diff --git a/assets/tech-scams/Edit.pptx b/assets/tech-scams/Edit.pptx
new file mode 100644
index 00000000..8c3f436a
Binary files /dev/null and b/assets/tech-scams/Edit.pptx differ
diff --git a/assets/tech-scams/Edit/Slide1.JPG b/assets/tech-scams/Edit/Slide1.JPG
new file mode 100644
index 00000000..dbd2d265
Binary files /dev/null and b/assets/tech-scams/Edit/Slide1.JPG differ
diff --git a/assets/tech-scams/Edit/Slide2.JPG b/assets/tech-scams/Edit/Slide2.JPG
new file mode 100644
index 00000000..180548e2
Binary files /dev/null and b/assets/tech-scams/Edit/Slide2.JPG differ
diff --git a/assets/tech-scams/Edit/Slide3.JPG b/assets/tech-scams/Edit/Slide3.JPG
new file mode 100644
index 00000000..e42296cd
Binary files /dev/null and b/assets/tech-scams/Edit/Slide3.JPG differ
diff --git a/assets/tech-scams/Edit/Slide4.JPG b/assets/tech-scams/Edit/Slide4.JPG
new file mode 100644
index 00000000..9d566a93
Binary files /dev/null and b/assets/tech-scams/Edit/Slide4.JPG differ
diff --git a/assets/tech-scams/Edit/Slide5.JPG b/assets/tech-scams/Edit/Slide5.JPG
new file mode 100644
index 00000000..ff360ba6
Binary files /dev/null and b/assets/tech-scams/Edit/Slide5.JPG differ
diff --git a/assets/tech-scams/Edit/Slide6.JPG b/assets/tech-scams/Edit/Slide6.JPG
new file mode 100644
index 00000000..cfa35145
Binary files /dev/null and b/assets/tech-scams/Edit/Slide6.JPG differ
diff --git a/assets/tech-scams/Edit/Slide7.JPG b/assets/tech-scams/Edit/Slide7.JPG
new file mode 100644
index 00000000..7c0add90
Binary files /dev/null and b/assets/tech-scams/Edit/Slide7.JPG differ
diff --git a/assets/tech-scams/Log_Out_All_devices_Discord.gif b/assets/tech-scams/Log_Out_All_devices_Discord.gif
new file mode 100644
index 00000000..72192d6e
Binary files /dev/null and b/assets/tech-scams/Log_Out_All_devices_Discord.gif differ
diff --git a/assets/tech-scams/Log_Out_All_devices_Epic_Games.gif b/assets/tech-scams/Log_Out_All_devices_Epic_Games.gif
new file mode 100644
index 00000000..68ce4cc0
Binary files /dev/null and b/assets/tech-scams/Log_Out_All_devices_Epic_Games.gif differ
diff --git a/assets/tech-scams/Log_Out_All_devices_MSXBOX.jpg b/assets/tech-scams/Log_Out_All_devices_MSXBOX.jpg
new file mode 100644
index 00000000..a4107494
Binary files /dev/null and b/assets/tech-scams/Log_Out_All_devices_MSXBOX.jpg differ
diff --git a/assets/tech-scams/Reported_account_scam_01.JPG b/assets/tech-scams/Reported_account_scam_01.JPG
new file mode 100644
index 00000000..1984988e
Binary files /dev/null and b/assets/tech-scams/Reported_account_scam_01.JPG differ
diff --git a/assets/tech-scams/Reported_account_scam_02.JPG b/assets/tech-scams/Reported_account_scam_02.JPG
new file mode 100644
index 00000000..180548e2
Binary files /dev/null and b/assets/tech-scams/Reported_account_scam_02.JPG differ
diff --git a/assets/tech-scams/Reported_account_scam_03.JPG b/assets/tech-scams/Reported_account_scam_03.JPG
new file mode 100644
index 00000000..348685eb
Binary files /dev/null and b/assets/tech-scams/Reported_account_scam_03.JPG differ
diff --git a/assets/tech-scams/comp_friend_discord.JPG b/assets/tech-scams/comp_friend_discord.JPG
new file mode 100644
index 00000000..3fb24bef
Binary files /dev/null and b/assets/tech-scams/comp_friend_discord.JPG differ
diff --git a/assets/tech-scams/comp_friend_steam_01.JPG b/assets/tech-scams/comp_friend_steam_01.JPG
new file mode 100644
index 00000000..ffd01a81
Binary files /dev/null and b/assets/tech-scams/comp_friend_steam_01.JPG differ
diff --git a/assets/tech-scams/comp_friend_steam_02.JPG b/assets/tech-scams/comp_friend_steam_02.JPG
new file mode 100644
index 00000000..85418ed3
Binary files /dev/null and b/assets/tech-scams/comp_friend_steam_02.JPG differ
diff --git a/assets/tech-scams/comp_friend_steam_03.JPG b/assets/tech-scams/comp_friend_steam_03.JPG
new file mode 100644
index 00000000..1d047968
Binary files /dev/null and b/assets/tech-scams/comp_friend_steam_03.JPG differ
diff --git a/docs/safety-security/email-scams.md b/docs/safety-security/email-scams.md
new file mode 100644
index 00000000..0aaa91cd
--- /dev/null
+++ b/docs/safety-security/email-scams.md
@@ -0,0 +1,104 @@
+---
+layout: default
+title: Email Scams
+nav_exclude: false
+has_children: false
+parent: Safety & Security
+search_exclude: false
+last_modified_date: 2024-06-23
+redirect_from: /books/safety-and-security/page/email-scams
+---
+# Email Scams
+{: .no_toc}
+
+{% include toc.md %}
+
+The article discusses the evolution and prevalence of email scams. In the past, scammers had limited opportunities and faced significant risks. However, with the advent of the internet and email, they now have a vast, global pool of potential victims and can operate with minimal risk.
