SCAM Alert: Fake reports on PSN account over Discord.

[Otonio_Bruno]

Since posting this, it has been confirmed by various PSNP members that what entails below is indeed a scam. Originally I had posted this since I had some doubt it could be a legit issue with someone wrongly reporting my account, but it's clear now that is a scam.

 

As per DrBloodMoney post, it is a variation of Steam account scam that has been going for some years now. I've searched on google about it and found these webpages about the scam on steam, which uses the same template you'll see below.

 

https://help.steampowered.com/en/faqs/view/3195-9FFB-BA06-F25B

 

https://steamcommunity.com/discussions/forum/0/4417479689927172179/

 

https://steamcommunity.com/discussions/forum/7/3043858334649545975/

 

 

How the scam started: I've got a friend request on my discord from an unknown person. In private messages, said person asked "Is this you" with a picture of my PSN Profile (Taken from here). After confirming that the account was indeed mine, the person then says he/she accidentally reported my account for illegal purchase/fraud and needed my help to undo their mistake, with the attached picture of a fake playstation website where it states your PSN ID and some details about your supposed ban (Picture in the original post part just below this). I did not engage in further conversation with this person and made this thread to confirm that was indeed a scam.

 

Discord ID used by scammer was CarolMartinez.

 

_______________________________________________________________________________________________________________________________________________________________________________________________

 

ORIGINAL POST:

 

Yesterday I've got friend request on discord from someone I didn't know beforehand, today this person sent me some messages that he/she "accidentally" reported me on PSN for illegal purchase and wants my "help" so I don't get banned. From the bad grammar alone I suspect it's a scam for me to hand over my PSN account details, can anyone confirm this for me?

 

 

 

Edited February 18 by Otonio_Bruno
Rehaul of the original post.

[ThatMuttGuy]

100000% scam

 

Just block the person and move on

[Helyx]

Pretty sure it's a scam, but just to make sure you should PM me your account details so I can login and confirm.

[DrBloodmoney]

It’s a scam - it’s a modified version of the same scam done using Steam accounts from a few years back. 
 

Ignore and block

[modest_undue1]

6 minutes ago, Otonio_Bruno said:

Yesterday I've got friend request on discord from someone I didn't know beforehand, today this person sent me some messages that he/she "accidentally" reported me on PSN for illegal purchase and wants my "help" so I don't get banned. From the bad grammar alone I suspect it's a scam for me to hand over my PSN account details, can anyone confirm this for me?

 

 

 

I just got the same thing. Blocked em and moved on. 

[Deadvember]

You should never trust a stranger about your accounts, ever. 

[Otonio_Bruno]

Thanks everyone for fast and precise answers. Going to block the user who sent me that.

 

Funny tidbit: They're fishing accounts here from PSNP, the scammer sent me this pic before the one in opening post.

 

 

Edited February 18 by Otonio_Bruno

[Lucibur]

That's a real big low for someone to try and get your account, block and report the moron.

[Copanele]

Oh you mean this kind of scam? And yes, full name out there so you know who tries to scam in advance. 

 

I absolutely love the "This Account has a Pending ban for 1 hour before this Account will be ban and permanent suspension." That Pirate grammar gets me every time.

Where's the "hot singles in your area" scams nowadays....  I loved those!

[GothGirlMaxine]

Scammers can do one frankly. 

[LukeTheGooner]

It was my message to you and it's 100% legit, honest

[colia100]

As your nearly-new friend would say... this issue is resolve

[Helyx]

48 minutes ago, Otonio_Bruno said:

They're fishing accounts here from PSNP

 

That's been going on for about a decade now. Hackers are copying the timestamps from games, sometimes entire trophy profiles are cloned.

Edited February 18 by Helyx

[Fing3rButt3r3]

Someone is gonna fall for it, thxs for bringing it to the publics attention, at least here.

[Hitman_Spinksy1]

The grammar is brilliant "This Account will be taken an Action" 🤣🤣🤣🤣 

 

I'm surprised they spelt PlayStation correctly 

 

[modest_undue1]

My scammers name was CarolMartinez, if that helps

[Otonio_Bruno]

I've edited the original post to reflect the information given in this thread, to make it more a PSA thread. Hopefully this will make other players avoid this type of scam.

 

Thanks again to anyone who answered this .

[grimydawg___]

Give the info.  Usernane: Jack password: meoff

[Leenewbe]

that'll probably explain the 2 rando acc's that tried to add me the other day then, obviously i ignored them cos we had no servers in common.

heres the names to look out for 

maryevans5126

augustsveryown

 

 

 

Edited February 19 by Leenewbe

[EqualityEarth]

Another discord name trying the same thing. “SpotlessPanda”

[Valzentia]

I got one of those lately. Just block and move on...though I wonder if some scambaiters will make an entertaining video about it 😂

[Colin_Raleigh]

All the more reason not to use Discord. I'd used it briefly back in the early months of 2020 at the suggestion of a friend (ex-friend now, but that's a whole other story) and wound up deleting it when said friend and I had a permanent falling out. After hearing this, it just further reinforces my desire not to return.

Edited February 20 by Colin_Raleigh

[Honor_Hand]

Oh yeah, all these accounts were trying to befriend me on Discord the other day. So annoying.

 

I had heard in advance there was some sort of scam going on Discord, and since I never really accept anyone without prior conversation or recommendation, I just ignored them.

[J-S_93]

Guys - this is also a well-known Social Media scam in general, such as Facebook and the like, where you'll get a message saying something like, "Is this you?!!!!!", followed by a URL phishing page designed to look like a website you frequent, but with a fake URL potentially from someone you could be friends with or actually know, that has has already been compromised or hacked by falling for the scam, and then their friends list gets targeted with the same phishing scam as well, so it eventually gets to you - and it coming from someone you know does add some legitimacy to the scam message, so be careful out there and DO NOT click links asking you to login or confirm your details if you don't 100% know the true URL of the page you're visiting.

Another variation is asking you to vote for them in some fake competition, followed by a fake competition URL asking you to log in to various socials to cast your vote for them.

Also, for accounts that don't have two-factor / multi-factor authentication and such, certain credential stuffing log-in attempts could happen to your accounts on a daily basis:

https://en.wikipedia.org/wiki/Wikipedia:10,000_most_common_passwords

https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt

https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000.txt

Change your passwords if they appear on lists like this.

Use Ctrl + F which stands for Control plus Find, or Ctrl +W in some cases to see if any passwords you use appear in these common lists and then change those passwords for your important accounts.  And use a different password for each different account, write them down and store them on an encrypted USB device or something and keep it in a safe place, not connected to the internet.  Update it from time to time with your latest log in information so you don't get locked out.

If you believe your friend or someone you know has been hacked or compromised, let that friend know and report that account as "friend has been hacked".  Tell someone like a Moderator in some cases.

Check also if your data has been found in any Data Breach, and deal with it accordingly:

https://haveibeenpwned.com/

https://haveibeenpwned.com/Passwords

https://haveibeenpwned.com/PwnedWebsites

EDIT, THIS IS THE MAMMOTH LIST:

https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt

It will take a while to Ctrl + F, but scroll through the page for a bit and let things load in properly - when you're confident things have loaded in properly, do Ctrl + F and see if any passwords for important accounts you use are in there, and change them to something complex with: UPPERCASE, lowercase, numbers 0-9, and special characters: `¬¦!"£$%^&*(){}@~:<>?,./;'#[]€ -- and make them long like 12 characters+.

Enable two-factor where possible for your important accounts - sites that aren't too important you don't have to bother with much if you don't feel like it.

Edited February 28 by J-S_93