My Steam Account was Phished
Moderators: Bakhtosh, EvilHomer3k
- Jag
- Posts: 14435
- Joined: Wed Oct 13, 2004 3:24 pm
- Location: SoFla
My Steam Account was Phished
Hey, if anyone got a Steam message from me in the last day, please ignore it. I received a PM from an old member Koz asking to vote for his E-sports team. I said sure, but it required a Steam login to the Intel site. I thought it was strange, so i Googled the site and it came up as an Intel site. So i logged in and voted. Then I saw today that someone bought a Counterstrike gun for $27 on my Steam balance. I realized immediately what had happened. I got some PMs from other OO members that my account had reached out too.
I changed my Steam password and googled Steam phishing and saw that they could also create an API link, which they did. I deleted the API and I'm hoping my account is secure now. Sorry for anyone that got a message from me. Don't be a moron like I was. And thank the lord for 2FA. I probably would have lost my account if I didn't have it.
At least I still have the item they bought. I put in a ticket with Steam, but if they can't help me, I guess I'll sell it.
I changed my Steam password and googled Steam phishing and saw that they could also create an API link, which they did. I deleted the API and I'm hoping my account is secure now. Sorry for anyone that got a message from me. Don't be a moron like I was. And thank the lord for 2FA. I probably would have lost my account if I didn't have it.
At least I still have the item they bought. I put in a ticket with Steam, but if they can't help me, I guess I'll sell it.
- naednek
- Posts: 10905
- Joined: Tue Oct 19, 2004 9:23 pm
Re: My Steam Account was Phished
weird. Koz messaged me asking for a favor. I thought it was genuine. He never responded. Glad that he didn't
hepcat - "I agree with Naednek"
- hitbyambulance
- Posts: 10366
- Joined: Wed Oct 13, 2004 3:51 am
- Location: Map Ref 47.6°N 122.35°W
- Contact:
Re: My Steam Account was Phished
i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
- Holman
- Posts: 29182
- Joined: Sun Oct 24, 2004 8:00 pm
- Location: Between the Schuylkill and the Wissahickon
Re: My Steam Account was Phished
Can I register as "addled"? Because I would appreciate such a service.hitbyambulance wrote: ↑Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
Much prefer my Nazis Nuremberged.
- Jag
- Posts: 14435
- Joined: Wed Oct 13, 2004 3:24 pm
- Location: SoFla
Re: My Steam Account was Phished
I guess I fall into the elderly category.hitbyambulance wrote: ↑Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
- Lorini
- Posts: 8282
- Joined: Wed Oct 13, 2004 8:52 am
- Location: Santa Clarita, California
Re: My Steam Account was Phished
Does having Steam Guard help with this? I have Steam Guard
Black Lives Matter
- Jag
- Posts: 14435
- Joined: Wed Oct 13, 2004 3:24 pm
- Location: SoFla
- Smoove_B
- Posts: 55011
- Joined: Wed Oct 13, 2004 12:58 am
- Location: Kaer Morhen
Re: My Steam Account was Phished
Thanks for sharing...I could see this being particularly effective for our group.
Maybe next year, maybe no go
- Anonymous Bosch
- Posts: 10544
- Joined: Thu Oct 14, 2004 6:09 pm
- Location: Northern California [originally from the UK]
Re: My Steam Account was Phished
Indeed, two-factor authentication (2FA) is vastly superior than relying on passphrases alone. That's why I use a Yubikey wherever possible, as explained by Linus Sebastian below:
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
- Lassr
- Posts: 16887
- Joined: Wed Oct 13, 2004 10:51 am
- Location: Rocket City (AL)
- Contact:
Re: My Steam Account was Phished
I got the message from Jag or fake Jag. Did a little research and thought the site was legit although it seemed weird. Should have went with my instinct... I've changed my Steam password.
Also had an API link that I deleted and unauthorized all devices except my computer.
Also had an API link that I deleted and unauthorized all devices except my computer.
The only reason people get lost in thought is because it's unfamiliar territory.
Black Lives Matter
Black Lives Matter
- jztemple2
- Posts: 11823
- Joined: Fri Feb 13, 2009 7:52 am
- Location: Brevard County, Florida, USA
Re: My Steam Account was Phished
I worry about this happening to my wife as she isn't as computer savvy (and paranoid) as I am. Happily she has seen the light and now just deletes all messages she is the least suspicious about. Still, she gets a lot of emails and I worry one will slip throughHolman wrote: ↑Mon Nov 30, 2020 7:44 pmCan I register as "addled"? Because I would appreciate such a service.hitbyambulance wrote: ↑Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
About nine years ago she got socially hacked (I think that is the term) when right at the time of the William and Kate royal wedding she got an email from my sister who said she was in London for the wedding and got her purse stolen and she needed money. This happened after I went to bed so I didn't know about it. This was a perfect storm of coincidences as my sister had just come into some money and this was just the kind of flaky thing she would do, go to a foreign country and lose all her money.
