it generally works is that scammers will create a fake page from a website where you enter credentials - usually log in information.  I will use my own experience as an example.  When I first started using Steam, I was naive.  I didn't know there were scammers that would try to take your shit.  So, when I got a friend request and added the "person" (a bot), they immediately sent me a link saying "free CSGO knife!"

After clicking the link, it took me to what looked like a legitimate Steam log in page.  I entered my info, logged in, and immediately lost all my stuff.  The page I was sent to was a fake Steam page.  Once I entered my login info, the scammers had it and took everything.  Knowing if a log in page is legitimate or not is mostly easy, however, there's so many websites out there and some can be set up in a unique way.

One way is to check the address bar for a lock (this may vary per browser).  The lock verifies the site is secure.

Here is a screenshot: [Image: c881aa36a422f83f67ddd381077a5f11.png]

Another way is simply looking at the URL.  As I covered in another topic, scammers love to buy URLs that are similar to a legitimate site, such as stearncommunity (steamcommunity).  If a url has even a small misspelling, you're on the wrong site.

If you ever get linked to a website that asks you to log in, please take the time to review the URL, verify from the person who sent you the link, and, if you feel unsure at all, go with your gut and don't click it.

Print this item

  Doxxing yourself / Revealing too much personal info online can hurt you
Posted by: Veysel - 12-14-2021, 06:56 AM - Forum: Tips - No Replies

Another aspect I wanted to cover is personal information. Every day people reveal personal info online, whether it be small and insignificant or something overly revealing and now people online know who you are in real life.  What you reveal online abut yourself can harm you depending on what it is.  For example, if you use a weak password such as the name of your child and birth year, then you tell people online the name and birth year of your child, they now have the ability to log into your account.  In the passwords topic, I covered that using complex passwords is how you prevent this. 

However, complex passwords cannot save you from being doxxed.  Depending on your name, you could be very easily searched up.  What do I mean?  If your name is Jim Smith, you're pretty much golden.  Smith is such a common name that you'll get thousands of results.  If your name is unique, such as Aminha, Dionne, Jacinta, etc, you're more likely to be easily searched.  Another prime example of this is that I tried searching for an ex on FB that I haven't seen in over a decade.  (What? We're all curious about how our exes look years later)  She had a common last name, and as a result, I couldn't find her.

Another aspect to the social media doxxing is oversharing. When I was a kid I used to brag whenever I had the house to myself for a night. That is a huge no-no! If someone is looking to commit a crime, I have told them that a child will be home by themselves. This can also apply to going on vacations. We all want to share exciting things, "we're going on our anniversary to Mexico!" That's awesome, but that could also indicate your house will be unoccupied and huge 'X' marks the spot. When sharing posts, be mindful about what you share. It's very easy to share posts from local places you enjoy, but those are also giant signs that say "I live in this area."

For those familiar with Twitch, you most likely know of examples where a Twitch streamer doxxed themselves. For those that don't know, an example of this is a streamer showing their address live to hundreds, if not thousands of people.  Or a streamer showing personal paperwork that has their name or other sensitive information.  For me, I'm overly protective and paranoid about my privacy.  I'll reveal some personal things, like my tattoos, but I will never reveal anything personal, not even my first name.  I'm that protective and paranoid.

I'm not saying everyone should be like this, but you do need to be more cautious and aware of the things you say regarding yourself and your life.

Finally, posting your picture. This is arguably the best ways to dox yourself, because there is only one of your face in the world. Especially in today's modern world, you can easily reverse search a pic and find a gold mine. Ideally, don't post your pic online. Realistically, I know this is impossible. If you are insistent on sharing your pic, at least keep your lips sealed about any personal information. and for fucks sake censor any background that could be used as a personal identifier.

Print this item

  Passwords and how to protect them
Posted by: Veysel - 12-14-2021, 05:02 AM - Forum: Tips - No Replies

Passwords are the most important aspect of your account.  They are half of what determines if you log in or not (with the other half being your login name).  A good majority of the world uses weak, easy to guess passwords.  Things like password, password 123, parts of their name, their birthdate, etc - anything easy to remember.  The reason people choose easy passwords is, well, to remember them.  It sucks when you use a more complex password but can't remember what it is. However, using a complex password is what can save you in the long run.