+
+Email scammers aim to extract money or personal information without providing anything of value in return. These scams are unfortunately common, as they are profitable due to the number of people who fall for them. They are also low-risk for the scammers, as they are inexpensive to set up, quick to execute, and carry minimal chances of being caught and punished.
+
+Despite the seeming simplicity of most scams, even tech-savvy individuals can sometimes be deceived. The article aims to educate readers about common scams, how to identify them, and steps to take to avoid falling victim to them. This knowledge is crucial in the digital age to protect oneself from such fraudulent activities.
+
+## Avoiding Email scams (The best practices)
+
+To minimize the likelihood of falling victim to an email scam, consider the following preventative measures:
+
+- Acquaint yourself with prevalent scams (which we discuss in this article).
+- Implement a reliable antivirus software. (More information can be found here: [What Antivirus applications we recommend.](/docs/recommendations/av.md))
+- Refrain from clicking on links embedded in emails.
+- Exercise caution with unexpected job or interview propositions.
+- Disregard email attachments received from unfamiliar sources.
+- Utilize disposable email accounts or aliases when signing up for websites that don't require your primary email address. (More information can be found in the `Precautions to take` section of the [Tech scams wiki article.](/docs/safety-security/tech-scams.md))
+- Avoid publicizing your email address on public platforms, including social media.
+
+While spam filters can be beneficial, their potential to inadvertently block important messages renders them a less than ideal solution.
+
+## Identification of email scams
+When examining your inbox, every message and its fields can offer hints to identify potential scams.
+
+- **To field**: Bulk emails often have multiple recipients, especially if the names or email addresses are in alphabetical order. If the email is addressed to your email address instead of your name, it could be a scam. Scammers may also CC multiple recipients within the same company to appear legitimate.
+
+- **From field**: If the sender is unknown or has a foreign name that you don't recognize, it could be a scam. Legitimate businesses usually use their domain name for their email addresses, but some scammers buy similar-looking domains to deceive people. An email address extension other than .com, .org, .gov, or .edu is also suspicious.
+
+- **Subject field**: Scam emails often have clickbait subjects designed to scare, entice, or confuse you. They may also appear to be official correspondence requiring action on your part. It's safest to ignore and delete messages with clickbait subjects. If in doubt, research the sender before opening the message.
+
+- **Body of the message**: If the salutation uses your email address instead of your name or a generic greeting like "Dear valued customer", it could be a scam. Poor language skills, a sense of urgency, or requests for confidential information are all red flags.
+
+- **Attachments**: Be wary of attachments, especially .exe files or compressed archives, as they could contain malware. Even Word, PowerPoint, and Excel documents can include harmful macros, although modern versions of Office will alert you before opening these documents.
+
+More information can be found in this [blogpost discussing email scams and how to avoid them](https://www.comparitech.com/blog/information-security/email-scams/).
+
+## Scam vs Spam
+
+Spam refers to unsolicited and unwanted bulk messages, which can include emails, telemarketing calls, texts, and other digital communications. Despite effective filtering and blocking by ISPs and email providers, the [volume of spam emails increased by 30% in 2021 compared to the previous year](https://www.washingtonpost.com/technology/2022/01/10/email-spam-stop/).
+
+While scams can be seen as a type of spam, they differ in intent. Spammers are typically marketing something, whether it's legitimate or counterfeit products, or services. They might be annoying, but many are legitimate sellers. **In contrast, scammers aim solely to steal from their targets.**
+
+Phishing is a specific type of scam where the perpetrators trick you into providing sensitive information like credit card details, passwords, or Social Security numbers.
+
+## Compromised email accounts
+
+Hacked email accounts can serve as effective Trojan horses, a term used to describe deceptive malware attacks and email scams. Here's an example:
+
+- A man received an email from a friend who is a software engineer. The email contained a suspicious link, which turned out to be a virus. The man confirmed with his friend that his email account had been hacked. (See my personal example in [the "Example of a compromized account scam" section](/docs/safety-security/tech-scams.md) where I had fallen for one such scam message. While not email per say, the methodology works the same way.)
+
+The key takeaway is that even if an email appears to come from someone you know, it could still be a scam. Noticing changes in the sender's usual communication style can help detect a hacked account. The best protection is to verify suspicious emails through a different communication method, such as a phone call or text. This approach not only protects you but also alerts the victim that their account has been compromised.
