Trade securely  Many gamers have made trading in-game items a good source of income. Some sell items they can not use for their character class; Others, before leaving the game completely, only seek to empty the wealth they have accumulated during this time. 

Unfortunately, there are also scammers in the gaming community who use their cunning schemes to trick simple and honest gamers. You should be aware that some publishers, including Valve, do not accept returns of items to players who have voluntarily surrendered to the Scammers. Gamers need to be aware of their own possessions.

 Then join us in explaining how to preserve the wealth you have earned and gained with your own hands and not let the scammers’ plans go right.

Adhere to the rules 

Let’s start with the fact that not all developers allow their users to trade in-game items; Let alone sell these items for real money. So before you look for a good buyer for your Golden AK-47 or buy Sword of a Thousand Truths, you should first check to see if doing so will block your account.

For example, the developers of MMORPG RuneScape have banned the sale of both accounts and items for real money. There are many reasons for this; From legal reasons (the game and its in-house items are the publisher’s property) to security (accounts and items put up for sale are often stolen or obtained fraudulently).

If your work is blocked in a transaction, you will be barred from using the game, regardless of whether you were a buyer or a seller (you broke the rules!). 

The probability of confiscating the item you paid for in real money is also very high: this type of transaction seems suspicious to game admins, and you have no credible evidence to prove your in-game purchase. 

At the same time, trading in armor, weapons, and other in-game items as part of a public auction is usually not prohibited.

Let the buyer know that …

The second important rule is to trust your intuition and avoid trades that seem too appealing. Just like in the real world, cybercriminals will try to gain your trust.

So they promise you weird discounts to finally get out of your pocket and take your password away. There are a few signs that warn you to be careful:

Red flags include pushing you into a seller’s decision, forcing you to make a transaction, or making a sudden offer to continue a discussion outside of the official platform. Even if your friend is texting you, be aware that:

Scammers may have hacked into their account or used a character of the same name (your old friend character) with only a very small difference (perhaps up to a point).

Look at the swap window to make sure the promised 100,000 gold coins do not turn into Boar Tusk x 1 at the last minute. And in general, be careful that the item you want to buy is offered to you and not similar.

This item should be for the same game you want and not another game. Some scammers have released items for their games on Steam that look like much more valuable items for more popular games.

For example, the scam tried to sell a fake Dragonclaw Hook from Dota 2. This fake version was very similar to the original version; Both his appearance and his name.

The scammers even copied the description and logo of Dota 2. The only problem here was that it had nothing to do with Dota.This item could only be used in a game called Climber – which was later removed from Steam.

After several similar cases, the platform moderators became more focused on what game each item belonged to, but we still recommend that you pay attention to everything in advance.

… But also be a smart and shrewd salesman

Scammers not only try to deceive buyers but also the owners of valuable items. If another player asks you to confirm their “quality” by sending items or making promises to copy an item, or simply asks you to pick up your item for a test drive, you know that this is very suspicious and you should be careful. If someone gives you the game keys in exchange for an expensive item, you must guard; These keys are probably stolen!

Game stores do not recommend selling items for real money (using third-party payment services such as PayPal). However, if you still want to make this transaction, first make sure that the buyer can be trusted. 

Terminate the contract even if you have the slightest doubt. Even if you have agreed to a down payment, the scammer can (in return) cancel the transaction by complaining to the payment system support service; In this case, you will lose both the items and your money.

Beware of third-party software

At times, Scammer will try to persuade you to install TeamViewer, or’s supposedly a digital voice assistant app, while negotiating a contract, claiming that this is just to check if the product belongs to you, or they may say so because it interacts. Easier and better.

 All these reasons are negligible; In fact, Scammer wants to take control of your computer and infect your device with malware. Reject this request.

A few tips

It does not matter if you are a buyer or a seller, be aware of your computer and account. If hacked, scammers will quickly turn anything of your value on these two into money.

• Do not use the same password you use for other services for online games.
• Do not click on any link that goes to sites outside of Chat Game and carefully check the address of each source that asks you to enter a username and password; This page may be fake.
• Never disable the protection of your computer . Contrary to popular belief, some antivirus packages will not interfere with your game performance. Instead, they will detect and block threats when you run them.

