I have no idea what happened...

First some guy added me to trade a "card" (ignored him) and told me to add his other account (he has at least 4 accounts) next thing I know I'm logged out of Steam and it says I was logged in from Ukraine and that the person entered Steamguard correctly. But my eMail account associated with Steam says the last logged in countries are only Israel (I'm from Israel, so nothing suspicious about that)

Of course I changed passwords for both my Steam and my eMail, but what the fuck just happened? and maybe this could've turned out much worse if I haven't been awake at 4:45 AM!?

Is my account vulnerable to further "damage" now!?

P.S. MY WHOLE INVENTORY IS FUCKING GONE.

I realized this might be due to phishing.

P.S.S. Luckily I have all information about said guy including his Phishing link, the profile to which he sent all my stuff... I just need to know how I can find out his IP? (Also, this is just in time for my birthday and he stole the stuff I meant to giveaway on it -__-)


Some people say this is obviously missing information.

Well, at first I wrote this post before I discovered I really was hacked and my inventory was gone, and I got more and more information after this post was opened.

I will now gladly tell you what happened, as copied from my much more informed S.Trades warning.

@#% added me and told me to add his main account. That was actually a phishing link to a fake Steam page. His supposed real account's name is $$$!$$% and if you search on Steam you will only find 2 accounts sharing that link. Well, it's pretty late at night (5 AM and I was about to go to sleep just the moment he asked me to trade) so I entered the link and logged in, some how he got through Steamguard (He did not enter my eMail, because my eMail account says it was only acessed from Israel , and as some guy suggested he did not keylog me or something because I only changed passwords about 10-20 minutes when I finally realized what happened, and I did not turn off Steamguard because that's a stupid thing to do) and a second later I have no inventory items except for 3 emoticons and all my unvaluable TF2 items.

I currently have all information about him including his profile link, his fake phishing link, a list of all my items stolen + a picture of the list to make sure. All of this wouldn't have been possible if he hadn't forgotten to freaking block me (I think he's still in my friends list).

Camron (8 months ago)

Turn on Two-factor authentication for your email if it has it. Open a Steam support ticket too.

No, the thing that's confusing me is that no one else accessed my eMail!

vcvc8

(8 months ago)

FrozenBlade (8 months ago)

wow.. sorry to hear about that.
do you still have access to your account? if so, check gift / trade history to see where your inventory went.

I have access, thanks for the idea!

I now clearly know who the thief is.

vcvc8

(8 months ago*)

ok. report the thief, and try to provide as much proof as possible

FrozenBlade

(8 months ago*)

Just found who he is.

vcvc8

(8 months ago)

Janrok (8 months ago)

Must be just a glitch, wait it out.

Nope, confirmed phishing link.

vcvc8

(8 months ago)

What was the nature of the phishing link? Obviously don't share the exact link, but what did it purport to be? I ask because I had a similar thing happen where someone got onto my Steam account and traded off some of my TF2 items (and oddly bought 2 keys on the marketplace, which I could resell now for a profit, but whatever). Only, I can't recall clicking any phishing links or signing in with my steam information anywhere recently.

uhhsam

(8 months ago)

How can you sell two keys from the marketplace for a profit? Someone must have listed it wrong because market price is 30%+ real trade price.

PPG113

(8 months ago)

think he meant the guy that robbed him left 2 keys behind who's market value is higher than what was taken so ushsam sold them?

TheGannet

(8 months ago)

He used my steam wallet funds to buy 2 keys for $1.80 a piece on the marketplace. Now they are selling for $2.18, which would give me $1.90 back after Valve takes their cut. They are still in my inventory, though, as I am waiting for a response from support.

uhhsam

(8 months ago)

It looked just like the regular Steam home page but in Russian (which made sense to me because I only use Steam on my browser to see Russian store prices.)

vcvc8

(8 months ago)

nevyn (8 months ago)

Check IPs logged in from.

