1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Suggestion regarding phishing

Discussion in 'SteamRep General Discussion' started by Maddux, Apr 22, 2013.

  1. Maddux

    Maddux New User

    Messages:
    100
    Steam:
    STEAM_0:1:20658158
    I'm sorry if this has been brought up in the past or has already been discussed, i looked a bit and did int see anything relating to this.

    Suggestion
    When a user posts a phishing link, it looks similar to a regular steam website link, but looking at it further you can see that it is not. So i'v noticed that Steam Rep uses a plugin that sensors certain profane language, why not add a group of phishing links to the blocked out list? So when a user posts a phishing link it just gets censored, same as profane language. There are a lot of different variations of the domain that is used for phishing, but there is a large group of them that can be found in outpost and other forum sites, and as more phishers use different domains, the domains they used can be added to the list of blocked words. I realize forum websites do not get as many phishing links as lets say outpost it seems, there can be a possibility for outpost to also integrate it as well, i have not brought it up to anybody else because i honestly don't know if this would work.

    The reason i bring this up is because as a new outpost member my self i posted a few trades and on one of them a user linked to his "main" account in the comments of my trade and i almost fell for it. Clicked the link but then realized that it was a phishing link. New users can fall prey to that and hopefully this would be an easy to way to save people the trouble of going through steam support. Thanks for reading
  2. Regen

    Regen New User

    Messages:
    88
    Steam:
    STEAM_0:1:23013129
    I am guessing this is more directed towards tf2 Outpost? As it is where the main phishing problem is.
  3. Maddux

    Maddux New User

    Messages:
    100
    Steam:
    STEAM_0:1:20658158
    I'm somewhat new to trading and TF2 outpost in general, but it does seem that's where the main phishing occurs. I can assume occasionally it happens on forums as well, and it doesn't seem like it would be the hardest thing to implement. I'm not some expert programmer so i'm not sure how hard a process of this is to do but it does seem to have some applicable uses.
  4. VenGanZa

    VenGanZa User

    Messages:
    1,663
    Steam:
    STEAM_0:0:32312479
    Well a site like OP "could" try to implement something like this, however I doubt it would happen, not only due to the labour involved but also the sheer complexity.

    To make this clear, countries like Australia have tried to implement "porn" filters, and if you think about "porn and sexuality" for a minute you will quickly be able to get your head around the task involved in defining and classifying groups of words which would make such a list. It is certainly practical to catch the majority of targets without fuss, but complete accuracy is impossible, and then there is the issue of false positives which stop things such as valid searches of library or educational material.

    Now think about the quantum leap in complexity when it comes to phish links, I am guessing Sneeze would rather staple his testicles to a Gibbus rather than taking one such a task :)
  5. Maddux

    Maddux New User

    Messages:
    100
    Steam:
    STEAM_0:1:20658158
    You make some very good points here. I may not be viewing phishing correctly, but do most of the phishing attempts just mirror the regular steam website but with a different domain? If so, would it be possible for it to give some sort of notification next to a link saying that it is not a valve certified website? Or something to that effect. So sneeze or other staff dont have to go through and type all of these links, but just write a script or program that puts some sort of marker next to websites that are not valve certified websites. I'm just trying to piece together a way that will make users carefully look at the domain they are clicking and logging into.
  6. VenGanZa

    VenGanZa User

    Messages:
    1,663
    Steam:
    STEAM_0:0:32312479
    Well many do "Sourcop" for example. I agree sites could implement something to attempt to block the major culprit links if they wanted.

    I have to say, that OP Staff do a pretty good job regardless. Normally the reporting function gets prompt attention. The few times I have notified them this way, I have seen them react within minutes on various occasions.
  7. Maddux

    Maddux New User

    Messages:
    100
    Steam:
    STEAM_0:1:20658158
    Oh defiantly, they dont let issues like that sit out very long at all it seems. The issue is it only takes 2 seconds for a user to log in and have their account compromised, even before its reported to staff members. I'm not sure how to implement something of that regards. It seems the only websites that get linked to on outpost are picture sharing websites in order to show what a hat looks like (not sure if i understood the purpose of that), steam profiles, the valve website its self. There may be some others here or there that others link to but the ones above are the main ones from what i noticed. So if all other websites that are not in the above group get blocked or warned in some sort of way, that may be able to keep users safer. And if a website that is blocked is a legit website, a report of some sorts can be filed about it. This is just a rough idea but im hoping something to this effect does get put into websites.