 

DMARC, Throughout the history of email, people have come across many technologies that are primarily designed to protect recipients from fake emails (mostly phishing). DKIM [1] and SPF [2] had many defects; 

Therefore, the DMARC message verification mechanism [3] was designed to identify messages that had a counterfeit sender domain. But DMARC was not perfect either.

Thus, our researchers developed another technology to reduce the drawbacks of this approach. Then join us to explain how to fix the defects of the DMARC mechanism.  

How DMARC works

A company looking for a way to prevent people from sending emails using their employees’ emails can set DMARC in their DNS resource file. Basically, this allows message recipients to make sure the domain name in the “From:” header is the same as in DKIM and SPF.

Additionally, this file shows the address to which mail servers send messages about incoming messages; Receiving messages that have not pass the authentication stage (for example, if an error occurs or an attempt is makng to identify the sender).

In the same source file, you can also set the DMARC policy to specify what is on the message if it does not go through the checks section. Three types of DMARC policies cover such cases:

• Reject is the most stubborn policy. Select it to block all emails that do not pass the DMARC check.
• With the Quarantine policy – depending on the exact settings of the email provider – the message or business will fall into the spam folder or be delivered (but labeled suspicious).
• None is also a state that allows the message to reach the recipient’s mailbox normally; However, a report is still being sent to the sender.

DMARC defects

In general, DMARC is a capable technology; This technology makes phishing much more difficult; But by solving one problem, this mechanism actually creates another problem: false positives. Legal messages may appear in two types of blocked or spammy files:

Forwarded messages

Some email systems violate SPF and DKIM signatures in forwarded messages; Whether messages that are forwarding from different mailboxes or messages that are redirect between intermediate nodes (relays).

Incorrect settings

Miller servers make many mistakes when setting up SPF and DKIM.

When it comes to corporate email, it’s hard to say which scenario could be worse: phishing email or blocking a legitimate message.

Our approach to fixing DMARC deficiencies

Undoubtedly, this technology is very efficient; So we decided to strengthen the machine learning process by adding machine learning technology to minimize false positives without compromising the benefits of DMARC:

When users write emails, they are actually using a Mail User Agent (MUA) such as Microsoft Outlook. MUA’s job is to generate a message and send it to the Mail Transfer Agent (MTA) for the next routing. MUA adds the necessary technical headers to the message body, subject and recipient address (to be fill in by the user).

Attackers often use their MUAs to circumvent these security systems. As a general rule, they are home mail engines that generate messages and fill them out according to a pattern.

For example, they generate technical headers for their messages and content. Each MUA has its own “handwriting”.

If the incoming message does not have a successful DMARC check, then this technology enters the field.

The technology runs on a cloud service that connects to a security solution on the device.

It then begins to further analyze the header sequence as well as the contents of the X-Mailer and Message-ID headers using a neutral grid; As a result, the distinction between fake email and phishing gets activate. The technology is implementing on a set of email messages (about 140 million messages, 40% of which were spam).

The combination of DMARC technology and “machine learning” helps ensure that the user is protecting against phishing attacks, while also reducing the number of false positives.

We have already implemented this technology in each of our products that have anti-spam components: Kaspersky Security for Microsoft Exchange Server, Kaspersky Security for Linux Mail Server, Kaspersky Secure Mail Gateway (parts ofKaspersky Total Security for Business ) and Kaspersky Security for Microsoft Office 365.

 

The PayPal service, which has hundreds of millions of users worldwide, has become an international leader in the electronic payment industry, but as you know, electronic payments are always exposed to scams and cyber attacks;

Especially at this special time when everything is happening online following the corona virus pandemic. Then join us to explain how you can protect your People account.  

How safe is People?

In fact, PayPal is a very reliable platform that maintains a high level of security and always strives to improve it. Therefore, the company has a formal program that uses so-called white hat hackers to detect vulnerabilities. Since 2018, the program has cost about $ 4 million. It also covers several other services owned by People (such as Venmo).

