1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Scam which I cant explain how happened

Discussion in 'SteamRep General Discussion' started by sl4vk0, Mar 27, 2018.

  1. sl4vk0

    sl4vk0 New User

    Messages:
    1
    Steam:
    STEAM_0:0:226983191
    I was playing pubg with my friends and I opened crate and got skin for P18C...Im never using pistols in pubg so I wanted to send it to my friend to play with it. So I clicked on my friends profile and sent him offer (so I couldnt have wrong offer or something) look at this picture http://prntscr.com/ix7sg1 after I sent him offer, it got instantly declined and I got new offer from account on upper picture, actually I 'sent him offer' as u can see it on picture it says im offering my skin for his case. But I didnt see it, I confirmed offer on my phone and didnt even watch whats in the offer cuz I saw its my friends name so I didnt care much. And thats it, I sent offer to my friends impersonator. But what I dont get is, we was on discord and I told my friend Im going to send him that skin, so how could that scammer know to take my friends name and picture in right time, its probably bot, but how it works?? Im just random guy, I mean Im not youtuber or something like that,I got like $20 in my inventory (my friend even less) so I dont know how that bot found us and also, why it says I sent that offer to him? Cuz I know I sent only one offer to my friend and that was mine p18c skin as gift ( didnt take anything from his inventory)

    This is my friends steam profile: http://steamcommunity.com/id/Slavennnn

    This is scammers steam profile:
    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**


    So do you know how is that possible? I dont care about skin its $1 but I just want to know how I got scammed. Hope you understand what I meant, cuz my english is not very well so If you have any questions just ask.
    Last edited by a moderator: Mar 27, 2018
  2. Nebras

    Nebras New User

    Messages:
    249
    Steam:
    STEAM_0:0:92811415
    have you logged in to any untrusted sites using Steam? or have any untrusted extensions in your browser?
    most likely one of two situations:
    1- you logged in to a phishing site, that displayed a fake Steam login page, you entered your password and your 2-fac code, that site then has access to your Steam account, but can't confirm any trade offers, because it needs confirmation from your phone, but it can send trade offers without confirming, decline or cancel trade offers, and find your trade offer link
    2- you have downloaded an untrusted extension on your browser that's doing all that

    so what happened is, you sent an offer to your friend, offering a skin for nothing in return, the scammer sees that offer (automated), sees its details and the account it's being sent to, cancels the offer then orders a bot to impersonate your friend then send you the exact same trade offer.

    what to do:
    1- remove any untrusted extensions from your browser, then do a virus scan, try malwarebytes if you don't have any protection
    2- go here http://store.steampowered.com/twofactor/manage and deauthorize all other devices
    3- change your password
  3. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,831
    SteamRep Admin:
    STEAM_0:1:34690691
    I've hidden the so called scammers profile information as this is not where you submit reports.
    For phishing or hacking situations those should be reported to Valve.
  4. GoProJuns

    GoProJuns New User

    Messages:
    13
    Steam:
    STEAM_0:0:195993160
    What I've seen happening is people logging into phishing links and once you provide your steam credentials, the scammer has a bot that auto logs in and runs a script in your account. It's designed to automatically decline the offer and send a fake offer from an identical account (the bot copies the profile in seconds). You confirm it on mobile thinking its the real offer.
    Change your password and deactivate all other devices (account details > manage steam guard > deauthorize all other devices
    Lava likes this.
  5. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,858
    SteamRep Admin:
    STEAM_0:1:46187366
    As @GoProJuns pointed out, this is what a most phishing looks like today. You most likely entered your password (and Steam Guard code) into a malicious website masquerading as a part of Steam, or with a fake OpenID login page. You can tell because if you go into your trade offer history, whenever you send or receive a trade offer of your own, it gets cancelled and a trade offer is sent on your behalf that you didn't actually initiate, to an account you don't recognize. Change your password and deauthorize all devices, and it will usually stop.

    This typically happens on betting sites, where their login page is fake, but sometimes on fake cashout sites. Stay far away from anything that has to do with gambling in Steam, and don't use any cashout or item "deposit" websites unless you absolutely know what you're doing. And never trust links anywhere in Steam.
    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**
  6. derfy

    derfy New User

    Messages:
    75
    Steam:
    STEAM_0:0:1948671
    With regard to this, is it possible to copy the link and paste it in notepad to see if it looks fishy? Or is this something else?
  7. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,831
    SteamRep Admin:
    STEAM_0:1:34690691
    I tell ya the best thing to do is just hover your mouse over the URL - you should be able to spot the difference of the address while doing that and not having to click on it.
    https://forums.steamrep.com/threads/screenshot-guide-requirements.157969/
    That page there has some examples of what that shows at the bottom of the browser.
    I have to test these sites that are reported to see if they have to do with fake gambling or phishing since we only accept reports for the fake gambling sites and the phishing attempts we would redirect you to Valve. I use a few things like a VM or Virtual Machine to test without the threat of infecting myself. Most of those phishing sites or well all of them so far that I've come across aren't injecting anything bad they just throw the prompt up which is a fake Steam Login page.
    The objective is to get your login info which gives them access to the account so they can access other sites that your using with the steam login. They find things you've listed for trade such as on opskins or marketplace and decrease the amount to near 0 and buy it fast. This is just an example of course but certainly the biggest thing I've been seeing here lately.
    Anytime you come across a phishing attempt or site being suggested by a user on Steam make sure you report it to Valve
    Directions below:
    In order to do that, you have to:
    1. Visit the accuseds profile
    2. Click MORE drop-down located at the top right of the page
    3. Choose REPORT VIOLATION
    4. Select the violation, then describe it and provide the evidence
    5. Click SUBMIT REPORT

    Click here to view an animated gif that shows how to report a violation.

    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative).**
    Last edited: Mar 28, 2018
  8. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,858
    SteamRep Admin:
    STEAM_0:1:46187366
    I would recommend against this. A lot of Steam phishing now is designed to be really subtle, with either a slight misspelling that you probably won't recognize, or international look-alike characters - replacing the s in steamcommunity.com with for example.

    The safest way to handle it is to enter the URL on your own, or use a bookmark, instead of copying and pasting. And then only visit websites you already recognize as legitimate, and never trust anything related to gambling.
    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**
    Zoofie_ likes this.