+
+If you are a victim of one such event where your account was compromised, refer to the [What you can do to recover your accounts](/docs/safety-security/tech-scams.md) section.
+
+## The different kinds of email scams
+
+Scams, some dating back to the early days of the internet, can be recycled or improved upon. Here are some examples. For a more detailed description of them, refer to this [blogpost discussing email scams and how to avoid them](https://www.comparitech.com/blog/information-security/email-scams/).
+
+### Phishing Scams
+Scammers impersonate reputable organizations to trick you into providing sensitive information. If you suspect an email might be legitimate, access your account directly through your web browser to verify.
+
+### Advance Fee Scams
+These scams convince you that you're entitled to money or a free product, but require you to send money in advance.
+
+### 419 Scams/Nigerian Check Scams
+These are early advance fee scams where the sender, often claiming to be a prince, needs your help to access money. If you pay, the sender will find more reasons for you to send money.
+
+### Relative in Distress Scams
+The scammer claims a family member is in trouble and asks for money. If unsure, contact your family member through another method.
+
+### Heartstring Scams
+These scams prey on your compassion, asking you to send money to help victims of various causes. Check CharityWatch to verify unfamiliar charities.
+
+### Business Opportunities and Work-from-Home Scams
+These scams promise easy money for little effort. They often require you to buy something to get started. Pyramid schemes (nowadays referred to as "Multi-Level Marketing") and Ponzi schemes are subcategories of this scam.
+
+### Cryptocurrency Scams
+If you see cryptocurrency in an email from an unknown sender, it's likely a get-rich-quick scam.
+
+### Tech Support Scams
+These scams claim your computer's security is compromised. Big tech companies will never make unsolicited calls or emails claiming your computer is infected.
+
+### Health Scams
+These scams prey on people's insecurities, promising miracle cures. Do not buy health-related products marketed in unsolicited emails.
+
+### Trojan Horse Email Scams
+These messages claim your computer is locked or infected with malware. Run a scan with your antivirus program or Malwarebytes instead of opening these messages.
+
+### Fake job scams
+Offers of employment or gigs that require personal information, payment, or promise high earnings for minimal effort are likely fraudulent and should be approached with caution.
\ No newline at end of file
diff --git a/docs/safety-security/session-hijack.md b/docs/safety-security/session-hijack.md
new file mode 100644
index 00000000..a543dd3b
--- /dev/null
+++ b/docs/safety-security/session-hijack.md
@@ -0,0 +1,126 @@
+---
+layout: default
+title: Session Hijacking
+nav_exclude: false
+has_children: false
+parent: Safety & Security
+search_exclude: false
+last_modified_date: 2024-06-23
+redirect_from: /books/safety-and-security/page/session-hijack
+---
+# Session Hijacking
+{: .no_toc}
+
+{% include toc.md %}
+
+Session hijacking is a cyber attack where an attacker intercepts and controls a user's session with a web application. This can occur during various online activities, such as checking credit card balances or shopping. The attacker can then perform any action that the legitimate user could, leading to potential consequences like accessing sensitive information, stealing money, or committing identity theft.
+
+There are two types of session hijacking attacks: active, where the attacker controls the target's session while it's active, and passive, where the attacker steals the target's session ID by eavesdropping on network traffic.
+
+Session hijacking is dangerous as it allows attackers to gain unauthorized access to protected accounts by posing as a legitimate user. Therefore, staying informed about the latest attack techniques and prevention methods is essential.
+
+## Active Session Hijacking and cookies
+Cookies, also known as internet or HTTP cookies, are small text files that websites store on your computer. They contain data such as a username and password, which are used to identify your computer as you use a network. Cookies are generated by web servers and sent to browsers, which then include the cookies in future HTTP requests.
+
+Cookies serve several purposes. They help inform websites about the user, enabling the websites to personalize the user experience. For example, e-commerce websites use cookies to remember what merchandise users have placed in their shopping carts. Some cookies are necessary for security purposes, such as authentication cookies.
+
+However, cookies can also pose security and privacy concerns. Some viruses and malware may be disguised as cookies. These malicious elements can be used to facilitate session hijacking, a type of cyber attack where an attacker intercepts and takes control of a user’s session with a web application. This can be done actively, where the attacker takes control of the target’s session while it’s active, or passively, where the attacker eavesdrops on network traffic to steal the target’s session ID (Or session token).
+
+In the context of session hijacking, viruses and other malware can be used to steal session cookies, allowing the attacker to impersonate the user and gain unauthorized access to their accounts. Third-party tracking cookies can make it easier for parties you can’t identify to watch where you’re going and what you’re doing online.
+
+A concerning characteristic of cookies and session tokens is their persistence even after a password reset, as long as the device remains active. This means that a malicious actor could maintain access to an account and continue to cause damage, particularly if the session hijacking is facilitated by a virus.
+
+To mitigate this risk, it is necessary to [reinstall the operating system](/docs/installations/), followed by resetting the passwords to ensure the unauthorized user no longer has access to any accounts. Depending on the nature of the account, it may also be crucial to remove authorized devices from the account and re-enroll them, further securing the account from potential threats.
