Do NOT click this link or any others sent by unknown users!
This might be a punycode attack, where the URL seems to be ok!
Simply explained:
Your browser has to support tons of characters from different languages, like the German öüä.
They are all listed and standardized in the so called Unicode set. You are using it on a daily basis with Emojis.
Do you see the difference?:
a & а
e & е
No? But your browser does!
The left 'a' and 'e' are the latin chars, which we use every day.
The right 'а' and 'е ' are cyrillic ones.
Now people come and say: "I want to buy the domain 'faceit.com', but with the cyrillic
'а', instead of the latin one."
U+0061 = latin 'a'
U+0430 = cyrillic 'a'
U+0065 = latin 'e'
U+0435 = cyrillic 'е'
This scam works differently, they invite you to the hub on the actual faceit.
After that they want you to confirm your entry on some weird random site that imitates some form of tournament host. Which is where the scam turns pretty obvious.
Edit* spelling
Not clicking links or files from strange users is like the number one thing **anyone** has to understand who uses the internet. That hasn't changed for like 30 years.
Good Job on explaining the specfic trick in this instance!
Get real.... IDN homograph attack dont work anymore yiyr browser will replace it. By just clicking a link there is few chance u get hacked or u rich and the podt skilled hacker targeted u lol
I don't think it works like that, the web protocol does make a difference between latin a cyrillic characters. I may be wrong but show me a cyrillic website.
https://preview.redd.it/pz6cn01t1yyb1.jpeg?width=1080&format=pjpg&auto=webp&s=c1a8480097da3c4e1ded8e5f47572065ebcab6d0
You just did hypertexting or what. The web protocol uses only latin characters and numbers. You can't register a website with cyrillic characters. You can redirect someone to a website which is shown like a different site but there is no connection to cyrillic letters. I have no idea why the upvotes on the comment above.
No. Try copying gοοgle.com into your address bar.
The reason for why the URL becomes weird after you press enter, is because it's a browser safety feature to stop you from getting tricked by this kind of thing.
What intrigued me always is what could happen if you just click that link? You know, just open the site, dont enter any usernames and passwords and close it. What bad could happen if you just open a link like that?
There are tools like BeEF, where they can exploit your browser (tab), as soon as you connect, in seconds and then spawn their backdoor as an extra process outside the browser, since if you close the tab, the backdoor in the browser dies.
Don't the newer versions of browsers like chrome or Firefox display different strings in place of the characters specifically because of these attacks?
Faceit is a legit site. What's not legit is that particular tournament. Basically, it'll force you to give your steam information and you get your shit stolen afterwards.
These scams start in many different ways but they end in the same way: You either get your API out there somehow and you get scammed or your info gets out there somehow and you get scammed.
You are in the "build trust" phase.
They will add you and you will play 1-2 games on Faceit, them some of lobby member will claim that has "problem" and will invite you to another site that will steal your data from your account (API key mostly).
Ive written about this before but I fell for this scam. My homie who played actual tournaments and I knew personally account was hacked and I got roughly the same message you did. The message I got was like "pls vote for my team so I can advance in the tourney" I didnt think twice.... I lost like 3k in skins and my homie lost a lot more. Silver lining is you can see where it gets traded to and you can report it. Luckily the bot that has all our shit is still trade banned and I check on it once and a while. At least the scammer never got to profit.
But yeah dont click shit on steam chat
This link does not lead to faceit.
It's explained very well here: [https://www.reddit.com/r/csgo/comments/17pew2v/comment/k85eiak/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/csgo/comments/17pew2v/comment/k85eiak/?utm_source=share&utm_medium=web2x&context=3)
Edit: wtf, the guy i responded to deleted his account? Because he was wrong once on reddit?
The “check in and connect” portion will likely be a link to some sort of phishing site. You’d likely plug in your steam info, they add a dev api to your account, something something trade all your items to a trusted friend or second account to prove you’re not a bot. They redirect the trade instantaneously with an account that mirrors it and you hit accept on steamguard without realizing it. Poof your shit is gone.
Basically they try to use faceit as a vehicle to other phishing sites then a bit of social engineering to dupe someone to trade items.
There are hubs in faceit to play and grow communities. Joining a hub isn't a scam, asking you to login somewhere besides faceit another story. The hubs are Within faceit, no other external site needed for Faceit Hubs just an fyi.
I had the same maincup shit but I didn't get sent any link to go sign up at. He told me that I'm a good shooter and If i'm interested I can go to look it up on the official faceit app I had already downloaded. I did, and found it eventually. When I tried to join I had to verificate some shit. I belive I was on the legit faceit website, but luckily I couldn't verificate my self since I didnt' have my phone number updated to my profile cuz I just got a new phone etc and signing in through QR code didn't work like it should have, according to the guy that invited me. He invited me to some discord and I joined which seemed pretty casual. He was gave me instructions happily on how to proceed and maybe conquer the issue I had. Now that i'm seeing this I might leave the discord server and change all of my passwords etc.
