39
submitted 8 months ago by alessandro@lemmy.ca to c/pcgaming@lemmy.ca
top 9 comments
sorted by: hot top controversial new old
[-] PonyOfWar@pawb.social 13 points 8 months ago

I often buy these for myself, as my workplace gives me a "bonus" credit card that can only be used at shops in the region.

[-] bionicjoey@lemmy.ca 6 points 8 months ago

That sounds like Ye Olde company scrip

[-] PonyOfWar@pawb.social 4 points 8 months ago

Heh, kinda, but it's basically just a way to save taxes. The 50€ I get on there each month are legally considered "non-cash benefits", which aren't taxed.

[-] Steamymoomilk@sh.itjust.works 6 points 8 months ago

I just use steam gift cards because if my account ever gets compramised it wont have a credit card attached. I recently had a freind get his account locked out and got an email "saying your steam account has been locked please contact are support to recover. It was a link to a discord account and my freind was super tired from work and wasnt thinking right and told them his security questions TO A "STEAM SUPPORT" on discord. He DM'd me and i just finished work and he told me about his new 3060 and i said we should game later. Then he told me about the discord steam support, i googled if steam uses discord and Big suprise it was a scam. I sent him a link to the steam form and he went "oh fuck" and realized his steam account just got stolen. He eventually got it back but lost $40 that was in his steam account :/

Stay safe out there and dont open spooky emails.

[-] Dudewitbow@lemmy.zip 2 points 8 months ago

he didnt have 2fa on his account?

[-] biscuitswalrus@aussie.zone 3 points 8 months ago

On many systems, the weakest link is that it needs to accommodate a 'lost my x' eg mfa, password etc.

Systems often have a way to get in by resetting them by validating through more factors but often weaker ones, "not phishing resistant" factors like security questions. That way the account can get it removed or a new one put on.

Mfa isn't a silver bullet, it is another layer of Swiss cheese, most people will think twice about giving it away on a chat app. But there's a reason IT departments sign you up for those phishing simulation and training videos.

But you could still be right in this case, I just wanted to note broadly speaking you can't assume prefect security is achieved with mfa. You still need to be constantly vigilant.

[-] Dudewitbow@lemmy.zip 1 points 8 months ago

not saying its perfect, but would have protected him in this specific case. the weakest link is always the human element, and the layers of protection are there to limit what hackers need in order to gain full access.

[-] biscuitswalrus@aussie.zone 1 points 8 months ago

Although that might be true, the moment the 'friend' gave away his account recovery answers to the phisher I think he would have been compromised either way. It was likely that the phisher was in real time actioning a account recovery, and using the friend as the proxy to give answers to the prompts. Plus since it's already second hand info we can't tell, but if the phisher simply asked 'can you read me the code on your authenticator' or 'press approve and you'll complete the recovery process' and would have been successful.

In investigating account breaches I've found most people shamefully don't retell the whole story they're embarrassed and upset and fearing loss of employment. They kind of shut down. In this case, social status or opinion could bet harmed so it would be hard to trust the story is complete. Generally my logs come from entra ID and you can see the authentication came from the mobile device even though it was a prompt generated by the phisher.

Anyway I'm a big advocate for layers of security and you're completely right in your stance. Technology is fragile to exactly what you said. We live in a world of incomplete information using trust and judgement under time pressure and poor sleep. Phishing attacks are ruthlessly designed to target that weakness in people. I'm empathetic when it is successful.

[-] Steamymoomilk@sh.itjust.works 1 points 8 months ago

No, he now does because of this incident.

this post was submitted on 21 Feb 2024
39 points (100.0% liked)

PC Gaming

8478 readers
787 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 1 year ago
MODERATORS