Yeah, that's also what they could be trying to do. It's just so weird. I actually went back and clicked on the login button again, it takes you to the legit steam page and it is the Steam OpenID thing.
I know it's the right one because I was logged in on steam, so I can see my account and everything.
Comment has been collapsed.
I will, but later. I want to see if they actually got my login credentials or not. I know it's kinda risky, but I really don't think they can do much without having my authenticator or access to my email/phone.
I just find the whole thing weird. And if they did get my password and username, then that means somehow they managed to hack Steam OpenID, which would be a major problem.
Comment has been collapsed.
The .org one is definitely a fake one (checking WHOIS registries it seems they belong to different entities).
Now since you never actually typed your credentials, the website using openID only received your steamdID64 (basically a long number that identifies you) which is normal so nothing was "stolen" and you're safe. Anybody can add the steam-based openid login to their website, doesn't mean they can steal your info (unless they tricked you into typing your user/pass inside fake forms).
Looking at that fake website, I don't think it's used for phishing to steal steam login data, maybe it's an attempt by someone to make bad/scam trades where they have fake high reputation to make the other party trusts them?
Comment has been collapsed.
Yeah, that's what I thought. (about the Steam OpenID). I understand that anyone can put it on their site and what it gives them.
And yeah, I guess that would be the idea behind it, to scam people that way.
My only other guess is that it's some sort of real page that was left unfinished, but it isn't really there to scam people.
I just find it scary that it's so easy to confuse them and there's no information about it out there.
Comment has been collapsed.
Yeah, that's what I thought. (about the Steam OpenID). I understand that anyone can put it on their site and what it gives them.
Just to give you an example, there was a puzzle/event here on SG in which I participated where we had to create a website that implements the steam login feature.
As you can see, once you login all the website receives is your SteamID64 from which it can call other steam APIs to retrieve certain info about your profile (like your name, avatar, list of games, etc.) all of which is public anyway.
The Steam OpenID feature is perfectly safe and can't be used to hack your account.
The usual phishing scams involve tricking the user by showing them a fake "login" page/popup to steal their passwords. As long as you are redirected to the true Steam domains to authenticate, nothing can be stolen.
On a related note, here's a fun quiz made by google to educate about phishing scams: https://phishingquiz.withgoogle.com/
Comment has been collapsed.
Safe-line Operational Guideline | Safer Internet Association (SIA)
https://www.saferinternet.or.jp/english/en-guideline/
They may be dispatched by a ninja.👮 =͟͟͞͞卍
INHOPE | Home
https://www.inhope.org/
You can check the appropriate notification destination from each country.
Comment has been collapsed.
From the latter link, you can find an institution that is working on "Internet site of each region".
Since fake sites and phishing sites are illegal, you can report them from such places.
(Correspondence depends on the country. Therefore, guidance to each region exists.)
Comment has been collapsed.
ssome countries block these .com sites, same as some gambling sites, so they making new site different adress and connect it somehow(for example one gambling site with numbers only has now .io in addition to .com)
i need to check if they have both same property on whois, if not i think your safe, especially u didnt enter anything.
Other option: if its differ, scam site-maybe it use fake 'human' bots to get your item by trading your items first instead of real trade item for item
Comment has been collapsed.
46 Comments - Last post 26 minutes ago by LordBork
92 Comments - Last post 28 minutes ago by jh82
15,338 Comments - Last post 1 hour ago by Carenard
112 Comments - Last post 3 hours ago by Wok
290 Comments - Last post 4 hours ago by sensualshakti
368 Comments - Last post 4 hours ago by sensualshakti
81 Comments - Last post 5 hours ago by dondazero
163 Comments - Last post 21 seconds ago by llsnowll
115 Comments - Last post 1 minute ago by Andreakoss
229 Comments - Last post 6 minutes ago by a19978221
5,687 Comments - Last post 36 minutes ago by Yukiin
26 Comments - Last post 57 minutes ago by Aydaylin
41 Comments - Last post 1 hour ago by antidaz
124 Comments - Last post 2 hours ago by ThatDave
Not sure if this is the place to ask this question, but it is related to steamgifts in a way. If it's not, tell me and I will delete it.
I was trying to login to steamtrades from a new browser and as I was typing the address a suggestion autocompleted. The thing is that it autocompleted to https://steamtrades.org/ instead of https://www.steamtrades.com/ and I didn't realize.
Anyhow, after that (I wasn't really paying attention) and the page looks pretty much the same, so I just logged in as usual with the Steam OpenID button, it took a long time and then it "worked".
Then I realized there was no functionality on the page (https://steamtrades.org/) can't do anything, not even see your own profile. Anyway, my guess is that it's some sort of scam, a page to steal info, but I tried to search if that was the case online and found nothing.
I just don't understand what the deal is with it, because they actually use the Steam OpenID thing, so I never wrote my password or gave them any information, which is usually what decoy sites try to do to steal accounts.
Am I missing something? Can they use the Steam OpenID to steal login credentials? Does anyone have information about it? I think that if it actually is a phishing site, steamtrades/steamgifts should make a big deal about it.
Do you think my information has been compromised? I have the steam mobile authenticator activated and as I said, I didn't write my password or username, just clicked the Steam OpenID button.
Hope you can help me!
Comment has been collapsed.