+
+A notable instance of session hijacking occurred with the Linus Media Group, widely recognized for their YouTube channel, Linus Tech Tips (Video of their Session hijacking can be found [here](https://www.youtube.com/watch?v=yGXaAWbzl5A)). Following the download of a malicious PDF file, a virus was able to steal the session tokens, thereby gaining unauthorized access to the channel. Despite password resets, the attacker maintained access due to the possession of the session token. To effectively neutralize the threat and regain control of their accounts, it was necessary for the Linus Media Group to reinstall their operating system and subsequently reset their passwords.
+
+## Passive Session Hijacking
+
+Passive session hijacking occurs when an attacker eavesdrops on network traffic to steal the target’s session ID. This type of attack is easier to execute because all an attacker needs is access to network traffic, which can be easily accomplished if they are on the same network as the target. This is why it is recommended to be extra careful especially when utilizing public wifi for places, such as coffee shops and airports.
+
+In a passive session hijacking attack, the attacker does not actively take control of the session, but rather monitors and collects data from the session. This can include sensitive information such as login credentials, personal data, and financial information.
+
+As an end user, there are several strategies you can employ to prevent passive session hijacking:
+
+- **Use HTTPS**: Always use websites that employ HTTPS (Hypertext Transfer Protocol Secure), which encrypts the data between your browser and the website, making it harder for attackers to eavesdrop on your sessions.
+- **Use a VPN**: A Virtual Private Network (VPN) encrypts your internet connection, making it more difficult for attackers to intercept your data.
+- **Log Out of Websites**: Always log out of websites when you're done using them. This ends your session, preventing attackers from hijacking it. Especially important in areas with public internet access.
+- **Enable Multi-Factor Authentication**: This adds an extra layer of security, requiring another form of verification (like a text message or biometric data) in addition to your password.
+- **Be Cautious of the Links You Click**: Be wary of clicking on links, especially in emails or messages, as these could lead to malicious websites designed to steal your session ID.
+- **Keep Software Up to Date**: Regularly update your operating system, web browser, and other software to ensure you have the latest security patches.
+
+## Examples of prime targets for Session Hijacking and precautions to take:
+
+Session hijacking can potentially affect users across a wide range of commonly used services and applications. One of the best protections for session hijacking is the use of [Multi-Factor Authentication (MFA)](/docs/safety-security/mfa). Here are some additional examples and precautions you can take:
+
+- **Social Media Platforms (Facebook, Twitter, Instagram, etc.)**: These platforms are prime targets for session hijacking due to the wealth of personal information available. Always log out of your sessions when finished, especially on shared devices, and consider using two-factor authentication.
+- **Email Services (Gmail, Outlook, Yahoo, etc.)**: Email accounts are often linked to many other services, making them a valuable target. Use strong, unique passwords and enable two-factor authentication.
+- **Online Shopping Platforms (Amazon, eBay, etc.)**: These sites have your financial information, making them attractive targets. Always ensure you're using a secure (https) connection and log out when finished.
+- **Banking and Financial Services**: These are obvious targets due to the direct access to financial assets. Most banks offer two-factor authentication and other security measures — use them.
+- **Cloud Storage Services (Dropbox, Google Drive, etc.)**: These services can contain a lot of personal or sensitive data. Use strong, unique passwords and two-factor authentication.
+- **Video Conferencing Platforms (Zoom, Microsoft Teams, etc.)**: Unauthorized access to these can lead to eavesdropping on private conversations. Use passwords for meetings and don't share meeting links publicly.
+
+Remember, the key to protecting yourself is vigilance. Always be aware of the information you're sharing and who you're sharing it with. Use all available security measures, such as strong, unique passwords, two-factor authentication, and secure (https) connections.
+
+## Recommended Actions in the Event of Suspected Session Hijacking
+
+If you suspect you are a victim of session hijacking, here are the following steps to follow:
+
+1. **Reinstall the operating system:** If you have downloaded anything suspicious lately, then the best step is to reinstall the operating system since the session hijack could be virulent in nature. It is always safer to start from a clean slate than to stumble around while the attacker still has access to the account. Steps to reinstall an operating system can be found in our [Reinstallation wiki article](/docs/installations/).
+
+2. **Terminate all sessions from the service:** Many services offer you to terminate sessions from any device. If you suspect one of your devices have had their session token/cookie stolen, then utilize another device and terminate the session from there. Details on how to terminate sessions from popular services can be found below.
+
+3. **Resetting passwords, and utilizing password managers and MFA:** Last but not least. Resetting passwords may not do much during a session hijack, but it will guarantee prevention of future issues. Some services also terminate sessions immediately as well in the event of a session hijack (Steam and Discord do this), so you may not need to terminate sessions actively.
+
+ Utilizing password managers to use random passwords for all accounts is also highly recommended, as it will prevent attackers from using the same password elsewhere for another account. More information on password managers can be found in our [Password Managers wiki article](/docs/safety-security/pw-managers).
