Tech/email scams + session hijack completed!

All docs completed, addressed r-Techsupport#291 and ready for merge!

docs/safety-security/session-hijack.md

@@ -51,7 +51,7 @@ As an end user, there are several strategies you can employ to prevent passive s
 
 ## Examples of prime targets for Session Hijacking and precautions to take:
 
-Session hijacking can potentially affect users across a wide range of commonly used services and applications. One of the best protections for session hijacking is the use of [Multi-Factor Authentication (MFA)](/docs/safety-security/mfa.md). Here are some additional examples and precautions you can take:
+Session hijacking can potentially affect users across a wide range of commonly used services and applications. One of the best protections for session hijacking is the use of [Multi-Factor Authentication (MFA)](/docs/safety-security/mfa). Here are some additional examples and precautions you can take:
 
 - **Social Media Platforms (Facebook, Twitter, Instagram, etc.)**: These platforms are prime targets for session hijacking due to the wealth of personal information available. Always log out of your sessions when finished, especially on shared devices, and consider using two-factor authentication.
 - **Email Services (Gmail, Outlook, Yahoo, etc.)**: Email accounts are often linked to many other services, making them a valuable target. Use strong, unique passwords and enable two-factor authentication.
@@ -70,4 +70,57 @@ If you suspect you are a victim of session hijacking, here are the following ste
 
 2. **Terminate all sessions from the service:** Many services offer you to terminate sessions from any device. If you suspect one of your devices have had their session token/cookie stolen, then utilize another device and terminate the session from there. Details on how to terminate sessions from popular services can be found below.
 