In an effort to have easy to remember passwords, everyone will use the same password or same style password. Here's a couple common ones:

  • password
  • password123
  • bsmith
  • smith1989
  • sally1996 (child's name and birth year)
  • spike2000 (pet name and year you got him)
Those are just a few examples.  In regards to "b smith", people often use real names as passwords, such as their own name. In other cases, they use their children's name and birth year (or their own if they don't have kids).  Using personal things as a password is not a bad thing by itself.  The issue comes from either people who know you, or what you disclose online. For example, lets say someone you know personally has decided to try and gain access to your accounts.  If your password is your name and birth year, it's going to be a very easy guess for that person because they know your info.

The second part of that is people will reveal personal info online to others.  Every day people reveal something personal online and they are fine.  It only becomes an issue when someone wants to do harm to you.  I will have a separate topic covering this. The solution to the problem of personal info online, and what prevents said problem in the first place, is having a complex password.

"But..I can't remember complex passwords." I know, I can't either. That is why I have a safe place where I've stored all my passwords - all of them, for every site. There are a few ways you can save your passwords:
  • Password manager
  • Writing them down on a piece of paper
  • Storing them in a text document on your computer.

With password managers, there are legitimate, safe ones out there, but you have to make sure the one you want to use is legitimate. I know some people are questioning storing them in a text document. "What if your computer gets hacked by a virus?" Contrary to what some may think, your computer is safe. The virus and hacks are a result of human error, such as downloading something you shouldn't. Always be careful about what you download.

I know, it's stupid and you shouldn't have to go to such lengths to protect yourself, but you do. This is the world we live in now. Complex passwords are safe and cannot be guessed. The only way they could get into your account would be, again, if you downloaded maleware or your email address was compromised.

Next, you're probably wondering what a complex password is. For starters, complex passwords are longer. They aren't a simple 4 digit or a digit password. 8 is the sweet spot, in my opinion. Most of my passwords are at a minimum 8 characters or more. Everyone is different, but for me, all my passwords are made up on the spot. They can be lowercase, capital letters, numbers, punctuation...anything I can think of that is random. As a failsafe, I will jog down the password in a safe spot before even putting it into the website so I know what it is and won't lose it.

There are password generators that will make a password for you and offers variety in terms of how you want the password to come out. With password generating sites, it's a use at your own risk type deal. There's no way to confirm 100% that these generated passwords are not stored and can be viewed by the staff here. I can recommend this site, which also includes helpful tips for your passwords.

https://passwordsgenerator.net/

As an example, here is a password I generated from that site: *mLd{mZQ?en2TY83

Personally, I'd never use [ ] { or } in passwords, just because I'm a bit paranoid about it not working in the future. 😂 Other than that, the password is perfect and not something you'd guess.

Remember, the stronger your password is, the more secure your account will be.

Print this item

  Greed can play a big part into scams
Posted by: Veysel - 12-07-2021, 02:12 AM - Forum: Tips - No Replies

When we see something that is being offered for free, we jump on it without a second thought. We all want things for free and want to avoid paying.  Problem is, scammers also know this.  They make scams that offer things for free like Nitro, or free in game items, free gift cards, etc.  The reality is, nothing is free in life, but when something free is offered, we forget logic and think "FUCK YES! FREE THINGS!   I'm guilty of this.  When I played CS:GO, I got scammed due to my greed.  I wanted a free in game item and clicked a link I shouldn't, lost all my stuff.

Scammers primarily rely on our greed, inattentiveness and/or stupidity.  If we can be smarter and think something through, we can help ourselves to not be scammed. The next time you get offered something "free", ask yourself what the catch is. Or, better yet, ignore anything free online unless you are 100% positive it's legitimate, because most of the time, it will be a scam.