Where can I see that?

vcvc8

(8 months ago)

Go to your email and there should be an unsuspected activity thing or something from Steam and their Ip address should be provided within the email

Skylarz

(8 months ago)

Nothing like that, sadly :(

vcvc8

(8 months ago)

Aw Idk :( It's quite weird how he didn't have to access your email for Steamguard o.O maybe he knew where you were from and changed his IP xD? Try restoring deleted emails and see if he deleted the Steamguard email

Skylarz

(8 months ago)

How do I restore emails? :)

vcvc8

(8 months ago)

Do you use hotmail :3? I never really use the other messengers, but I think both yahoo and google has them. To restore for hotmail you only need to go to Deleted and somewhere inside or near the Deleted window, a highlighted restore your deleted emails SHOULD be there :3.

Edit: For Outlook/Hotmail

Skylarz

(8 months ago*)

This is all the Steam email will say:

Dear [your email],

We've received a request to access your Steam account from a new computer or web browser. To complete this process, enter the following special access code into the authorization dialog before trying to log in again:

[Authorization code] If you did not attempt this action, please change your password immediately.

Thanks for helping us maintain the security of your account.

The Steam Support Team http://www.steampowered.com

uhhsam

(8 months ago)

GrimAquatic (8 months ago)

I'd advise you to deauthorize all other computers.

FrozenBlade (8 months ago*)

oh.. maybe when he told you to add his other account he provided a link to it, then you had to provide your username and password to login again. that was probably it.

edit: yeah, again. really sorry to hear that, especially with your birthday coming and stuff :/

JooJooFace (8 months ago)

Tell steam support. Maybe they can do something. Hopefully they could restore your inventory.

Well from what I heard about them being lazy shitheads, guess I won't do my birthday giveaways in time.

vcvc8

(8 months ago)

They're neither "lazy" nor "shitheads". The team for millions of player is quite small and need time to reply. Needless to say when they reply you're problems are fixed

I can't see anyone else helping you here.

wuodland

(8 months ago)

Than Valve is cheapskate who doesn't want to spend money to hire few more people so wait time wouldn't be few days.

PsyKo

(8 months ago)

I've usually found them to offer unhelpful solutions and be inappropriately snarky.

Osiris11235

(8 months ago)

+1

Oklep

(8 months ago)

I'm not sure if its fixed but it says that you have 96 items in your inventory before actually seeing it. Which then goes to 0 items (probably because inventory is set to private)

JooJooFace

(8 months ago)

That's including all my game items in TF2... He only took 3 genuines from TF2 but the rest is some Steam gifts I had in my inventory and tons of cards.

vcvc8

(8 months ago)

mangenkyo (8 months ago)

This just happened to me too, i opened that phishing site but didn't logged it...

I just reported the guy to steamrep.

TFrank (8 months ago)

That is interesting that with Steamguard enabled he was able to enter your account. Raises a question if there's a way to circumvent Steamguard's authentication out in the wild.

Also, keep your inventory hidden to everyone. Nobody needs to know just exactly what you have on you.

Thanks for the advice :o I should do that too

Skylarz

(8 months ago)

There must be some trick, because a similar thing happened to me a few days ago, and the Steamguard email was found sitting in my deleted items folder. Wasn't deleted by me and even if they had my Steam password somehow, my email password was different.

uhhsam

(8 months ago)

Hrm. Did you check the logged in log for another IP address?

There's the possibility they're also hijacking your PC I guess, but I don't know how easy that is, much less via a phishing link.

TFrank

(8 months ago)

Just means they have both, which probably means you logged in to your email and steam on a compromised PC. Net cafe perhaps?

ACorpse

(8 months ago)

I don't think is that difficult to circumvent SteamGuard, complicated yes but not impossible.

One way is to grab the cookies used to mark "safe" browser/computer, spoof the target IP, some other technical details, but not much more than this. Another way is to grab the SteamGuard through the pishing page, but that would require that the attacker to log in at steam to trigger a email on the target.

Is possible, probably more complicated than that's the essence.

I never understood some of SteamGuard's behavior, some times I got 2 different codes after I tried to log in 2 times in 3 minutes on the other hand one day I tried to log in 3 times with 5 min between each other and receive the same code!