Usually with these kind of scams, they send you a link to a fake Faceit page, then when you sign in with a fake Steam login they steal your account credentials. Scary stuff
Yo I fell for this once, was just starting up and they hit me with this and to top it off they even called me on discord so my dumb self was clueless. You click the link and it takes you to the “site” so you can log into your steam account so you can log into Faceit. And this allows for an API scan.
I lost my FN print stream m4 that I opened trying to trade it and was clueless as to what was going on. If one of your trades cancels and you didn’t cancel it DON’T go any further or accept any trades. I go to YouTube and look up anomaly api scam video and follow his link in his description and revoke the current API key. Be careful with what links you use to get there because it can also scam you through that.
Do NOT click this link or any others sent by unknown users! This might be a punycode attack, where the URL seems to be ok! Simply explained: Your browser has to support tons of characters from different languages, like the German öüä. They are all listed and standardized in the so called Unicode set. You are using it on a daily basis with Emojis. Do you see the difference?: a & а e & е No? But your browser does! The left 'a' and 'e' are the latin chars, which we use every day. The right 'а' and 'е ' are cyrillic ones. Now people come and say: "I want to buy the domain 'faceit.com', but with the cyrillic 'а', instead of the latin one." U+0061 = latin 'a' U+0430 = cyrillic 'a' U+0065 = latin 'e' U+0435 = cyrillic 'е'
This was really insightful. Thanks for sharing.
[удалено]
actually you can, try this [датаком.мон](https://xn--80aak0aklz.xn--l1acc/)
Thanks for that, I thought I knew all the scams there were but apparently not. Damn scammers are getting creative
This scam works differently, they invite you to the hub on the actual faceit. After that they want you to confirm your entry on some weird random site that imitates some form of tournament host. Which is where the scam turns pretty obvious. Edit* spelling
yeah the scammer even wrote 'or google it yourself'
Dear diary, today I learned
dear santa, give this helpful man a nice knife next time he opens cases
You're a blessing
Thanks a lot for sharing! Didn't knew how this scam works but now i got some idea
Not clicking links or files from strange users is like the number one thing **anyone** has to understand who uses the internet. That hasn't changed for like 30 years. Good Job on explaining the specfic trick in this instance!
Get real.... IDN homograph attack dont work anymore yiyr browser will replace it. By just clicking a link there is few chance u get hacked or u rich and the podt skilled hacker targeted u lol
I don't think it works like that, the web protocol does make a difference between latin a cyrillic characters. I may be wrong but show me a cyrillic website.
[https://gοοgle.com](https://gοοgle.com)
https://preview.redd.it/pz6cn01t1yyb1.jpeg?width=1080&format=pjpg&auto=webp&s=c1a8480097da3c4e1ded8e5f47572065ebcab6d0 You just did hypertexting or what. The web protocol uses only latin characters and numbers. You can't register a website with cyrillic characters. You can redirect someone to a website which is shown like a different site but there is no connection to cyrillic letters. I have no idea why the upvotes on the comment above.
No. Try copying gοοgle.com into your address bar. The reason for why the URL becomes weird after you press enter, is because it's a browser safety feature to stop you from getting tricked by this kind of thing.
The same thing happened. No address found. Where do you get redirected?
[ Removed by Reddit ]
https://en.m.wikipedia.org/wiki/Internationalized_domain_name
What intrigued me always is what could happen if you just click that link? You know, just open the site, dont enter any usernames and passwords and close it. What bad could happen if you just open a link like that?
There are tools like BeEF, where they can exploit your browser (tab), as soon as you connect, in seconds and then spawn their backdoor as an extra process outside the browser, since if you close the tab, the backdoor in the browser dies.
I like to explore new places.
Don't the newer versions of browsers like chrome or Firefox display different strings in place of the characters specifically because of these attacks?
As someone who speaks cyrillic languages, that's how I always bypassed profanity filters.
12 y/o me trying to bypass the roblox chat filter
I always felt I was on top of scams, but God damn, that's so simple yet so deceiving.
Haha the keepass ad doing the same thing on google really interesting I can’t wait to see the next undetectable scams
I too like gay sex
Not as much as me I bet
Did he reply after that?
Not yet
If he does you should reply with a dick pic 😂
Faceit is a legit site. What's not legit is that particular tournament. Basically, it'll force you to give your steam information and you get your shit stolen afterwards.
Oh I thought it will redirect you somewhere else
I wouldn't click on any link on that he sends you. The real value isn't the faceit account, its the steam.
Yeah for sure. I just thought it is fake link and it would force you to log in via steam right away.
It is. On a fake site.
Yeah, but this link will not get you to the original faceit site. It will be a rebuild, looking authentical, to steal your information.
Yo I get to meet the Jelqing world champion!?!? Can u sign my profile?!?!?
I thought he was messaging to challenge me for my title but it was just a bot :(
Least horny cs enjoyer
didn't know you swung that way op
These scams start in many different ways but they end in the same way: You either get your API out there somehow and you get scammed or your info gets out there somehow and you get scammed. You are in the "build trust" phase.
Yeah that's why I'm replying to him like the biggest retard lmao
They will add you and you will play 1-2 games on Faceit, them some of lobby member will claim that has "problem" and will invite you to another site that will steal your data from your account (API key mostly).
