delaford/game

Add anti-scam notice to readme to combat phishing attempts

deltaryz opened this issue · 4 comments

deltaryz commented

What mechanics does this feature affect?
The readme file

How hard would it be to implement this feature on a scale of 1-10 (10 = hardest)?
1

What is the feature request?
I was contacted by a random user on discord claiming to be a developer of this game looking for testers. They sent a password-protected rar file containing this repo and an additional malicious exe file. Thankfully I recognized the file structure as a node project and could tell this was a phishing attempt fairly quickly, but this is the first time I’ve seen such a scam piggyback off an otherwise legitimate project. Including some sort of notice may help deter this kind of scam.

This user has already been reported to Discord. In their attempts to scam me they have inadvertently advertised this project to me, so I’m definitely curious to follow it! Hope development goes well.

39DB0984-9E88-4111-8068-996B6485FEC8

marth8880 commented

I sadly fell victim to this and my hard drive got locked. Please add disclaimer!!!

djasnowski commented

This is astonishing. I am sorry to hear about this. I'll add a disclaimer for sure. This game is still being developed, albeit slowly, but I have taken it offline for the time being because it's not "MVP" and because it's easy to stand up from your computer (you just need to clone the game, npm install, and you're good).

That being said, this also falls under general security practices which I would encourage anyone to always brush up on if you think you doubt yourself.

marth8880 commented

@naknode The rar included the entire git repo, including the readme. After I (foolishly, I'm a game developer ffs how could I do such a thing LOL) ran the exe nothing appeared to happen, so I checked the readme in case there were startup params I needed or something. And then I realized Discord also crashed (probably in an attempt to make me restart it so they could steal my login token) and started looking into the game, which was named Delaford.

  • 👍1
djasnowski commented

I've added a notice right below Getting Started that links to the bigger notice at the very end of the README.md. Thank you again. People suck.