PayPal is also very responsive to its users’ data: In 2017, the company received a reliable report of an information leak, but the leak actually involved the infrastructure of the company that People had bought at the time.

All payments made with PayPal are based on email addresses; Therefore, users never need to share their card confidential information with sellers. Apart from the discussion of technology, the human factor cannot be ignored.

Although People do a lot to secure their users’ transactions, the users themselves sometimes make mistakes that will cost them dearly. To avoid such consequences, follow these simple rules:

Protecting your People account

Protection against hacking in the pipe

First, make sure your PayPal account has a secure password. When we say sure, we mean long, unique passwords that are hard to guess. If you use a weak password or use a password for the whole account, then your PayPal account in the face of widespread search attacks or credit manipulation [1]Will be vulnerable.

Making a good password is not that difficult;

It has its own methods. Suppose you can turn to the password manager. The password manager will do both: generate secure passwords and store them securely. When it comes to money and property, caution and security must always be observed.

With PayPal, you can receive one-time codes in text messages or generate them in one app – whichever is the most convenient verification app for you.

An app-based option is generally considered safer, but any secondary factor is still better than doing nothing; So if you really do not like using the authentication app, at least use one-time codes that are sent via SMS.

Be careful with confidential questions and answers.

It may not be difficult to find out your grandmother’s name or the name of your first school from your social media accounts; Questions like this have poor protection.

You can be smarter than that. For example, instead of using the name of your first school, fill in the answer of a relative or friend – just do not forget what the correct answer should be. For security reasons, we recommend using Password Manager for this purpose as welluse. It also stores your encrypted notes – not just passwords.

In addition to verifying authentication, make sure notifications are set up to work best for you. Enabling mobile push messages for outgoing payments may be the most effective security measure. That way, if someone steals your account and starts spending your money, you will be notified and the process will stop immediately.

Not-so-perceptive appendix: Although you receive notifications, you should manually check your account and transaction history from time to time. If People View reports transactions you did not make, change your password and security questions, and contact People Support immediately.

Vulnerability protection in People apps

Software is written by humans, and humans make a lot of mistakes. Errors then become vulnerabilities that cybercriminals can exploit. As mentioned above, People has spent a fortune on searching for such vulnerabilities and may even pay more to refine its products and systems! But for the resources that People is constantly investing in to protect you, you need to take action.

For example, never turn down smartphone app updates (desktop users should use the WebPeople version; so if you do, you have another reason to never turn down browser and operating system updates).

Install all updates as soon as they are available. Do not forget to run antivirus scans on the devices you use for your people – your PC and your smartphone. Never be careless when your money is at stake.

Protection against cyber attacks in People

Always remember that public WiFi is unsafe. Never use public WiFi for financial transactions without worrying about a secure connection. If you have to complete a transaction while using the free WiFi in the cafe or at the airport, first turn on the secure Wi-Fi and then open your People app.

Beware of incoming emails that appear to be from People; They may be a threat of phishing! PayPal has long been at the top of the list of brands targeted by fake email scams; why not?

Remember we said internet scammers smell money ?! Use standard viewing techniques to detect phishing: Check the sender’s address carefully; Also any link inside the message.

We also recommend that you do not click on any links.Instead, enter the People address in your browser, log in, and check to see if you have a notification in your account.

If there is no notification, it is most likely a fake email. And most importantly, never enter the confidential information of your People account – even if you have the slightest doubt about the legality of the email or website you are dealing with – never enter the confidential information of your People account.

Some recommend using People from a browser or even a separate device (which is specifically uses for this purpose).

Of course, this seems to be a strict procedure. Instead, we recommend the Safe Money featureSome recommending using People from a browser or even a separate device (which is specifically uses for this purpose).

Of course, this seems to be a strict procedure. Instead, we recommend the Safe Money featureSome recommending using People from a browser or even a separate device (which is specifically uses for this purpose).

Of course, this seems to be a strict procedure. Instead, we recommend the Safe Money featureUse Kaspersky Internet Security to make sure your money is never stolen when you make a payment.