My Steam Account was Phished

Everything else!

Moderators: Bakhtosh, EvilHomer3k

User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

My Steam Account was Phished

Post by Jag »

Hey, if anyone got a Steam message from me in the last day, please ignore it. I received a PM from an old member Koz asking to vote for his E-sports team. I said sure, but it required a Steam login to the Intel site. I thought it was strange, so i Googled the site and it came up as an Intel site. So i logged in and voted. Then I saw today that someone bought a Counterstrike gun for $27 on my Steam balance. I realized immediately what had happened. I got some PMs from other OO members that my account had reached out too.

I changed my Steam password and googled Steam phishing and saw that they could also create an API link, which they did. I deleted the API and I'm hoping my account is secure now. Sorry for anyone that got a message from me. Don't be a moron like I was. And thank the lord for 2FA. I probably would have lost my account if I didn't have it.

At least I still have the item they bought. I put in a ticket with Steam, but if they can't help me, I guess I'll sell it.
User avatar
naednek
Posts: 10866
Joined: Tue Oct 19, 2004 9:23 pm

Re: My Steam Account was Phished

Post by naednek »

weird. Koz messaged me asking for a favor. I thought it was genuine. He never responded. Glad that he didn't :D
hepcat - "I agree with Naednek"
User avatar
hitbyambulance
Posts: 10233
Joined: Wed Oct 13, 2004 3:51 am
Location: Map Ref 47.6°N 122.35°W
Contact:

Re: My Steam Account was Phished

Post by hitbyambulance »

i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
User avatar
Holman
Posts: 28906
Joined: Sun Oct 24, 2004 8:00 pm
Location: Between the Schuylkill and the Wissahickon

Re: My Steam Account was Phished

Post by Holman »

hitbyambulance wrote: Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
Can I register as "addled"? Because I would appreciate such a service.
Much prefer my Nazis Nuremberged.
User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

Re: My Steam Account was Phished

Post by Jag »

hitbyambulance wrote: Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
I guess I fall into the elderly category.
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: My Steam Account was Phished

Post by Lorini »

Does having Steam Guard help with this? I have Steam Guard
Black Lives Matter
User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

Re: My Steam Account was Phished

Post by Jag »

Lorini wrote: Mon Nov 30, 2020 7:53 pm Does having Steam Guard help with this? I have Steam Guard
Yes. That's 2 factor authentication. It most likely saved my Steam account.
User avatar
Smoove_B
Posts: 54567
Joined: Wed Oct 13, 2004 12:58 am
Location: Kaer Morhen

Re: My Steam Account was Phished

Post by Smoove_B »

Thanks for sharing...I could see this being particularly effective for our group.
Maybe next year, maybe no go
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: My Steam Account was Phished

Post by Anonymous Bosch »

Indeed, two-factor authentication (2FA) is vastly superior than relying on passphrases alone. That's why I use a Yubikey wherever possible, as explained by Linus Sebastian below:

"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Lassr
Posts: 16862
Joined: Wed Oct 13, 2004 10:51 am
Location: Rocket City (AL)
Contact:

Re: My Steam Account was Phished

Post by Lassr »

I got the message from Jag or fake Jag. Did a little research and thought the site was legit although it seemed weird. Should have went with my instinct... I've changed my Steam password.
Also had an API link that I deleted and unauthorized all devices except my computer.
The only reason people get lost in thought is because it's unfamiliar territory.

Black Lives Matter
User avatar
jztemple2
Posts: 11541
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: My Steam Account was Phished

Post by jztemple2 »

Holman wrote: Mon Nov 30, 2020 7:44 pm
hitbyambulance wrote: Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
Can I register as "addled"? Because I would appreciate such a service.
I worry about this happening to my wife as she isn't as computer savvy (and paranoid) as I am. Happily she has seen the light and now just deletes all messages she is the least suspicious about. Still, she gets a lot of emails and I worry one will slip through

About nine years ago she got socially hacked (I think that is the term) when right at the time of the William and Kate royal wedding she got an email from my sister who said she was in London for the wedding and got her purse stolen and she needed money. This happened after I went to bed so I didn't know about it. This was a perfect storm of coincidences as my sister had just come into some money and this was just the kind of flaky thing she would do, go to a foreign country and lose all her money.

So my wife contacted Western Union and sent some money. Early the next morning my wife was on the computer to see if my sister had received the money. She said she had but needed more and my wife sent some more just before I woke up and she told me about it. This all sounded fishy to me so I picked up the phone and called my sister's home in the States and of course she was home :(. Turns out someone had hacked her email account and like a twit she hadn't called her family to let us know. Someone was using her contacts list and trying to get someone to send them money.