+
+ Multi-Factor authentication is an added security layer on top of that, allowing you to see potential false logins and prevent other people from accessing your account. More information on MFA can be found in our [Multi-Factor Authentication wiki article](/docs/safety-security/mfa).
+
+## Terminating sessions from services
+These are the following steps to follow if you wish to terminate all sessions from the following services.
+
+{: .info .info-icon }
+> As mentioned in the [Tech Scams](/docs/safety-security/tech-scams) page, no real support agent will utilize a third party tool to contact you, such as Discord. They will always utilize a proper ticket method within the service itself, or via emails. This is true for all the following cases.
+
+{: .info .info-icon }
+> Another important point is to change all passwords related to said accounts so the attacker cannot log back in, and also utilizing a [password manager](/docs/safety-security/pw-managers) to ensure you use different passwords on different accounts. Using the same password for multiple accounts is bad practice and can lead the attackers to access other accounts on other services.
+
+### Discord
+To terminate all sessions from Discord, a [password reset/password change](https://support.discord.com/hc/en-us/articles/218410947-I-forgot-my-Password-Where-can-I-set-a-new-one#h_01HGXDF93Y5XVH4NWKAAJSV7SS) will automatically terminate all sessions from all logged in devices.
+
+For more information, refer to the official Discord article here: [Sign Out of all Devices - Discord Support](https://support.discord.com/hc/en-us/community/posts/360056305071-Sign-Out-of-all-Devices)
+
+Once that is done, you can take it one step further and remove all other devices you do not recognize from the discord account by heading to: `User settings` -> `Devices` and select the `Log Out All Known Devices` button.
+
+
+
+Should you be in a situation where you could not recover your account still, then the only option left will be to contact [Discord support](https://support.discord.com/hc/en-us/requests/new) and create a ticket there.
+
+{: .info .info-icon }
+> Do note that Discord however may be lacking in support, so you may be better off creating a new account and securing other accounts that were initially linked to your Discord account. **Do ensure to contact your bank regarding Discord Nitro and terminate all payments towards Nitro and Nitro gifts if the account was compromised.**
+
+### Steam
+To terminate all sessions from Steam, a [password reset/password change](https://help.steampowered.com/en/faqs/view/5107-700D-89B4-A4CD) will automatically terminate all sessions from all logged in devices.
+
+If it was hijacked fully and there are no viable means of recovering your account (See: [Account recovery self help page](https://help.steampowered.com/en/wizard/HelpWithLogin) of Steam), you may need to contact [Steam Support directly](https://help.steampowered.com/en/wizard/HelpWithAccount) and create a ticket there to validate yourself.
+
+### Epic Games
+To terminate all sessions from Epic Games, you will need to go to `Account Settings` -> `Password and Security`. Scroll down the page and look for the `Sign out everywhere` button, then select `Sign out other sessions`. Await the confirmation email for the code, input the confirmation code, and refresh your page.
+
+
+
+For more information, refer to the official Epic Games article here: [Logging out of all devices - Account Security - Epic Games](https://www.epicgames.com/help/en-US/c-Category_EpicAccount/c-AccountSecurity/how-do-i-logout-of-all-devices-and-all-logged-in-sessions-for-my-epic-games-account-a000085872).
+
+If it was hijacked fully and there are no viable means of recovering your account, (See: [Account recovery self help page](https://www.epicgames.com/help/en-US/c-Category_EpicAccount/c-AccountSecurity/my-epic-account-was-compromised-and-i-cannot-access-it-a000085846) of Epic Games), you may need to contact [Epic Games directly](https://www.epicgames.com/help/en-US/c-Category_TechnicalSupport/c-TechnicalSupport_GeneralSupport/how-do-i-submit-an-epic-games-support-request-if-i-can-t-log-in-to-my-account-a000088916) via the link and follow their instructions which will work even if you cannot log into any account.
+
+### Google
+Refer to [this guide](https://support.google.com/accounts/answer/3067630?hl=en) on Google's official page to secure your account, recovery procedures as well as termination of sessions on your account.
+
+### Microsoft/Xbox
+While changing the passwords can help secure your account, if the perpetrators are still logged in, you may have to remove the devices via your Microsoft account. Do note that changing your password is still highly recommended here as well to prevent further log ins.
+
+You can do this by heading to the [Microsoft Account Devices](https://account.microsoft.com/devices) page, logging in, and removing any device you do not recognize from that page.
+
+
+
+If you need further support, you can contact Microsoft Support directly regarding account issues. You can reach their support page [via this link](https://support.microsoft.com/en-us/contactus/).
\ No newline at end of file
diff --git a/docs/safety-security/tech-scams.md b/docs/safety-security/tech-scams.md
new file mode 100644
index 00000000..2b7980d4
--- /dev/null
+++ b/docs/safety-security/tech-scams.md
@@ -0,0 +1,174 @@
+---
+layout: default
+title: Tech Scams
+nav_exclude: false
+has_children: false
+parent: Safety & Security
+search_exclude: false
+last_modified_date: 2024-06-23
+redirect_from: /books/safety-and-security/page/scams
+---
+# Tech Scams
+{: .no_toc}
+
+{% include toc.md %}
+
+Due to recent advancements in communication over the net, the modern internet is ripe with targets for scammers and shady characters trying to exploit others for their personal benefit, whether that is via scamming you out of your accounts, emails, or stealing your bank credentials and cratering your personal accounts. This document is to make you aware of common forms of scams and what precautions you should take before trusting another individual with personal details or accounts.