-3. **Resetting passwords, and utilizing password managers and MFA:** Last but not least. Resetting passwords may not do much during a session hijack, but it will guarantee prevention of future issues. Some services also terminate sessions immediately as well in the event of a session hijack (Steam and Discord do this), so you may not need to terminate sessions actively. Utilizing password managers to use random passwords for all accounts is also highly recommended, as it will prevent attackers from using the same password elsewhere for another account. More information on password managers can be found in our [Password Managers wiki article](/docs/safety-security/pw-managers.md). Multi-Factor authentication is an added security layer on top of that, allowing you to see potential false logins and prevent other people from accessing your account. More information on MFA can be found in our [Multi-Factor Authentication wiki article](/docs/safety-security/mfa.md).
+3. **Resetting passwords, and utilizing password managers and MFA:** Last but not least. Resetting passwords may not do much during a session hijack, but it will guarantee prevention of future issues. Some services also terminate sessions immediately as well in the event of a session hijack (Steam and Discord do this), so you may not need to terminate sessions actively. 
+
+    Utilizing password managers to use random passwords for all accounts is also highly recommended, as it will prevent attackers from using the same password elsewhere for another account. More information on password managers can be found in our [Password Managers wiki article](/docs/safety-security/pw-managers). 
+
+    Multi-Factor authentication is an added security layer on top of that, allowing you to see potential false logins and prevent other people from accessing your account. More information on MFA can be found in our [Multi-Factor Authentication wiki article](/docs/safety-security/mfa).
+
+## Terminating sessions from services
+These are the following steps to follow if you wish to terminate all sessions from the following services.
+
+{: .info .info-icon }
+> As mentioned in the [Tech Scams](/docs/safety-security/tech-scams) page, no real support agent will utilize a third party tool to contact you, such as Discord. They will always utilize a proper ticket method within the service itself, or via emails. This is true for all the following cases.
+
+{: .info .info-icon }
+> Another important point is to change all passwords related to said accounts so the attacker cannot log back in, and also utilizing a [password manager](/docs/safety-security/pw-managers) to ensure you use different passwords on different accounts. Using the same password for multiple accounts is bad practice and can lead the attackers to access other accounts on other services.
+
+### Discord
+To terminate all sessions from Discord, a [password reset/password change](https://support.discord.com/hc/en-us/articles/218410947-I-forgot-my-Password-Where-can-I-set-a-new-one#h_01HGXDF93Y5XVH4NWKAAJSV7SS) will automatically terminate all sessions from all logged in devices.
+
+For more information, refer to the official Discord article here: [Sign Out of all Devices - Discord Support](https://support.discord.com/hc/en-us/community/posts/360056305071-Sign-Out-of-all-Devices)
+
+Once that is done, you can take it one step further and remove all other devices you do not recognize from the discord account by heading to: `User settings` -> `Devices` and select the `Log Out All Known Devices` button.
+
+![Log_Out_All_devices_Discord.gif](/assets/tech-scams/Log_Out_All_devices_Discord.gif)
+
+Should you be in a situation where you could not recover your account still, then the only option left will be to contact [Discord support](https://support.discord.com/hc/en-us/requests/new) and create a ticket there. 
+
+{: .info .info-icon }
+> Do note that Discord however may be lacking in support, so you may be better off creating a new account and securing other accounts that were initially linked to your Discord account. **Do ensure to contact your bank regarding Discord Nitro and terminate all payments towards Nitro and Nitro gifts if the account was compromised.**
+
+### Steam
+To terminate all sessions from Steam, a [password reset/password change](https://help.steampowered.com/en/faqs/view/5107-700D-89B4-A4CD) will automatically terminate all sessions from all logged in devices.
+
+If it was hijacked fully and there are no viable means of recovering your account (See: [Account recovery self help page](https://help.steampowered.com/en/wizard/HelpWithLogin) of Steam), you may need to contact [Steam Support directly](https://help.steampowered.com/en/wizard/HelpWithAccount) and create a ticket there to validate yourself.
+
+### Epic Games
+To terminate all sessions from Epic Games, you will need to go to `Account Settings` -> `Password and Security`. Scroll down the page and look for the `Sign out everywhere` button, then select `Sign out other sessions`. Await the confirmation email for the code, input the confirmation code, and refresh your page.
+
+![Log_Out_All_devices_Epic_Games.gif](/assets/tech-scams/Log_Out_All_devices_Epic_Games.gif)
+
+For more information, refer to the official Epic Games article here: [Logging out of all devices - Account Security - Epic Games](https://www.epicgames.com/help/en-US/c-Category_EpicAccount/c-AccountSecurity/how-do-i-logout-of-all-devices-and-all-logged-in-sessions-for-my-epic-games-account-a000085872).
+
+If it was hijacked fully and there are no viable means of recovering your account, (See: [Account recovery self help page](https://www.epicgames.com/help/en-US/c-Category_EpicAccount/c-AccountSecurity/my-epic-account-was-compromised-and-i-cannot-access-it-a000085846) of Epic Games), you may need to contact [Epic Games directly](https://www.epicgames.com/help/en-US/c-Category_TechnicalSupport/c-TechnicalSupport_GeneralSupport/how-do-i-submit-an-epic-games-support-request-if-i-can-t-log-in-to-my-account-a000088916) via the link and follow their instructions which will work even if you cannot log into any account.
+
+### Google
+Refer to [this guide](https://support.google.com/accounts/answer/3067630?hl=en) on Google's official page to secure your account, recovery procedures as well as termination of sessions on your account.
+
+### Microsoft/Xbox
+While changing the passwords can help secure your account, if the perpetrators are still logged in, you may have to remove the devices via your Microsoft account. Do note that changing your password is still highly recommended here as well to prevent further log ins.
+
+You can do this by heading to the [Microsoft Account Devices](https://account.microsoft.com/devices) page, logging in, and removing any device you do not recognize from that page.
+
+![Log_Out_All_devices_MSXBOX.jpg](/assets/tech-scams/Log_Out_All_devices_MSXBOX.jpg)
+
+If you need further support, you can contact Microsoft Support directly regarding account issues. You can reach their support page [via this link](https://support.microsoft.com/en-us/contactus/).

docs/safety-security/tech-scams.md

@@ -117,7 +117,7 @@ Other email scams may present unsolicited job or interview offers, aiming to ext
 
 Please note that these are merely examples. Email scams are becoming increasingly elaborate, and the most effective way to avoid them is to refrain from interacting with them in the first place and promptly discard them. 
 
-For more information regarding how to recognize a scam email, as well as what kinds of scam emails there are and their examples, please refer to this wiki article here: [Email scams](/docs/safety-security/email-scams.md).
+For more information regarding how to recognize a scam email, as well as what kinds of scam emails there are and their examples, please refer to this wiki article here: [Email scams](/docs/safety-security/email-scams).
 
 ## Precautions to take
 
@@ -136,15 +136,15 @@ Keeping your operating system and web browser updated is a key aspect of maintai
 When signing into sites, it’s important to pay close attention to the details of the sign-in link. Make sure that the link directs you to the official login page of the respective site. Be wary of using QR codes for signing in, as they can easily obscure important details such as the sign-in destination. Despite their convenience, the use of QR codes can increase the risk of overlooking suspicious elements, potentially leading to security breaches.
 