The good news about the story is that my wife immediately filled out reports for the police and for Western Union, and two years later got all her money back because WU failed to check the id of the person who had picked up the money and were required to reimburse us. And of course, lesson learned.
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
User avatar
Rumpy
Posts: 12672
Joined: Sun Mar 27, 2005 6:52 pm
Location: Sudbury, Ontario, Canada

Re: My Steam Account was Phished

Post by Rumpy »

hitbyambulance wrote: Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
Yeah, that'd be a great idea. I've got my Dad trained on using a program called Mailwasher. It acts as a sort of filter showing the headers, and you launch it before the mail client before, and it's done a pretty good job of keeping him out of trouble. You have to select everything manually to be deleted, but it's still better than nothing. And years ago, when this program was free, I'd actually introduced to posters on a forum where the demo was mostly older, and they'd loved it for the ease of use.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: My Steam Account was Phished

Post by LawBeefaroni »

jztemple2 wrote: Mon Nov 30, 2020 11:41 pm

About nine years ago she got socially hacked (I think that is the term)
"Social engineering" I believe.





Nice job by Jag letting everyone know, too.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
jztemple2
Posts: 11541
Joined: Fri Feb 13, 2009 7:52 am
Location: Brevard County, Florida, USA

Re: My Steam Account was Phished

Post by jztemple2 »

LawBeefaroni wrote: Tue Dec 01, 2020 12:50 am
jztemple2 wrote: Mon Nov 30, 2020 11:41 pm

About nine years ago she got socially hacked (I think that is the term)
"Social engineering" I believe.
Thanks, that sounds better too.
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
malchior
Posts: 24794
Joined: Wed Oct 13, 2004 12:58 pm

Re: My Steam Account was Phished

Post by malchior »

jztemple2 wrote: Mon Nov 30, 2020 11:41 pmThe good news about the story is that my wife immediately filled out reports for the police and for Western Union, and two years later got all her money back because WU failed to check the id of the person who had picked up the money and were required to reimburse us. And of course, lesson learned.
Wow. I've dealt with this issue for many years now and this is the first time I've ever heard anything like this. That is extremely lucky!

My recommendation to people is to never ever send log into anything without a "naked" HTTPS url. That means you can see it in the browser address bar and can hover over it, see the same address as is displayed on the clickable link, and more importantly you can click on the lock icon and see that the url matches. That is usually too complicated for many so the browsers have stepped up quite a bit to help out. In any case, this is easily the biggest problem we still see in the real world and every company in the world has ongoing phishing training as part of their security awareness compliance framework.

Even worse once they get one set of credentials they'll often add them to their attack dictionaries and try a technique called 'credential stuffing'. This technique involves taking the stolen credential and attempting to log into popular websites because people tend to reuse passwords. More sophisticated actors build libraries to try to profile people and even predict other 'unique' passwords. Anyway, bottom line - turn on 2-factor wherever you can and importantly *put a passcode* on your cell phone accounts. One way to break text based 2-factor is to port a phone number to another carrier and then 'steal' the texts. Some quick 10-minute things like setting protections up like that or freezing credit accounts can save you a lot of work in the future.
User avatar
Daehawk
Posts: 63524
Joined: Sat Jan 01, 2005 1:11 am

Re: My Steam Account was Phished

Post by Daehawk »

I get emails all the time saying "We see you're having trouble logging into your...I cant recall if its Imgur or some other one...I just laugh and move on.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: My Steam Account was Phished

Post by stessier »

Thanks for this thread. I got the Fake Jag chat today and just deleted it. Not sure what I would have done without the heads up.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
Little Raven
Posts: 8608
Joined: Wed Oct 13, 2004 10:26 am
Location: Austin, TX

Re: My Steam Account was Phished

Post by Little Raven »

Huh. I got the fake Jag chat yesterday. I hadn't seen this thread yet, so I (eventually) responded, but I never got more than the initial chat line.

Weird.
/. "She climbed backwards out her
\/ window into Outside Over There."
User avatar
Holman
Posts: 28906
Joined: Sun Oct 24, 2004 8:00 pm
Location: Between the Schuylkill and the Wissahickon

Re: My Steam Account was Phished

Post by Holman »

My MIL lives with us, and she is at least savvy enough to ask me about anything at all that looks unusual.