Print this item

  Links being dressed up to look official and link masking
Posted by: Veysel - 12-06-2021, 09:22 AM - Forum: Tips - No Replies

A common thing we're seeing with scams now is that scammers will try and make their links look official/real.  Usually they do this by creating a URL that is mostly spelled right, but has a couple letters twisted around.

An example of this would be Steam. Instead of the legitimate steamcommunity.com url, it'd be steamcomunity.com or stearmcommunity.com or any other variation.

As the days pass, the scammers keep making different variations of these links, but all of them still have the same goal: trick people into thinking they look real. Unsurprisingly, it works!  Why? There are several reasons:

  • People are too trusting or don't know any better.  I think for some people, they have never experienced an online scam before. Up until this point, every link they have clicked has been legitimate, thus it lulls them into this sense of security. In other cases, people are brand new to the online world and have no idea scams exist.  They click things willy nilly and don't think twice.
  • Skimming links. This is something we are all guilty of. We quickly read a link and then click it.  This is what scammers primarily rely on.  You see "discorc" and your mind tricks you into thinking it's "discord", so you click it. 
In regards to bullet 1, it's very important that you understand the internet is not a 100% safe place.  People on here can and will scam you without a second thought. You need to be on guard and be careful about who you talk to and what you do.  If you've spent all your time in a small portion of the internet and never ventured out, you're going to be naive and think that every site and every community matches that of the internet you've gone to nonstop for a while.  That's simply not the case.

Bullet 2, again, this is something we all do, but it's dangerous.  I cannot stress enough that you take the time to read the URL before clicking it.

--------

The second part of this is link masking/clickable text. We've all seen Click here style links where the url is hidden.  Scammers are starting to use this method for their links due to one very simple fact that I touched upon in bullet point 1.  Most people don't know you can hover your mouse cursor over clickable text and see the URL.  It truly is a weird thing to be telling people "don't willy nilly click "click here" links", that honestly shouldn't even be a concern, but scammers are ruthless cucks.

If you ever see a masked link/clickable text, hover over the text and see where the URL goes to.

Print this item

  List of confirmed scams and malicious files/viruses
Posted by: Veysel - 12-06-2021, 09:08 AM - Forum: Tips - No Replies

I will only be listing scams for Discord or Steam, as these are the main ones I experience daily and have knowledge on. Please note that all of these will result in your account becoming compromised and/or losing access to your account., as well as files/downloads that are malicious and/or a virus.  I'm debating including malicious links here as well.

Scams

* Any type of free Nitro messages/links.  Free Nitro is not a thing!! There might be some legitimate Nitro giveaways, but they will NEVER be DM'ed to you or posted randomly in a server. Every free Nitro message you receive or see posted is a scam!

* "I have accidentally reported your Steam account." While this mainly impacts Steam, it usually originates from a Discord DM.  How this works is that you will receive a DM from someone stating they "accidentally" reported your Steam account.  I cannot confirm how the conversation goes down or how this scam works, but I can confirm it is indeed bullshit. Here's a video on the topic -

* "This message cannot be displayed. Update to latest version required. Install here: [link]." This one is obvious, and I wish I could say other people will find it obviously bullshit. Sadly, this is not the case. There is no "message that cannot be displayed", that literally is their message in an attempt to trick you into clicking their link.

* "Download this game I'm testing."  You will receive a DM from someone saying they made a game and asking you to test it.  There's a video from a Youtuber going in depth about this that I'll link, but the TLDR version is do not download anything from people you don't fully trust!! Especially if they randomly say "Hey I started making a game!"  The one thing I will mention regarding this, I read a message from someone saying that the scammer - using a compromised account - impersonated the person's friend and had a general conversation with him that lead to "I started making a game, want to test it?"

Here is a video explaining this -

* Loading image - your picture.  You will be told that someone is using your real life pic (they will say your pic was leaked) and/or name and that this person using your info is saying racial slurs. They will attach a fake picture that says the image is unable to load and include a link that says "view image". When you open the link to view it, your session token will be stolen.

