Responding to a Cyber Incident: My Experience with the “Test My Game” Scam

Recently, I found myself falling victim to what is commonly known as the “Test My Game” scam—a reminder of how even experienced users can make mistakes. In this post, I’ll share my experience, the steps I took to secure my accounts and devices, and the lessons learned in the hope that it helps others avoid similar situations.

The Incident

It all began when I received messages from two older Discord accounts that I had known for years. Trusting my past experiences, I let my guard down when they sent me a link to download a supposedly exciting game for testing. Unfortunately, I executed the file without giving it a second thought. Moments later, a third Discord account contacted me with alarming news: they were logged into my Google account.

Immediate Actions Taken

Realizing the gravity of the situation, I quickly took action:
1. Disconnection from the Internet: First, I removed my PC from the network to prevent further unauthorized access.
2. Account Security: I logged out of all devices from both Google and Discord. This was crucial in cutting off any potential continued access by the malicious actors.
3. Password Resets: I initiated password resets for all my accounts, knowing that my old passwords were stored on Google.
4. Two-Factor Authentication: Where possible, I enabled two-factor authentication (2FA) to further secure my accounts.

System Recovery Efforts

To address the potential malware on my system:
1. Clean Installation of Windows 11: I performed a clean installation of Windows, which wiped the drive containing the OS. However, I was aware that this might not be sufficient to remove all traces of malicious Software.
2. Antivirus Scanning: I ran a full scan with Windows Defender and planned to install additional Software, such as Avast and Malwarebytes, to conduct comprehensive scans on my system. At present, my PC remains disconnected from the network during these recovery efforts.

Seeking Further Advice

I am aware of the potential for residual malware, which leads me to ask: if necessary, what tools do you recommend for performing a complete wipe of additional drives? Ideally, I would prefer not to erase everything, but I understand it may be the safest option.

Conclusion

Ultimately, my goal is to ensure that I’ve taken every precaution to secure my accounts and remove any lingering threats. If