Well, that happened…

…just a word of warning: Be careful on the internet!

I was randomly contacted by some dude on Steam late at night, stating that he wanted me to connect with his buddy - fine, right? While he did not identify himself properly, I shrugged it off, as he just wanted to hook me up with his friend quickly. I was like “Sure, why not?”, let’s give it a shot. Here is a screenshot of our little chat:

Looks fine - on the first glance. But…

• On Steam it is pretty easy to chat with - why wouldn’t the friend just contact me himself?
• What is this mysterious a “fa”-limit?
• Why is this dude not answering timely, after I reply to him?

Also, have you read the links? They are not from Steam, but from some random domain. Do not let yourself fooled by the properly rendered steam preview - it is seemingly also shown for websites redirecting to official steam domains (I have contacted Steam about that). I did click on them, but they just redirected me to the official steamcommunity.com domain, so they seemed fine back then.

I guess you would need to use a vulnerable browser to get infected by this, but still - that was a close call. curl-ing the raw communication…

…also did not showed anything susicious. I had no motivation to dig deeper, but I found the domains on a phishing list later on.

Whatever. I just wanted to share this with you. Be careful out there!