A couple of days ago she received a very Microsoft-looking notice apparently from Windows Defender, but she immediately realized that the website address didn't look Microsoft at all. I have taught her well. :)
Much prefer my Nazis Nuremberged.
User avatar
El Guapo
Posts: 41243
Joined: Sat Jul 09, 2005 4:01 pm
Location: Boston

Re: My Steam Account was Phished

Post by El Guapo »

The true lesson here is to not have any friends.
Black Lives Matter.
User avatar
ImLawBoy
Forum Admin
Posts: 14950
Joined: Tue Oct 12, 2004 9:49 pm
Location: Chicago, IL
Contact:

Re: My Steam Account was Phished

Post by ImLawBoy »

The real treasure is the friends we shunned along the way.
That's my purse! I don't know you!
User avatar
Lassr
Posts: 16862
Joined: Wed Oct 13, 2004 10:51 am
Location: Rocket City (AL)
Contact:

Re: My Steam Account was Phished

Post by Lassr »

El Guapo wrote: Tue Dec 01, 2020 11:12 am The true lesson here is to not have any friends.
Deleting all of you now!

As I said, I should have trusted my instinct but the Jag ID led back to his real account and I thought he surely was not hacked due to 2FA, that prevented my account from being totally taken. I started to ask him to PM me in OO or post it (since that usually is the protocol for us to ask for favors but didn't, DOH!) Then I researched the intel site and it seemed legit. It was a well done scam. First one I ever fell for.
The only reason people get lost in thought is because it's unfamiliar territory.

Black Lives Matter
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: My Steam Account was Phished

Post by stessier »

Lassr wrote: Tue Dec 01, 2020 11:30 am First one I ever fell for.
As far as you know. :ninja:
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
Daehawk
Posts: 63524
Joined: Sat Jan 01, 2005 1:11 am

Re: My Steam Account was Phished

Post by Daehawk »

You're just getting old. :)
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
Lassr
Posts: 16862
Joined: Wed Oct 13, 2004 10:51 am
Location: Rocket City (AL)
Contact:

Re: My Steam Account was Phished

Post by Lassr »

Daehawk wrote: Tue Dec 01, 2020 11:44 am You're just getting old. :)
No doubt, miss the days when technology issues was setting the clock on the VCR that my parents dealt with, not recognizing elaborate internet scams.
The only reason people get lost in thought is because it's unfamiliar territory.

Black Lives Matter
User avatar
Daehawk
Posts: 63524
Joined: Sat Jan 01, 2005 1:11 am

Re: My Steam Account was Phished

Post by Daehawk »

As a 11 or 12 year old I used to have to set the clock on our VCR lol. Dad was in his 50s...so my age now....and he just couldn't do it. I guess soon Ill be flubbing so much tech stuff up. Im sure a kid or teen could make fun of me for a smart phone use. I just use it for a couple pics and as an actual phone.
Last edited by Daehawk on Tue Dec 01, 2020 2:29 pm, edited 1 time in total.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
Rumpy
Posts: 12672
Joined: Sun Mar 27, 2005 6:52 pm
Location: Sudbury, Ontario, Canada

Re: My Steam Account was Phished

Post by Rumpy »

Lassr wrote: Tue Dec 01, 2020 11:30 am
El Guapo wrote: Tue Dec 01, 2020 11:12 am The true lesson here is to not have any friends.
Then I researched the intel site and it seemed legit. It was a well done scam. First one I ever fell for.
What puzzles me is the Intel part of it. I mean, unless Intel were actually known for a similar site, that would raise the red flag for me. I wonder if intel know of this scam, and if they don't they probably should.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
User avatar
Jag
Posts: 14435
Joined: Wed Oct 13, 2004 3:24 pm
Location: SoFla

Re: My Steam Account was Phished

Post by Jag »

Lassr wrote: Tue Dec 01, 2020 11:30 am
El Guapo wrote: Tue Dec 01, 2020 11:12 am The true lesson here is to not have any friends.
Deleting all of you now!

As I said, I should have trusted my instinct but the Jag ID led back to his real account and I thought he surely was not hacked due to 2FA, that prevented my account from being totally taken. I started to ask him to PM me in OO or post it (since that usually is the protocol for us to ask for favors but didn't, DOH!) Then I researched the intel site and it seemed legit. It was a well done scam. First one I ever fell for.
Yeah, first one I fell for as well.