So my wife contacted Western Union and sent some money. Early the next morning my wife was on the computer to see if my sister had received the money. She said she had but needed more and my wife sent some more just before I woke up and she told me about it. This all sounded fishy to me so I picked up the phone and called my sister's home in the States and of course she was home . Turns out someone had hacked her email account and like a twit she hadn't called her family to let us know. Someone was using her contacts list and trying to get someone to send them money.
The good news about the story is that my wife immediately filled out reports for the police and for Western Union, and two years later got all her money back because WU failed to check the id of the person who had picked up the money and were required to reimburse us. And of course, lesson learned.
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
- Rumpy
- Posts: 12777
- Joined: Sun Mar 27, 2005 6:52 pm
- Location: Sudbury, Ontario, Canada
Re: My Steam Account was Phished
Yeah, that'd be a great idea. I've got my Dad trained on using a program called Mailwasher. It acts as a sort of filter showing the headers, and you launch it before the mail client before, and it's done a pretty good job of keeping him out of trouble. You have to select everything manually to be deleted, but it's still better than nothing. And years ago, when this program was free, I'd actually introduced to posters on a forum where the demo was mostly older, and they'd loved it for the ease of use.hitbyambulance wrote: ↑Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
- LawBeefaroni
- Forum Moderator
- Posts: 55466
- Joined: Fri Oct 15, 2004 3:08 pm
- Location: Urbs in Horto, outrageous taxes on everything
Re: My Steam Account was Phished
"Social engineering" I believe.
Nice job by Jag letting everyone know, too.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton
MYT
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton
MYT
- jztemple2
- Posts: 11823
- Joined: Fri Feb 13, 2009 7:52 am
- Location: Brevard County, Florida, USA
Re: My Steam Account was Phished
Thanks, that sounds better too.
My father said that anything is interesting if you bother to read about it - Michael C. Harrold
-
- Posts: 24795
- Joined: Wed Oct 13, 2004 12:58 pm
Re: My Steam Account was Phished
Wow. I've dealt with this issue for many years now and this is the first time I've ever heard anything like this. That is extremely lucky!jztemple2 wrote: ↑Mon Nov 30, 2020 11:41 pmThe good news about the story is that my wife immediately filled out reports for the police and for Western Union, and two years later got all her money back because WU failed to check the id of the person who had picked up the money and were required to reimburse us. And of course, lesson learned.
My recommendation to people is to never ever send log into anything without a "naked" HTTPS url. That means you can see it in the browser address bar and can hover over it, see the same address as is displayed on the clickable link, and more importantly you can click on the lock icon and see that the url matches. That is usually too complicated for many so the browsers have stepped up quite a bit to help out. In any case, this is easily the biggest problem we still see in the real world and every company in the world has ongoing phishing training as part of their security awareness compliance framework.
Even worse once they get one set of credentials they'll often add them to their attack dictionaries and try a technique called 'credential stuffing'. This technique involves taking the stolen credential and attempting to log into popular websites because people tend to reuse passwords. More sophisticated actors build libraries to try to profile people and even predict other 'unique' passwords. Anyway, bottom line - turn on 2-factor wherever you can and importantly *put a passcode* on your cell phone accounts. One way to break text based 2-factor is to port a phone number to another carrier and then 'steal' the texts. Some quick 10-minute things like setting protections up like that or freezing credit accounts can save you a lot of work in the future.
- Daehawk
- Posts: 64225
- Joined: Sat Jan 01, 2005 1:11 am
Re: My Steam Account was Phished
I get emails all the time saying "We see you're having trouble logging into your...I cant recall if its Imgur or some other one...I just laugh and move on.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
- stessier
- Posts: 29923
- Joined: Tue Dec 21, 2004 12:30 pm
- Location: SC
Re: My Steam Account was Phished
Thanks for this thread. I got the Fake Jag chat today and just deleted it. Not sure what I would have done without the heads up.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Global Steam Wishmaslist Tracking
Running__ | __2014: 1300.55 miles__ | __2015: 2036.13 miles__ | __2016: 1012.75 miles__ | __2017: 1105.82 miles__ | __2018: 1318.91 miles | __2019: 2000.00 miles |
- Little Raven
- Posts: 8608
- Joined: Wed Oct 13, 2004 10:26 am
- Location: Austin, TX
Re: My Steam Account was Phished
Huh. I got the fake Jag chat yesterday. I hadn't seen this thread yet, so I (eventually) responded, but I never got more than the initial chat line.