I think his computer was compromised and he was unaware of that!

VictorRdS

(8 months ago)

Aneszej (8 months ago)

Damn man, sorry to hear that :/

Chupong (8 months ago)

Thieves are so wild this days.

Zharwyn (8 months ago)

I'm sorry to hear. I hope it gets fixed and that you get all your stuff back. Hate to see those b*tards get away with things like these.

idolstalker (8 months ago*)

I guess everybody here is scared now...

CombatWars (8 months ago)

Now imagine if the lawsuit against Steam is passed and all games in the library can now be resold/traded. Not only your inventory would've disappeared, but your library too. o.o

My worst fear, realized.

Yeah, okay... I'm afraid to have Steam now. I mean, literally all of the games I actually play are on Steam.

Someone hold me ;_;.

UndeadNecro

(8 months ago)

Well I hope that they would beef up their customer support if that happened.

fubarnocaps

(8 months ago)

Steam Support isn't really that great, to be honest. I have yet to actually encounter the emotionless monster, but there's too many complaints about it.

UndeadNecro

(8 months ago)

I've gotten a few replys like this:


Hello Jason,

We apologize for the delay.

Thank you for taking the time to report this issue.

We are aware of the problem and are investigating the issue further.


This just means that they don't know what happened and it's out of their hands.

CombatWars

(8 months ago*)

They could at least say that, although the ones getting the message already know it.

UndeadNecro

(8 months ago)

While a portion of customers are just fine being told the truth that X company has no recourse or solution due to any number of external factors, a lot more fly off the handle if you even hint that you cant fix their problem.
This is why you often get 12 different canned responses, all giving you no actual information.

PPG113

(8 months ago*)

Yeah, but the ones that fly off the handle probably hate the company anyways.

UndeadNecro

(8 months ago)

Pr0n (8 months ago)

Parts of the story are obviously missing.

Which parts, pr0n?

omnitau

(8 months ago)

Probably ones about clicking some strange links.

PsyKo

(8 months ago)

The part, when he admits, he clicked on a phising link, then entered both his username and password.

MrD

(8 months ago)

Probably also the part where he disabled steamguard.

keenguitar

(8 months ago)

Why would I disable Steamguard? I'm not a retard.

vcvc8

(8 months ago)

..

"..that was actually a phishing link to a fake Steam page.. so I entered the link and logged in"

If you're not retarded, why did you do this? He got your username and password like this, and probably a copy of your local cookie made by Steam to get past Steamguard (as in, never be asked for a code, at all).

Ansatsunin

(8 months ago)

xboxer (8 months ago)

You must have clicked on a FREE GAMES link.

I wrote exactly what happened up there.

vcvc8

(8 months ago)

ashkael (8 months ago)

If you pressed phishing link it's your fault and you got what you deserve. Nothing more to say.

Yes, it was unwise of him to visit a phishing site. However,

"The other premise is that people who are fooled are gullible. We've heard from lots of people. That's not true. Anybody can be fooled. No matter how smart you are, no matter how much you know, there is always sombody out there who could know more than you and can exploit that knowledge to fool you in some way. I wouldn't blame the victim. That's the allure, the trap, to blame the victim."

―Steven Novella

That's something I very much agree with.

falsifiable

(8 months ago)

It's not about who is smarter. It's about who is not smart enough to know that this is wrong and it's phishing. If scammer/hacker/phisher takes your account without your actions involved, then it sucks and nothing you can do. But if your actions where there to help him, then it's your fault.

I don't even can think at least one way how he could trick someone to press some stupid link and login there with your steam account.

ashkael

(8 months ago)

So if I trick you into giving me everything you own, you admit that you have no problem with that because "you got what you deserve"?