I'm so sorry that I got you guys caught up in my idiocy. I'm hoping no one got a message from me after I made this thread (around 6pm Monday 11/30) because that's when I took all the measures to lock down my account again.
User avatar
Scuzz
Posts: 10899
Joined: Tue Jul 08, 2008 5:31 pm
Location: The Arm Pit of California

Re: My Steam Account was Phished

Post by Scuzz »

I don't trust anything on the internet so I am sure I have turned down legit friend requests and others on Steam. But it has protected me from things like this I guess.
Black Lives Matter
User avatar
Brian
Posts: 12553
Joined: Sat Oct 16, 2004 8:51 am
Location: South of Heaven
Contact:

Re: My Steam Account was Phished

Post by Brian »

Mine got hit too. I've changed my password but ignore any "favor" requests from me.
"Don't believe everything you read on the internet." - Abraham Lincoln
User avatar
Godzilla Blitz
Posts: 1028
Joined: Thu Oct 14, 2004 2:27 pm
Location: Twin Cities MN

Re: My Steam Account was Phished

Post by Godzilla Blitz »

I just got one of these from [OO] Brian. I'm aware of the scam so I didn't fall for it. I'm not sure who that maps to here, but since the scam blocks friends on Steam I thought I'd mention it in case it helps.

EDIT: Oh... That's probably you, Brian, who posted right before me. :)
User avatar
Daehawk
Posts: 63524
Joined: Sat Jan 01, 2005 1:11 am

Re: My Steam Account was Phished

Post by Daehawk »

Was starting to think Id not get one..should have known. Just got this...

[5:20 PM]
[OO] Brian:
heyare you busy rn?
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
dbt1949
Posts: 25687
Joined: Wed Oct 13, 2004 12:34 am
Location: Hogeye Arkansas

Re: My Steam Account was Phished

Post by dbt1949 »

BRIAN IS EVIL!
Ye Olde Farte
Double Ought Forty
aka dbt1949
User avatar
Octavious
Posts: 20035
Joined: Fri Oct 15, 2004 2:50 pm

Re: My Steam Account was Phished

Post by Octavious »

Ya I got a message from. Koz but no link and just replied with a ? As it was hours after it was sent to me. Shrug
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.

Shameless plug for my website: www.nettphoto.com
User avatar
Brian
Posts: 12553
Joined: Sat Oct 16, 2004 8:51 am
Location: South of Heaven
Contact:

Re: My Steam Account was Phished

Post by Brian »

dbt1949 wrote: Tue Dec 01, 2020 7:53 pm BRIAN IS EVIL!
Well I mean, yeah....but not this kind of evil.
"Don't believe everything you read on the internet." - Abraham Lincoln
User avatar
Lassr
Posts: 16862
Joined: Wed Oct 13, 2004 10:51 am
Location: Rocket City (AL)
Contact:

Re: My Steam Account was Phished

Post by Lassr »

When you google search intelprocup now, a steam thread pops up saying it's a scam. I didn't get that the other day, I just got a site that said it was potentially legit but was too new
The only reason people get lost in thought is because it's unfamiliar territory.

Black Lives Matter
User avatar
The Preacher
Forum Moderator
Posts: 13037
Joined: Mon Nov 01, 2004 11:57 am

Re: My Steam Account was Phished

Post by The Preacher »

Almost got me. But having been off in the desert for so long, I found it very odd that Jag was reaching out. So I came back to OO to see if it was really him. He'd already caught it by that point.

Damn good scam if it's that easy to pull off.
You do not take from this universe. It grants you what it will.
User avatar
gbasden
Posts: 7664
Joined: Wed Oct 13, 2004 1:57 am
Location: Sacramento, CA

Re: My Steam Account was Phished

Post by gbasden »

Brian wrote: Tue Dec 01, 2020 8:35 pm
dbt1949 wrote: Tue Dec 01, 2020 7:53 pm BRIAN IS EVIL!
Well I mean, yeah....but not this kind of evil.
Brian seems kind of sus.
User avatar
Fretmute
Posts: 8513
Joined: Wed Oct 20, 2004 7:05 pm
Location: On a hillside, desolate

Re: My Steam Account was Phished

Post by Fretmute »

Jag wrote: Mon Nov 30, 2020 7:51 pm
hitbyambulance wrote: Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
I guess I fall into the elderly category.
For what it's worth, I ignored it because I knew there was a zero percent chance that one us typed the phrase "Sup mate, can i shoot you with a question xd?"
User avatar
The Meal
Posts: 27987
Joined: Tue Oct 12, 2004 10:33 pm
Location: 2005 Stanley Cup Champion

Re: My Steam Account was Phished

Post by The Meal »

gbasden wrote: Tue Dec 01, 2020 10:24 pm
Brian wrote: Tue Dec 01, 2020 8:35 pm
dbt1949 wrote: Tue Dec 01, 2020 7:53 pm BRIAN IS EVIL!
Well I mean, yeah....but not this kind of evil.
Brian seems kind of sus.
It's *always* BlueBrawls.
"Better to talk to people than communicate via tweet." — Elontra
Locked