+
+This document is to provided you with details on the methods people use to take advantage of the unknowing and what they use to get people to trust them. This document will go into some of the forms people use to gain the "trust" of people, and if you already have fell victim to their scam, it will also discuss what you can do to hopefully recuperate your compromised information and accounts.
+
+## The Tech-Support scam
+
+{: .warning .warning-icon }
+> Beware of direct messages from "admins" or "tech-support" for platforms like Discord or Steam, typically offering to fix account issues. These are scams designed to extract sensitive data or jeopardize your account. Genuine services seldom send such messages and official communication, even from Discord staff, doesn't occur on Discord but through a proper ticket system via emails. Any "official" support offered on Discord is fraudulent.
+
+It’s not uncommon to encounter instances where individuals posing as “administrators” or “technical support” representatives for various online services, such as Discord, Steam, and others, will initiate a direct message (DM) conversation with you. The subject of these messages can vary widely, but a common example might be the “resolution of an account issue," such as the common "I accidentally mass reported your account!" scam.
+
+These unsolicited messages may appear legitimate at first glance, with the sender often mimicking the language and tone of a genuine support representative. However, it’s important to note that these messages are, in fact, a form of scam. The individuals behind them are not associated with the service they claim to represent, and their ultimate goal is to deceive you into divulging sensitive information or performing actions that compromise your account’s security.
+
+One common tactic these scammers employ is to ask you to “verify” your account or “sign in” to resolve the supposed issue. This is a massive red flag. Legitimate services will never ask you to provide your login credentials in a direct message. Another scam to be aware of involves password reset requests. Scammers may claim to "verify yourself" with a code, which often is the password reset code or link, with the aim of hijacking your account. Another particularly insidious method involves the use of QR codes. The scammer may ask you to sign in using a QR code, which can lead to your account being compromised. This is a major concern and should be avoided at all costs.
+
+{: .info .info-icon }
+> Always remember that **legitimate services typically have established channels for addressing account issues** and rarely, if ever, initiate unsolicited direct messages for such matters. If you receive such a message, it’s best to ignore it and report it to the appropriate authorities within the platform. Stay vigilant and protect your digital presence. Remember, your account security is paramount, and you should never feel pressured into taking actions that could potentially compromise it.
+
+### Example of a Tech-Support scam
+
+
+
+ _An example of one of these "I accidentally reported you" scam by clicking here._
+
+
+The scammer approaches a user claiming they "accidentally" reported them because they themselves were "scammed" by a scammer who "claimed" to be you. This garners sympathy from the potential victim, lowering their guard. Often to further sell the scam, they will show "proof" of reporting "your account" by making a fake account to your likeness:
+
+
+
+They then lead you to their "tech support" agent that they were working with to help "resolve" the situation:
+
+
+
+The "support" agent may look legitimate, but remember that no official support agent for a service will be utilizing discord to resolve issues, even official discord staff.
+
+
+
+
+## Request from a Compromised Friend’s account
+
+{: .warning .warning-icon }
+> Exercise caution when dealing with messages from anyone, even those you consider friends, that request you to "register" or "log in" to assist them with a certain task. Be wary as well of requests to download items to aid in "testing" a game or application, particularly if the sender is not known for engaging in development work. This caution should extend to downloading files such as PDFs, PNGs, or any other type of file under the pretext of checking if it "appears correct", as they can contain viruses. Remember, it's always better to be safe than sorry when it comes to your digital security.
+
+Scams can sometimes appear to originate from individuals within your personal network or acquaintances (such as friends on different platforms). However, it’s crucial to be aware that the person contacting you may not be your friend but rather a scammer who has gained access to your friend’s account.
+
+They may approach you with a seemingly innocuous request, such as participating in a competition to enhance their probability of success. The sign-in process for such activities may offer multiple methods, including email, Steam, Discord, and others. Upon registration, your account may be compromised due to the unauthorized acquisition of your credentials.
+
+Another variant of this scam involves requests to download and “test” a program, or to review an image or PDF to verify its appearance/contents. The request to test a program should immediately raise suspicions, particularly if the individual in question has not previously engaged in any recognizable development activities. Developers typically exhibit signs of programming knowledge and often share their projects.
+
+As for images or PDFs, they can sometimes conceal malicious code that executes upon opening. Receiving an unsolicited PDF for review should also be viewed with suspicion.
+
+It’s crucial not to place unwarranted trust in friends when it comes to such requests. Always seek additional information regarding the file in question and attempt to verify their identity through alternative communication channels, such as WhatsApp, Discord, or Steam, if possible.
+
+### Example of a compromized account scam
+
+
+ _An example of one of these compromized account scams can be found by clicking here._
+
+
+Regrettably, I fell victim to such a scam, in which this particular example will detail.
