Originally posted by Regen is infinite loop:

What are you on about?
We have several NEWLY ADDED features to detect phishing links and marking the BIG RED AND NOTICEABLE.

Report phishers and a member of staff will get to it ASAP, we are not going to shut down the site because of it, because believe it or not this happens everywhere.
This is the only complaint against us that we have had, we do all that we can to stop the phishing but fuck me, its not that easy is it?

well since most accounts affected by this attack seem to have been hijacked and turned into more phising bots reporting them will not do all that much good

as i said in the OP i am AWARE of your previous efforts for stoping phishers, i am THANKFUL for em, but when it comes to this one, the biggest phisher attack ive seen so far, i havent seen the staff do much about it, in fact some comments seem to point out the staff has given up when it comes to this particular attack, unwilling to do anything about it, but they keep the site running, compromising more and more accounts

im sorry if this makes you upset, i truthly am, it doesnt take a genius to realize you guys have received a ton of complains about this, but this stance, i simply cannot get behind or empathize, its not like you are not doing anything about this, you are actually making it worse

shouldnt you take down your site?

ive seem the owners of the site post in here saying that this is valve's problem not theirs, that being the case, dont you think keeping your site up, which is clearly facilitating the phising of these accounts, is only making valve's job harder?, i mean i cant imagine how receiving hundreds if not thousands of emails from people with hijacked accounts each day is going to make things easier for them, they might even have to check every case individually

there are ways in which you can help, very easy ways, such as posting an announcement on your site warning about this phising attack, stuff ive seen you do in the past for different other reasons and events


you are unwilling to help solve this problem, fine, but must you also contribute to it with you inaction?


PS: i recognize and appreciate your efforts to combat phising in the past, that does not excuse your stand right now, phishers are abusing your site like it or not, it is in my humble opinion very irresponsible to remain idle to a problem that is affecting a significant amount of your users

Originally posted by norby89:

Originally posted by Nuclear Kangaroo:

and you wont even put a warning in your site?

that is incredibly irresponsible, people are abusing your site and you are washing your hands from the whole deal

i for one wont be directing new players to tf2outpost.com until this problem disappears or you do something about it, they are only going to get their accounts stolen

You're acting like TF2Outpost is the source of all problems and that they're meant to fix something they hadn't even started. A small reminder to you, phishers are using more than one site or method to find their victims, no matter where you go you won't get away.

I'm not sure if you had noticed but over the past few months the spreading of phishing links on TF2OP has pretty much halted. And that's all thanks to the safety measures that have been implemented. We have warnings when clicking on links, phishing links are automatically detected, new phishing accounts are banned almost instantly, anti flood etc.

So why are we still seeing phishers? The problem is no matter what you do to prevent it, they will ALWAYS find a new way to steal accounts. Let's say they're not using Outpost as a source for potential victims. No problemo, let's start with Mattie and attempt to phish his friends, then all the friends of his friends and so on. As long as there's public information available they are always going to use it to their advantage.

The problem is you cannot "fix" this issue without also affecting legit, innocent users. Do you really wanna see a site with a list of trades from Anonymous users and no way to add them because you could potentially be a phisher? If you have any suggestions, we're all ears but nonconstructive criticism is not going to help anyone.

The only one who can stop this once and for all, like BSoD said, is Valve and as long as they don't do something about it we will continue to have this issue. It is their fault that they created a faulty security system (Steam Guard) that can be bypassed so easily. They recently started restricting new devices you log into, which in theory sounds great, however phishers still found a way to bypass it.

i feel valve could argue the exact same thing and never fix this issue, or any issue whatsoever because "there will be always stuff to fix, why bother"

listen to my simple suggestion, it may make you change your stand, post the following message in the site:

"steam is currently experiencing a large influx of phising attempts, if somebody asks you to add his/her "friend" or "alternate account" in order to trade, check carefully the link they give you, if the link does not start with https://steamhost.cn/steamcommunity_com, its a phishing link"

as long as you are profiting from this service it is my opinion you should warn people about the current risks because you site is still facilitating the stealing of accounts, like it or not


just because im critizing your stand right now it doesnt mean i dont appreciate previous efforts to stop phishing

Originally posted by Blue Screen of Dea†h:

Originally posted by Sobah-kiin:

Pleade, tf2op admins, add CAPTCHA to "add on steam" button. It will be really usefull against bots

They are not all bots, there are many humans. Also the button is useless, the bot can get the user ID and add the user manually on Steam.

We are aware of the problem, but this is a Steam problem, not Outpost problem. We can't block front page visibility because of this. People should rage against Steam and their inability to handle the whole hijacking/phishing problem, because it doesn't like they care right now.

and you wont even put a warning in your site?

that is incredibly irresponsible, people are abusing your site and you are washing your hands from the whole deal

i for one wont be directing new players to tf2outpost.com until this problem disappears or you do something about it, they are only going to get their accounts stolen

Originally posted by Blue Screen of Dea†h:

Originally posted by ADN:

This may be true, but inviting people to rage against Steam is a little harsh. I do have the same problem - when i bump, 2-3 adds with phishing links.

No, it's not harsh. It's their software, their responsibility. The reason why they aren't doing anything is because there is no pressure on them to fix the problem.

All they care about is money, all updates they do are related to something to give them more money.

It's very easy to fix the problem. Filter chat messages, or block multiple account creation.

theres a word for the way you act, it starts with h

also multiple account creation helps little when the accounts that fall for this are the ones turned into new phishing bots, steam also provides a warning each time you open link from the chat, the only reason this phishing epidemic is happening at all is because the scammers behind all this seem to have found a workaroud for steamguard

this is your site they are using, we are your clients and you are part of the TF2 community, if you are not going to even lift a finger to prevent this as a victim, as a service provider or as a fellow TF2 community member, well, thats a real shame

this is very widespread, scammers are using the site to check bumped trades and send phising bots to add the trader, if the person falls for the phising attempt his account gets turned into yet another phising bot, in my limited experience this seems to be the case

i believe this because ive seem people with over 100 games and many TF2 items trying these piss poor phising attempts, unless they are mad and want their accounts banned it doesnt make any sense, so banning these people might not be the best course of action, they might be victims themselves

is like the zombie apocalypse of phising, some complete scumbag is not only phising but draging a bunch of innocent people along with him