WARNING: Sophisticated Faceit / Discord "ClickFix" Cloudflare Error - Powershell Scam
Hey everyone,
I just wanted to share a very sophisticated and highly psychological social engineering scam that happened to me today. I consider myself an experienced player (former Global Elite) and usually never fall for phishing, but these guys ran a literal multi-day script with multiple people to catch me off guard. Please read this so you don't fall for it.
1. The Long Con (Building Trust)
I met a guy last week during a casual CS2 retake match. He was super chill, spoke good English, and added me on Steam. He didn't pitch anything right away. We didn't talk for a week, which made it feel like a completely organic friend request. Yesterday and today, he messaged me asking if I wanted to play competitive because they were a stack of 4 and desperately needed a 5th.
2. The Setup & Pressure
I joined their Discord server. We were chatting, laughing, and everything felt completely normal. Suddenly, one of their guys said he couldn't play competitive matchmaking because he had a 2-hour cooldown for team-killing. Someone else suggested playing Faceit instead. Since I play a lot of Faceit anyway, I agreed.
Instead of just adding me, he told me to join the "BIG club" on Faceit. Unbelievably, I was already in that club from months ago, so my brain instantly flagged it as 100% safe.
3. The Live Stream Trap
He claimed he couldn't find my profile and asked me to quickly stream my Faceit tab on Discord. This is crucial: They wanted to see my screen so they could time their fake bot perfectly.
As soon as I linked my Faceit to Discord on stream, an allegedly "official" Faceit Verification Bot messaged me on Discord. The bot asked me to verify my account. I clicked through the "Is this your account?" prompts, which opened a tab in my browser.
4. The "ClickFix" Payload
The browser tab showed a fake Cloudflare Error page (claiming a connection error). The page "instructed" me to fix it by opening Windows PowerShell as an Administrator and pressing Ctrl + V (which automatically executes a hidden, pre-copied command in your clipboard).
Unbelievably, in the rush of not wanting to keep 4 guys waiting, I did it. The moment I hit enter, my gut instantly knew something was wrong.
TL;DR:
If anyone adds you, acts nice for a week, invites you to a Discord stack, and you end up facing a "Cloudflare Error" that asks you to paste anything into PowerShell – IT IS A TRAP. They are using the "ClickFix" campaign to steal your browser cookies, Discord tokens, and session data to rob your Steam inventory.
Stay safe out there.