+
+Amidst a gaming session, I received a personal message on Steam from a friend. They requested my assistance in boosting their team’s standing in a competition by signing in with my Steam account. Distracted by the game, I didn’t scrutinize the chat or probe further. Unwittingly, I signed in using the QR code sign in method Steam offers, overlooking the fact that it originated from a location outside my usual area of residence.
+
+The following day, while I was occupied at work, the scammer gained access to my Steam account. Without my knowledge, they began sending messages to my friends, encouraging them to participate in their “competition” to aid my alleged “team’s victory”.
+
+The following screenshots detail one such interaction of the scammers with one of my friends.
+
+
+
+
+
+Unaware of the unfolding situation, I continued with my professional responsibilities at my job. Miraculously, another friend from Steam reached out to me on Discord, a platform I predominantly use for communication, as I rarely resorted to Steam chats. They initiated a casual conversation, oblivious to the fact that I was engaged at work. The subsequent screenshot captures our interaction and my abrupt realization that my Steam account had been compromised.
+
+
+
+Upon this revelation, I promptly reviewed all my friends’ chats, alerting them about the breach in my account’s security. I cautioned them against clicking any links and advised those who had already done so to immediately change their passwords to prevent their accounts from being compromised
+
+
+
+Ultimately, I was able to regain control of my accounts, terminate all other Steam sessions, and prevent the scammer from further accessing my friends list, out of sheer luck. However, it’s important to acknowledge that this incident was the result of several oversights on my part. Specifically, I failed to:
+- Recognize the site I was directed to and the counterfeit Steam login page on the website.
+- Heed the sign-in warning indicating that I was logging in from a device located outside my usual area of residence.
+- Request a follow-up or pay closer attention to the messages I sent or logins from other devices.
+
+{: .info .info-icon }
+> It’s also noteworthy that the friend whom the scammer attempted to defraud is widely knowledgeable about cybersecurity and familiar with scams of this nature. Yet, they unsuspectingly accepted the scammer’s claims because they came from a trusted friend (i.e., me). This serves as a reminder that even professionals can fall prey to such scams, underscoring the need for heightened vigilance.
+
+
+
+## Email scams/Text scams
+
+Email and text scams are prevalent forms of fraudulent activities. These scams, which are becoming increasingly sophisticated, may target various accounts, including your email, bank, or even involve you in a multi-level marketing scheme for their benefit. The complexity of these scams is escalating, making it increasingly challenging to distinguish between authentic and fraudulent emails.
+
+{: .warning .warning-icon }
+> When dealing with suspicious emails, it’s imperative to exercise caution. Always scrutinize the sender’s email address; official communications will originate from official email accounts, not arbitrary third-party emails. Double-check the links, spelling, format of the email, images, and logos. Refrain from clicking on any links within these emails or logging in for verification purposes. Additionally, avoid downloading any attachments, such as applications or PDFs, as they may contain malicious software, including viruses, keyloggers, or session hijackers.
+
+Some email scams may impersonate official services, such as Amazon or FedEx. For instance, you may receive an email regarding a package you’ve supposedly ordered, urging you to “further verify” your details. If you have indeed ordered a package, refer back to the package tracker to confirm its status. Any disputes should be directly mentioned in the tracker, allowing you to contact the relevant party and resolve the dispute through the tracker.
+
+At times, an email may attempt to exploit your business account, reaching out with a seemingly innocuous request for advice or similar. For example, in one instance, supposedly my own CEO reached out to ask for a package of some sort. Thanks to the email it was sent by, and the fact that I have other means of reaching out to my CEO, I was able to immediately identify this as a scam email. By reconfirming with the CEO using official means of communication (in this case, MS Teams), I was able to verify that this was indeed a scam email.
+
+Other email scams may present unsolicited job or interview offers, aiming to extract your personal information with the intent to bypass account security measures or potentially blackmail you later. It’s advisable not to respond to these either.
+
+Please note that these are merely examples. Email scams are becoming increasingly elaborate, and the most effective way to avoid them is to refrain from interacting with them in the first place and promptly discard them.
+
+For more information regarding how to recognize a scam email, as well as what kinds of scam emails there are and their examples, please refer to this wiki article here: [Email scams](/docs/safety-security/email-scams).
+
+## Precautions to take
+
+In order to safeguard oneself from potential scams, it is prudent to adopt preventative measures rather than dealing with the aftermath. The subsequent guidelines provide a general approach to handling unsolicited communications or potential scam messages.
+
+### Avoiding Downloads
+It is crucial to exercise caution when downloading files from the internet. Even seemingly harmless file types such as PNGs, JPGs, PDFs, etc., can harbor malicious scripts or viruses. These harmful elements can be triggered automatically upon download, potentially compromising your account or operating system. Therefore, it is always advisable to thoroughly verify the source and content of any download. In case an unverified file has been downloaded, it is recommended to reinstall the operating system. This ensures the complete eradication of any potentially harmful elements, providing a clean slate for your system’s security.