PPG113

(8 months ago)

No one says there's no problem. It's just it's his own problem and he got what he deserves. Next time he will try to use brains at least one time. He is lucky that it was steam account, not bank account.

ashkael

(8 months ago)

i think thats a challenge...give him what he deserves ppg113

drb00t

(8 months ago)

xXGatumadreXx (8 months ago*)

Dudeee, that must be so fking horrible, I can't imagine my reaction if i get Hijacked like that, i think im going to start taking more precautions with my account.
PS. Sorry about your loss :(

Devil231 (8 months ago)

i hate to tellyou this but is you don't check the address page you enter your details you deserve your fate

HillaryClinton (8 months ago)

Man, that hurts, thats why I don't add randoms, not worth the risk.

MatoMatico (8 months ago)

Your inventory has a trade history. You can see what account took your items. Are you sure you didn't click a link, wich looked just like steam login page? They do that often. I always double check, that it has https in the adress. If not, I know it's a scam and type somethig inappropriate to name and password and then it asks for the steam guard! xD The hacker must be dendi...

I would've checked but it was 5:00 AM :O

vcvc8

(8 months ago)

Doppleganger (8 months ago)

If you don't already... use different passwords for your e-mail account vs. other things (i.e. Steam). have Steam send the notification e-mails to a separate e-mail, not the one you login to Steam with.

+1 this is what I do

Ruaben

(8 months ago)

zeroxxx (8 months ago)

Phising link. Not even GAben can help you because of your own mistake and ignorance.

^^ This And the stupidity...

Rapid

(8 months ago)

Juzza (8 months ago*)

Looks like that when he passed you that "link", it was a false steam link where you entered your password or maybe some torjan that stole both your steam + email info when you changed it while in panic(they record your typing), if you would only changed your steam password maybe he would not get his hands in both so soon.

Im sorry what happened,also try to clean your PC as fast as you can with updated antiviruses/spyware detection software(even with trials it works).

justila (8 months ago)

Yep, you clicked a phishing link. Gotta be careful with those yo.

Nixxi (8 months ago)

Be careful next time bud.

hustlayo (8 months ago)

That sucks but you should have never clicked any link from him. Why would you do that?

BTW: How to check from what countries there was a log in to Steam?

It just said my account has been accessed from Ukraine...

vcvc8

(8 months ago)

I thought there was a place in Steam where you could check the country from which someone logged in.

hustlayo

(8 months ago)

bliNkAAzz (8 months ago)

Yeah...successful troll is successful.

Are you fucking serious?

Add me and I'll show you the evidence.

vcvc8

(8 months ago)

I looked at your Steam Profile 5 hours ago and it said that you currently have 132 items in your inventory,but now only 102..

bliNkAAzz

(8 months ago)

"vcvc8 currently has 0 items in their inventory."

Pr0n

(8 months ago)

Only means the inventory is set on private.

edit : just changed my inventory parameters for demonstration purposes. I do have items, gifts, cards, backgrounds and shit and yet, you'll have that message. Just look at his profiles, it says 102 items indeed.

DavidSarif

(8 months ago*)

Yeah..but people are dumb to belive all shit on SG...

bliNkAAzz

(8 months ago)

It used to say "Private" when you did that, didn't know that was changed.

Pr0n

(8 months ago*)

Vassay (8 months ago)

Sorry to hear this, I hope the guy gets punished and you get your items back.

He didn't need to check your mail, because you entered you login, password AND SteamGuard code right there at his phishing page.

Good luck man, and please don't hold it against the Ukraine. We're not all like this here, I swear ;)

arnab21 (8 months ago)

I feel sorry for you bro . happy b'day in advance :)

ZnSstr (8 months ago)

keylogger?

Yolobear (8 months ago)

Good phishing technique. When u entered ur username and pass the hacker must have entered it onto the real steam page immediately after so that u get the email for the hacker's PC. This means that u entered the steamguard code that u got from ur email for hacker's pc.

InJ3cTiOn (8 months ago*)

Your inventory is gone: Inventory - 103.

That's a nice culstorybro.

I meant Steam inventory... Now I have TF2 weapons and cratea and a few cards I got since the hacking happened.

vcvc8

(8 months ago)

fubarnocaps (8 months ago)

Woah, the same thing almost happened to me! Someone messaged me asking to add them on their main account, but there was a misspelling in the link so I just blocked them. That's horrible, I feel bad for you.