You probably reached this blog because you either received a message from a friend, telling you to click on this link, or because you have already clicked this link, and possibly even sent your user credentials to these hackers already.
Because that's what this website does. It sends your Steam ID and password to some e-mailaddress. This website is a typical example of the "Lobsterpot" phishing-method. When the phisher receives the e-mail, he immediately logs in to your account and changes the password and e-mailaddress.
The creator of this page only had to use basic HTML and PHP skills to create this fake page. He copied the entire HTML source of the Steam Community webpage and edited the login form, so the data are sent to his own PHP script (loginnow.php) that submits the usercredentials to his e-mailaddress. See the difference in these two images below:
So we know how he did it. But there is one thing I haven't been able to figure out yet: to change the password or e-mailaddress of a Steam-account, you need to have access to the confirmation code sent to your e-mailaddress. So: how does this phisher manage to change your password and e-mailaddress, without being able to get the confirmation code from your e-mailaccount?
Yes... maybe people use the same password for their e-mailaddress as their Steamaccount, but my friend, who got Hijacked about 4 hours ago, tells me he doesn't.
If there's someone who might know an answer to this question, please, leave a comment below!
Last, but not least, we need all the help we can get to track this phisher down. I'm sure it will take the Steam moderators ages to handle all the Support Tickets, so let's take things into our own hands! A simple who-is shows that this seemingly Romanian website (.ro) is hosted in Houstan, Texas, USA.
If anyone of you out there has the skills required to find out more about this phisher, his personal data or his location, feel free to contact me or leave a comment.
Let's hunt this guy down! He's such an amature (looking at his code), that it can't be hard to trace him. With your help, we can find this guy and put him to justice! Phishing is an illegal act in the USA, but also in Europe, and is punishable by up to $400.000 and 5 years imprisonment.
In the mean time, remember to never enter your username and password on a website that isn't HTTPS secured and has a valid certificate.
Thank you for your time.
Update:
www.steamfreegames.ro is now a known phishing site in Mozilla Firefox, but http://steamfreegames.ro still isn't yet!
It seems this website is hosted on a server that belongs to websitewelcome.com. We have sent an e-mail to abuse@websitewelcome.com to report this phishing website and hopefully get some data on this phisher (e-mailaddress, IP address etc.).
Geen opmerkingen:
Een reactie posten