+
+### Verifying Website Links
+When you receive a link, especially in an unsolicited message, it’s important not to click on it impulsively. Instead, take a moment to inquire about its content and purpose. This precaution can help you avoid landing on a fraudulent page designed to mimic a legitimate website. If you have any doubts about the authenticity of a site, take the time to cross-verify the link with the official site. This step can help confirm the legitimacy of the site and protect you from potential phishing attempts.
+
+### Updating Browser and Antivirus Software
+Keeping your operating system and web browser updated is a key aspect of maintaining system security. Software updates often include patches for known vulnerabilities, which can significantly reduce the risk of a successful cyber attack. An updated system is less susceptible to malicious code execution, providing a safer environment for your online activities.
+
+### Confirming Sign-In Details
+When signing into sites, it’s important to pay close attention to the details of the sign-in link. Make sure that the link directs you to the official login page of the respective site. Be wary of using QR codes for signing in, as they can easily obscure important details such as the sign-in destination. Despite their convenience, the use of QR codes can increase the risk of overlooking suspicious elements, potentially leading to security breaches.
+
+### Implementing Multi-Factor Authentication (MFA) and utilizing password managers
+Multi-Factor Authentication (MFA) is a highly recommended security measure that adds an extra layer of protection to your online accounts. By requiring verification from another device during sign-in, MFA significantly increases the difficulty for unauthorized users to gain access to your accounts. More details of MFA can be found in our [Multi-Factor Authentication wiki article](/docs/safety-security/mfa). Popular apps of MFA include, but are not limited to:
+- [Steamguard](https://help.steampowered.com/en/faqs/view/06B0-26E6-2CF8-254C) (For Steam only)
+- [Discord MFA](https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Multi-Factor-Authentication) (For Discord only)
+- [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en&co=GENIE.Platform%3DiOS) (General MFA application)
+- [Microsoft Authenticator](https://www.microsoft.com/en-ca/security/business/identity-access/microsoft-entra-mfa-multi-factor-authentication) (General MFA application)
+
+However, it's important to note that the use of QR codes for sign-in can potentially undermine the effectiveness of MFA. The convenience of QR codes can lead to oversights, potentially allowing malicious actors to bypass the additional security provided by MFA.
+
+In addition to MFA, the use of password managers, such as Bitwarden, can further enhance your online security. Password managers help you create, store, and manage strong, unique passwords for all your accounts, reducing the risk of password-related breaches. By combining the use of MFA and a reliable password manager, you can significantly bolster the security of your online accounts. To learn more about password managers, please refer to our [Password Managers wiki article](/docs/safety-security/pw-managers).
+
+### Utilizing different email accounts
+When interacting with websites of uncertain credibility, it’s highly recommended to use an alternative email address. This strategy not only helps to protect your primary email account but also allows you to organize your online activities more effectively. For instance, you might have a dedicated email address for work-related matters, another for gaming, a personal email for communication with friends and family, and an alternative email for potentially risky interactions (such as signing up for shady sites).
+
+This level of separation can significantly enhance your online security and privacy. It’s also crucial to be mindful of the personal information you share on these platforms. Sharing sensitive details such as your real name or date of birth can expose you to various risks, including identity theft. Therefore, it’s best to provide minimal personal information, especially on sites you’re unsure about.
+
+The most critical aspect to consider is your financial security. It’s imperative to exercise extreme caution when it comes to online transactions. Never use your credit or debit card for any service that you do not fully trust or recognize. If a site or service seems suspicious or too good to be true, it probably is. Always research and verify the legitimacy of a site before providing any financial information.
+
+## What you can do to recover your accounts - TODO
+
+Should in case you fall for a scam and wish to recover your accounts, please follow the following steps to attempt to recover your accounts:
+
+### 1. Terminate sessions on the accounts and resetting passwords
+
+The first step is to reset password and terminate sessions from said accounts. Steps to do so, including how to terminate sessions from common services and applications can be found [here](/docs/safety-security/session-hijack#terminating-sessions-from-services).
+
+Most session hijacks can also be virulent in nature. If you suspect you have been affected by a virus where the attacker is using malware as a vector to access your accounts, you may need to reinstall Windows as a whole to completely remove said virus. More info on how to recover from a virulent attack can be found [here](/docs/safety-security/session-hijack#recommended-actions-in-the-event-of-suspected-session-hijacking).
+
+### 2. Contact the support page of said services
+
+The next step is to contact the support page and request for help to ensure you are safe. Said support contacts for popular/common applications can be found [here](/docs/safety-security/session-hijack#terminating-sessions-from-services).
+
+### 3. Set up 2FA and MFA, start using password managers
+
+Setting up 2FA or MFA is an excellent safety precaution to prevent attackers from logging in to the account. You can review setup of MFA and others [above in the "Implementing Multi-Factor Authentication (MFA) and utilizing password managers" section.](/docs/safety-security/tech-scams#implementing-multi-factor-authentication-mfa-and-utilizing-password-managers)
+
+Using [password managers](/docs/safety-security/pw-managers) is also another extra safety precaution we highly recommend to ensure you use different passwords on different accounts. Using the same password for multiple accounts is bad practice and can lead the attackers to access other accounts on other services.