 ### Implementing Multi-Factor Authentication (MFA) and utilizing password managers
-Multi-Factor Authentication (MFA) is a highly recommended security measure that adds an extra layer of protection to your online accounts. By requiring verification from another device during sign-in, MFA significantly increases the difficulty for unauthorized users to gain access to your accounts. More details of MFA can be found in our [Multi-Factor Authentication wiki article](/docs/safety-security/mfa.md). Popular apps of MFA include, but are not limited to:
+Multi-Factor Authentication (MFA) is a highly recommended security measure that adds an extra layer of protection to your online accounts. By requiring verification from another device during sign-in, MFA significantly increases the difficulty for unauthorized users to gain access to your accounts. More details of MFA can be found in our [Multi-Factor Authentication wiki article](/docs/safety-security/mfa). Popular apps of MFA include, but are not limited to:
 - [Steamguard](https://help.steampowered.com/en/faqs/view/06B0-26E6-2CF8-254C) (For Steam only)
 - [Discord MFA](https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Multi-Factor-Authentication) (For Discord only)
 - [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en&co=GENIE.Platform%3DiOS) (General MFA application)
 - [Microsoft Authenticator](https://www.microsoft.com/en-ca/security/business/identity-access/microsoft-entra-mfa-multi-factor-authentication) (General MFA application)
 
 However, it's important to note that the use of QR codes for sign-in can potentially undermine the effectiveness of MFA. The convenience of QR codes can lead to oversights, potentially allowing malicious actors to bypass the additional security provided by MFA. 
 
-In addition to MFA, the use of password managers, such as Bitwarden, can further enhance your online security. Password managers help you create, store, and manage strong, unique passwords for all your accounts, reducing the risk of password-related breaches. By combining the use of MFA and a reliable password manager, you can significantly bolster the security of your online accounts. To learn more about password managers, please refer to our [Password Managers wiki article](/docs/safety-security/pw-managers.md).
+In addition to MFA, the use of password managers, such as Bitwarden, can further enhance your online security. Password managers help you create, store, and manage strong, unique passwords for all your accounts, reducing the risk of password-related breaches. By combining the use of MFA and a reliable password manager, you can significantly bolster the security of your online accounts. To learn more about password managers, please refer to our [Password Managers wiki article](/docs/safety-security/pw-managers).
 
 ### Utilizing different email accounts
 When interacting with websites of uncertain credibility, it’s highly recommended to use an alternative email address. This strategy not only helps to protect your primary email account but also allows you to organize your online activities more effectively. For instance, you might have a dedicated email address for work-related matters, another for gaming, a personal email for communication with friends and family, and an alternative email for potentially risky interactions (such as signing up for shady sites).
@@ -154,12 +154,21 @@ This level of separation can significantly enhance your online security and priv
 The most critical aspect to consider is your financial security. It’s imperative to exercise extreme caution when it comes to online transactions. Never use your credit or debit card for any service that you do not fully trust or recognize. If a site or service seems suspicious or too good to be true, it probably is. Always research and verify the legitimacy of a site before providing any financial information.
 
 ## What you can do to recover your accounts - TODO
-- Change password if possible
-- Contact the account support page - Link steam, discord (although useless af ngl), and epic games pages
-- Set up 2fa and mfa
-- Discuss session hijacking and how to terminate sessions from common services + nuke your system (https://security.stackexchange.com/questions/61427/my-cookies-have-been-stolen-what-to-do):
-    - Discord
-    - Steam
-    - Epic games
-    - Google
-    - Microsoft
+
+Should in case you fall for a scam and wish to recover your accounts, please follow the following steps to attempt to recover your accounts:
+
+### 1. Terminate sessions on the accounts and resetting passwords
+
+The first step is to reset password and terminate sessions from said accounts. Steps to do so, including how to terminate sessions from common services and applications can be found [here](/docs/safety-security/session-hijack#terminating-sessions-from-services).
+
+Most session hijacks can also be virulent in nature. If you suspect you have been affected by a virus where the attacker is using malware as a vector to access your accounts, you may need to reinstall Windows as a whole to completely remove said virus. More info on how to recover from a virulent attack can be found [here](/docs/safety-security/session-hijack#recommended-actions-in-the-event-of-suspected-session-hijacking).
+
+### 2. Contact the support page of said services
+
+The next step is to contact the support page and request for help to ensure you are safe. Said support contacts for popular/common applications can be found [here](/docs/safety-security/session-hijack#terminating-sessions-from-services).
+
+### 3. Set up 2FA and MFA, start using password managers
+
+Setting up 2FA or MFA is an excellent safety precaution to prevent attackers from logging in to the account. You can review setup of MFA and others [above in the "Implementing Multi-Factor Authentication (MFA) and utilizing password managers" section.](/docs/safety-security/tech-scams#implementing-multi-factor-authentication-mfa-and-utilizing-password-managers)
+
+Using [password managers](/docs/safety-security/pw-managers) is also another extra safety precaution we highly recommend to ensure you use different passwords on different accounts. Using the same password for multiple accounts is bad practice and can lead the attackers to access other accounts on other services.