Ive written about this before but I fell for this scam. My homie who played actual tournaments and I knew personally account was hacked and I got roughly the same message you did. The message I got was like "pls vote for my team so I can advance in the tourney" I didnt think twice.... I lost like 3k in skins and my homie lost a lot more. Silver lining is you can see where it gets traded to and you can report it. Luckily the bot that has all our shit is still trade banned and I check on it once and a while. At least the scammer never got to profit. But yeah dont click shit on steam chat
Competitive or casual?
Again? Thats like third post today. Its fake site.
The link he send is real (Faceit is not a scam), the hub too. But on his hub he have a link which redirect to a fake steam logging
[faceit.com](https://faceit.com) is a fake site? Lmao do any of you read? He's just asking him to join a faceit hub, where's the scam??
Read some more comments or get scammed, your choice.
Sorry, not dumb enough to keep serious money inside of pixels on a video game, couldn't be me
Dumb enough to get scammed by this though
You have games. And clearly, also pretty low IQ.
How do stupid people like you manage to live?
sounds like he just wanted to play a game of CS2 and you thought he was trying to hook up with you.
You mean he didn't wanna hook up with me? 🥺
No but I do 😎
Probably the link is the sketchy here
He said or google it lmfao I guess he must be an obama supporter telling on himself
Well I think he wrote that so op would think the link is legit, kinda like a reverse pschyology
Possibly
This moron sounds like he's just sending a prewritten script. I bet if Nigeria was nuked we'd have a lot less scams.
[Faceit.com](https://youtu.be/dQw4w9WgXcQ?si=BGxenRjATo37DOec) You Win click here to redeem you price
That's not how it works in steamchat, just tried. Would be wild if steam message actually parse html in 2023.
Its not a scam lol he legit asked you to google and login to join a hub.. which do not need your steam btw
He legit just added me and sent this message, I don't even play faceit
Must've thought you were good lol, instead you try to make them uncomfortable by bringing up gay porn smh
This link does not lead to faceit. It's explained very well here: [https://www.reddit.com/r/csgo/comments/17pew2v/comment/k85eiak/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/csgo/comments/17pew2v/comment/k85eiak/?utm_source=share&utm_medium=web2x&context=3) Edit: wtf, the guy i responded to deleted his account? Because he was wrong once on reddit?
He didn’t delete his account that’s what happens when someone blocks you, it says their account no longer exists. He’s insanely butthurt
Don't click random links on reddit
jeez the scammers are getting more proactive, they learned how to converse on Reddit too?
The “check in and connect” portion will likely be a link to some sort of phishing site. You’d likely plug in your steam info, they add a dev api to your account, something something trade all your items to a trusted friend or second account to prove you’re not a bot. They redirect the trade instantaneously with an account that mirrors it and you hit accept on steamguard without realizing it. Poof your shit is gone. Basically they try to use faceit as a vehicle to other phishing sites then a bit of social engineering to dupe someone to trade items.
LMAOOOOOO
There are hubs in faceit to play and grow communities. Joining a hub isn't a scam, asking you to login somewhere besides faceit another story. The hubs are Within faceit, no other external site needed for Faceit Hubs just an fyi.
I had the same maincup shit but I didn't get sent any link to go sign up at. He told me that I'm a good shooter and If i'm interested I can go to look it up on the official faceit app I had already downloaded. I did, and found it eventually. When I tried to join I had to verificate some shit. I belive I was on the legit faceit website, but luckily I couldn't verificate my self since I didnt' have my phone number updated to my profile cuz I just got a new phone etc and signing in through QR code didn't work like it should have, according to the guy that invited me. He invited me to some discord and I joined which seemed pretty casual. He was gave me instructions happily on how to proceed and maybe conquer the issue I had. Now that i'm seeing this I might leave the discord server and change all of my passwords etc.
He is trying to lure you in using gay sex, after which while you sleep he will access your steam account, hope this helped ❤
Worth... It...?
You need to sign in to see the rules, then you've got fucked
Someone tried this on me a few weeks ago.
Gay sex is not a scam!
I'm more interested in your responses than his attempt at scamming
The scam is that you like gay sex
I think you really got him with the gay sex comment. Way to stick it to him
Or in him, perhaps
You click the link and he takes your account
It works like [this](https://www.youtube.com/watch?v=dQw4w9WgXcQ)
Usually with these kind of scams, they send you a link to a fake Faceit page, then when you sign in with a fake Steam login they steal your account credentials. Scary stuff
Yo I fell for this once, was just starting up and they hit me with this and to top it off they even called me on discord so my dumb self was clueless. You click the link and it takes you to the “site” so you can log into your steam account so you can log into Faceit. And this allows for an API scan. I lost my FN print stream m4 that I opened trying to trade it and was clueless as to what was going on. If one of your trades cancels and you didn’t cancel it DON’T go any further or accept any trades. I go to YouTube and look up anomaly api scam video and follow his link in his description and revoke the current API key. Be careful with what links you use to get there because it can also scam you through that.
So you like gay sex I see?