You can see where that email actually comes from by checking headers I think.
Edit: I checked a couple emails from Steam. They're from:
smtp-60.steampowered.com
smtp-61.steampowered.com
smtp-04-tuk1.steampowered.com
smtp-53.steampowered.comor something like these.
Comment has been collapsed.
I've received no email from Steam Team for a decade. Though the email looks authentic, your best option is still the same.
Change your password, get 2FA if possible, and you can also ask Steam Support to aid you securing account. You may also ask the authenticity to the support.
If you were using Gmail, there should be a check mark for Steam verified . Sadly, I don't think you are.
Comment has been collapsed.
I see between the o and w letter in email address something. I guess the email is a phishing attempt. If you place the mouse over the link to enable 2FA surely redirects to another website. I remember one time I got an email from gmaíl.com domain. Do you see the difference to gmail.com?
Comment has been collapsed.
The "o" in "com" looks strange too. Compare the 2 mentioned o's to the one in "noreply." They have slight points on the sides, where the one in "noreply" has flat sides.
Hell, now that I really look at it, even the p's look different from each other.
Comment has been collapsed.
I compared the image with one of my own Steam emails, and when I take a screenshot and paste that into Paint, I also get the same weird looking o's and p's. So maybe we're splitting hairs on this one? 🤔
With that said: All of my emails also say "Steam Support", none of them say "Steam Team". And the body of the email kinda looks weird too? I could only find these two pages with the same phrasing: Chinese, Polish.
Regardless, if I was OP I would manually go to the Steam website, change my password, and enable 2FA.
Comment has been collapsed.
That's some nice detective work. 🕵️♂️
"Steam Team" is definitely strange. I just quick-searched through years of emails, and I've never received one with team in the title. I do agree with you that the email body looks off as well, but at a glance it's mostly visually-legit. I imagine these particular scammers are doing alright for themselves. :(
Comment has been collapsed.
You already got great advice here: Enable 2FA, and don't click on any of the links in the email!
If you want to change anything to your account: manually go to Steam's website, confirm that the website you're on has a legitimate certificate issued to "Valve Corp [US]", login manually, manually go to the change password/enable 2FA pages.
Comment has been collapsed.
Maybe the scammers have found a way to sent scammy emails from Steam.I remember a site being compromised and hackers sending malicious mails to people.Contact Steam Support.Multiple people might be facing this without Steam knowing about the hacker in their network.
Comment has been collapsed.
you can use any fake sender in an email with simple smtp spoofing by changing the header, its common practice for more than 20 years now.
just check the header and you see where it originated from
there are even some free services that provide a smtp server, thats all you need
thats why you should always check the header if you think something is not right. just common sense for a minute and you are safe
Comment has been collapsed.
true true
in this case its just a cheap phishing mail and not a legit mail that was hacked
Comment has been collapsed.
I got the same message 2 days ago from my other account when I used ASF.
I remember getting a lot of messages that someone wanted to login and there was 2FA code, which means someone knew my password. I changed it many times and still got these messages. And then I finally realized that it was my second account registered on the same email, which I completely forgot about 🤦♂️
Comment has been collapsed.
I had the same message yesterday, and reading your comment I realized that the name of the account was similar but not the same I use now.
Just a moment ago I tried to log in in that account, with an old Password, and Boom. I entered in an account that apparently I created in 2008, and never used (with no games, transactions o paying methods).
Later when Steam gave away Portal in 2010 I created another account with the same email, without remembering I already had an account on Steam, and three years later I fully entered in the Steam world, but having an account that someone in Katmandú have had access for a couple of days.
Comment has been collapsed.
i work in cybersecurity. its not a phishing attempt, it was sent by steam from a domain that steam owns. you can check domains at whois.com to be sure that it is actually owned by Steam. reset your password to something secure that hasn't been used elsewhere. enable 2fa. double check to see that your inventory hasnt been offloaded and contact support to ensure that they force all devices to log out so they don't use an old token. it'll be okay!
Comment has been collapsed.
Change password and use 2fa .
I got logged once out of steam with the msg ,someone else is logged into my account 1y ago.
After changing pw.
I wrote Support.
they said there was no attempt to login into my account.
It was just a bug.
But always be careful .
Better save than sorry .
Comment has been collapsed.
17 Comments - Last post 44 minutes ago by katukinabarra
40 Comments - Last post 5 hours ago by coleypollockfilet
8,435 Comments - Last post 6 hours ago by VicViperV
1,367 Comments - Last post 12 hours ago by thatotherone6
102 Comments - Last post 12 hours ago by BlazeHaze
80 Comments - Last post 13 hours ago by Fiuman
15,372 Comments - Last post 17 hours ago by Almostn33t
7,930 Comments - Last post 24 minutes ago by Gamy7
526 Comments - Last post 34 minutes ago by juansebastian28
464 Comments - Last post 42 minutes ago by KrisPy
8,949 Comments - Last post 43 minutes ago by CurryKingWurst
7,124 Comments - Last post 54 minutes ago by Battlezone
648 Comments - Last post 1 hour ago by alexfirehouse
47 Comments - Last post 1 hour ago by SerenaM
I've received the same email multiple times since last Thusday, saying someone signed in to my account from weird locations around the world, 2 of them just a few minutes ago in quick succession... I changed my password last Thursday, done 2 full scans on my PC and set-up 2FA on Steam Guard and logged every instance out (nothing suspicious was in log-in history actually but in case) so they shouldn't be able to log in without me confirming anymore?
The email always arrive from Steam's own no-reply email and it doesn't appear to be spoofed, the email itself doesn't contain any links either.
The odd thing is the sender shows as "Steam Team" and a username is quoted in the email that I do use on some websites but IIRC I never registered an account with that name or ever used that name on this account.
I also tried to log in with the username that's quoted in the emails and Steam says no account with that name even exists.
I checked emails I received from Steam and the sender was always just "Steam" or "Steam Support", never "Steam Team".
Anyone know what's going on? Could this be some sort of new scam somehow?
Obligatory GA (ends 05/11/23 6pm CET)
Comment has been collapsed.