Weird.
Weird.
/. "She climbed backwards out her
\/ window into Outside Over There."
\/ window into Outside Over There."
- Holman
- Posts: 29182
- Joined: Sun Oct 24, 2004 8:00 pm
- Location: Between the Schuylkill and the Wissahickon
Re: My Steam Account was Phished
My MIL lives with us, and she is at least savvy enough to ask me about anything at all that looks unusual.
A couple of days ago she received a very Microsoft-looking notice apparently from Windows Defender, but she immediately realized that the website address didn't look Microsoft at all. I have taught her well.
A couple of days ago she received a very Microsoft-looking notice apparently from Windows Defender, but she immediately realized that the website address didn't look Microsoft at all. I have taught her well.
Much prefer my Nazis Nuremberged.
- El Guapo
- Posts: 41538
- Joined: Sat Jul 09, 2005 4:01 pm
- Location: Boston
Re: My Steam Account was Phished
The true lesson here is to not have any friends.
Black Lives Matter.
- ImLawBoy
- Forum Admin
- Posts: 15063
- Joined: Tue Oct 12, 2004 9:49 pm
- Location: Chicago, IL
- Contact:
Re: My Steam Account was Phished
The real treasure is the friends we shunned along the way.
That's my purse! I don't know you!
- Lassr
- Posts: 16887
- Joined: Wed Oct 13, 2004 10:51 am
- Location: Rocket City (AL)
- Contact:
Re: My Steam Account was Phished
Deleting all of you now!
As I said, I should have trusted my instinct but the Jag ID led back to his real account and I thought he surely was not hacked due to 2FA, that prevented my account from being totally taken. I started to ask him to PM me in OO or post it (since that usually is the protocol for us to ask for favors but didn't, DOH!) Then I researched the intel site and it seemed legit. It was a well done scam. First one I ever fell for.
The only reason people get lost in thought is because it's unfamiliar territory.
Black Lives Matter
Black Lives Matter
- stessier
- Posts: 29923
- Joined: Tue Dec 21, 2004 12:30 pm
- Location: SC
Re: My Steam Account was Phished
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Global Steam Wishmaslist Tracking
Running__ | __2014: 1300.55 miles__ | __2015: 2036.13 miles__ | __2016: 1012.75 miles__ | __2017: 1105.82 miles__ | __2018: 1318.91 miles | __2019: 2000.00 miles |
- Daehawk
- Posts: 64225
- Joined: Sat Jan 01, 2005 1:11 am
Re: My Steam Account was Phished
You're just getting old.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
- Lassr
- Posts: 16887
- Joined: Wed Oct 13, 2004 10:51 am
- Location: Rocket City (AL)
- Contact:
Re: My Steam Account was Phished
No doubt, miss the days when technology issues was setting the clock on the VCR that my parents dealt with, not recognizing elaborate internet scams.
The only reason people get lost in thought is because it's unfamiliar territory.
Black Lives Matter
Black Lives Matter
- Daehawk
- Posts: 64225
- Joined: Sat Jan 01, 2005 1:11 am
Re: My Steam Account was Phished
As a 11 or 12 year old I used to have to set the clock on our VCR lol. Dad was in his 50s...so my age now....and he just couldn't do it. I guess soon Ill be flubbing so much tech stuff up. Im sure a kid or teen could make fun of me for a smart phone use. I just use it for a couple pics and as an actual phone.
Last edited by Daehawk on Tue Dec 01, 2020 2:29 pm, edited 1 time in total.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
- Rumpy
- Posts: 12777
- Joined: Sun Mar 27, 2005 6:52 pm
- Location: Sudbury, Ontario, Canada
Re: My Steam Account was Phished
What puzzles me is the Intel part of it. I mean, unless Intel were actually known for a similar site, that would raise the red flag for me. I wonder if intel know of this scam, and if they don't they probably should.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
- Jag
- Posts: 14435
- Joined: Wed Oct 13, 2004 3:24 pm
- Location: SoFla
Re: My Steam Account was Phished
Yeah, first one I fell for as well.Lassr wrote: ↑Tue Dec 01, 2020 11:30 amDeleting all of you now!
