1. SteamRep is shutting down at the end of 2024. See announcement.

Some dangerous new scam type

Discussion in 'SteamRep General Discussion' started by Dřevák, Aug 8, 2020.

  1. Dřevák

    Dřevák New User

    Messages:
    25
    Steam:
    STEAM_0:0:44101205
    So, a friend messaged me today on Steam absolutely randomly saying that he needs my help. He then sent me a suspicious link saying that if I vote for his team, he will give me some keys (note. he is and never really was a trader, so he never used stuff like “keys”). I knew it didn’t sound like him so I messaged him on Facebook and sent him screenshot from my mobile phone. He told me he had no idea who that was and that it totally wasn’t him, but it was somehow sent from his account. All that while he was playing a game and was unaware of any of that happening. Is there some kind of stuff that bypasses Steam Guard? Or something that allows you to message other people from somebody’s account? He said someone sent him the very same message the previous day. Does it mean my account is going to send other people this weird link tomorrow? Please help me till this somehow gets me banned for something I couldn’t prevent.
    Dřevák, Aug 8, 2020
    #1
  2. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,969
    SteamRep Admin:
    STEAM_0:1:34690691
    Horse, Aug 8, 2020
    #2
  3. Dřevák

    Dřevák New User

    Messages:
    25
    Steam:
    STEAM_0:0:44101205
    Well, he never lost access to his account, somebody just send this through his account while he was playing a game without noticing anything. He told me that he has changed his password. Will that help him or should he report the whole incident to steam?
    Dřevák, Aug 8, 2020
    #3
  4. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,969
    SteamRep Admin:
    STEAM_0:1:34690691
    Ok well thats still a compromising situation and that needs to be reported to Valve.
    They should report any issues to Steam/Valve.
    Horse, Aug 8, 2020
    #4
  5. Dřevák

    Dřevák New User

    Messages:
    25
    Steam:
    STEAM_0:0:44101205
    How is it possible that they got through his steam guard? I understand that they could have somehow cracked his username and password, but I always taken mobile steam guard for safe.
    Dřevák, Aug 8, 2020
    #5
  6. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,969
    SteamRep Admin:
    STEAM_0:1:34690691
    You/they need to ask Valve these questions - we are not affiliated with Steam/Valve in anyway.

    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**
    Horse, Aug 8, 2020
    #6
  7. Lava

    Lava Public Relations SteamRep Admin

    Messages:
    5,840
    SteamRep Admin:
    STEAM_0:1:46187366
    Good on you for noticing something was fishy. I recommend having your friend:
    1. Change their password immediately, and also change it anywhere else they have the same password set. The scammer will try to log into your email with it when he loses access, so you need to do that first.
    2. De-authorize all other devices here: https://store.steampowered.com/twofactor/manage
    3. Revoke any API keys set. Their only use, if you don't know what that means, is keeping control of your account. Your friend can see and delete any keys added to their account from here: https://steamcommunity.com/dev/apikey
    4. If people are still getting messages from your friend, even after the above have them contact Steam Support at https://help.steampowered.com/

    Phishing websites today are really crafty in how closely they resemble the real site. After verifying you provided the correct password, they will ask you for your Steam Guard code, which most users will provide, and then the scammers will be sneaky about how they use the account. Most likely your friend entered their username/password and Steam Guard code into what they thought was a Steam community login page, nothing obvious immediately happened, and then the scammers - still secretly logged in - started using the account to send links and steal additional accounts.

    Contrary to popular belief, Steam Guard does not protect you from things like this, and it does not in any way make you "hacker proof". You could blame Valve for not doing enough, but to be fair, that's a difficult problem to solve.
    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**
    Lava, Aug 11, 2020
    #7