* Loading image - picture failed to load. Similar to the above, the account will post an image that won't load, and you'll be expected to view the image in a browser. When you open the link to view it, your session token will be stolen.

* Xbox game pass scam - You'll get a DM from someone asking if you have a game pass, saying they want to play with their friend. While the scammer might be real (not a bot), it is still a scam.


Confirmed viruses

Umbrellajump.exe (Link to where I discuss this - here)

Last updated: 4/12/2022

Print this item

  Discord and Steam Scams
Posted by: Veysel - 12-06-2021, 08:28 AM - Forum: Tips - No Replies

These days, Steam and Discord are scam heaven.  It seems like every month there is a new one, or an existing scam gets worse.  I want to lay out the scams that exist so that you know what to be on the lookout for if you use either of these platforms.


Steam

Steam scams have been around for ages.  They are a plague on the platform, but outside of Steam it's understandable why no one has heard about it.  I admit, I've fallen a victim to a couple Steam scams, but I will have a dedicated topic where I talk more about this.  The most common Steam scam involves the popular game CS:GO.  In this game, you can buy and/or trade expensive in game items.  Scammers have a shit ton of bots and have programmed these bots to add you, and upon being added, will instantly DM you with a link, and they will say "get free knife" or some variation of this.

Upon clicking this link, you will be brought to a site where you need to sign in with your Steam credentials.  After doing this, your entire CS:GO inventory will be traded to another account and you have lost everything.  Back in the day, Steam would grant you one freebie and would replace your stolen items.  I'm not sure if they still offer it, though.  It has been years since I've touched CS:GO, so I'm not sure if there are new scams or not.

I need to be crystal clear about something: There is no such thing as free CS::GO knives! I don't care what anyone says, no website offers these items for free.  It is always a scam. 

Discord

Discord has a couple different scams, one of which involves Steam.  The first one I'll talk about is the one that incorporates Steam, and is a "newer" variation of their scams.  It starts off via receiving a DM where the person links to your Steam or provides a screenshot and asks "Is this your account?"  Upon saying yes, they will say they "accidentally reported you" and will then pawn you off to another person who supposedly can help you protect your Steam from being deleted.  I have not experienced or thoroughly investigated this, so I cannot say exactly how they do it once you start talking to the second person.

What I can say, simply reporting someone will not put their account at risk, nor can anyone "unreport" the account.  Additionally, it's not possible to "accidentally" report someone.  Once you click the report button, you then have to click an additional option that says why you're reporting.  If someone says they accidentally reported you, it is a scam. Something that's also worth mentioning and makes me laugh, your Discord name can be the exact same as your Steam, even with the same profile picture, yet they still ask "is this your account?"

The second scam is about free Discord Nitro.  Nitro certainly has some perks to it, but lets be frank, most of us aren't willing to pay for only one or two decent features.  Thus, when offered Nitro for free, we jump on it!  You will receive a DM that says "free nitro" and includes a link.  Here's where this gets interesting.  These links will often be dressed up to look like official links, but will have misspellings that most people don't think twice about.  For example, the official website is discord.gg. A scammer will use "dirscord.gg" or some other similar variation.

Doing a quick glance and not paying attention, they can seem like official links. It gets worse, because they are getting new links all the time. Granted, some of the newer ones are drifting away from "official looking". Always triple check the link you plan to click.

The third and final scam [for now] is also the newest, thus, I don't know a whole lot about it. This one involves someone on your friends list losing their account to a scammer. The scammer will then DM you and say they were working on a game and ask you to try it. They will send a .exe over titled "Umbrellajump.exe". This is a confirmed virus!


Do not download any file sent to you, even if from a friend unless you are 100% sure it is your friend actually sending it.

[Edit on 12/15/21]

It appears the Discord scammers are now using Tinyurl links to bypass link blacklists and/or sketchy link deletions. For those unaware, Tinyurl is a legitimate site that lets you shorten a URL. Using a Discord bot like Dyno, you can block a link without blocking the domain, meaning you can block the malicious Tinyurl link, but still let Tinyurl be used.

Print this item