As I said, I should have trusted my instinct but the Jag ID led back to his real account and I thought he surely was not hacked due to 2FA, that prevented my account from being totally taken. I started to ask him to PM me in OO or post it (since that usually is the protocol for us to ask for favors but didn't, DOH!) Then I researched the intel site and it seemed legit. It was a well done scam. First one I ever fell for.
I'm so sorry that I got you guys caught up in my idiocy. I'm hoping no one got a message from me after I made this thread (around 6pm Monday 11/30) because that's when I took all the measures to lock down my account again.
- Scuzz
- Posts: 10948
- Joined: Tue Jul 08, 2008 5:31 pm
- Location: The Arm Pit of California
Re: My Steam Account was Phished
I don't trust anything on the internet so I am sure I have turned down legit friend requests and others on Steam. But it has protected me from things like this I guess.
Black Lives Matter
- Brian
- Posts: 12613
- Joined: Sat Oct 16, 2004 8:51 am
- Location: South of Heaven
- Contact:
Re: My Steam Account was Phished
Mine got hit too. I've changed my password but ignore any "favor" requests from me.
"Don't believe everything you read on the internet." - Abraham Lincoln
- Godzilla Blitz
- Posts: 1028
- Joined: Thu Oct 14, 2004 2:27 pm
- Location: Twin Cities MN
Re: My Steam Account was Phished
I just got one of these from [OO] Brian. I'm aware of the scam so I didn't fall for it. I'm not sure who that maps to here, but since the scam blocks friends on Steam I thought I'd mention it in case it helps.
EDIT: Oh... That's probably you, Brian, who posted right before me.
EDIT: Oh... That's probably you, Brian, who posted right before me.
- Daehawk
- Posts: 64225
- Joined: Sat Jan 01, 2005 1:11 am
Re: My Steam Account was Phished
Was starting to think Id not get one..should have known. Just got this...
[5:20 PM]
[OO] Brian:
heyare you busy rn?
[5:20 PM]
[OO] Brian:
heyare you busy rn?
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
- dbt1949
- Posts: 25818
- Joined: Wed Oct 13, 2004 12:34 am
- Location: Hogeye Arkansas
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: My Steam Account was Phished
Ya I got a message from. Koz but no link and just replied with a ? As it was hours after it was sent to me. Shrug
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Brian
- Posts: 12613
- Joined: Sat Oct 16, 2004 8:51 am
- Location: South of Heaven
- Contact:
Re: My Steam Account was Phished
Well I mean, yeah....but not this kind of evil.
"Don't believe everything you read on the internet." - Abraham Lincoln
- Lassr
- Posts: 16887
- Joined: Wed Oct 13, 2004 10:51 am
- Location: Rocket City (AL)
- Contact:
Re: My Steam Account was Phished
When you google search intelprocup now, a steam thread pops up saying it's a scam. I didn't get that the other day, I just got a site that said it was potentially legit but was too new
The only reason people get lost in thought is because it's unfamiliar territory.
Black Lives Matter
Black Lives Matter
- The Preacher
- Forum Moderator
- Posts: 13037
- Joined: Mon Nov 01, 2004 11:57 am
Re: My Steam Account was Phished
Almost got me. But having been off in the desert for so long, I found it very odd that Jag was reaching out. So I came back to OO to see if it was really him. He'd already caught it by that point.
Damn good scam if it's that easy to pull off.
Damn good scam if it's that easy to pull off.
You do not take from this universe. It grants you what it will.
- Fretmute
- Posts: 8513
- Joined: Wed Oct 20, 2004 7:05 pm
- Location: On a hillside, desolate
Re: My Steam Account was Phished
For what it's worth, I ignored it because I knew there was a zero percent chance that one us typed the phrase "Sup mate, can i shoot you with a question xd?"Jag wrote: ↑Mon Nov 30, 2020 7:51 pmI guess I fall into the elderly category.hitbyambulance wrote: ↑Mon Nov 30, 2020 7:22 pm i think one good use of AI would be an agent on an elderly person's machine to strongly dissuade or prevent aged and addled brains from falling for phishing attempts.
- The Meal
- Posts: 28006
- Joined: Tue Oct 12, 2004 10:33 pm
- Location: 2005 Stanley Cup Champion
Re: My Steam Account was Phished
It's *always* BlueBrawls.
"Better to talk to people than communicate via tweet." — Elontra