Since yesterday new wave of phishing attack spreads through Steam chat.

Works similar to previous attacks:

  • friend sends you message with link and information about free game
  • link leads to fake Steam log in page
  • logging in compromises your account, so that you're unable to log into it again
  • now-zombie account sends the same message you get to all your Steam friends, fishing for more unwary users

Do not click on any links, that are sent with this message:

1 free game for new users!
take the game you want!
....://spindatgamex(dot)com / rolldatgamexx(dot)com / spindatgamexx(dot)com / takedatgamex(dot)com / christmasskin(dot)fun / dagamesrollx(dot)com / takedagame(dot)com

Or this:

Hi, can you spin this roulette <LINKREMOVED-JUSTINCASE> ? If GTA V, PUBG or CSGO falls out, I can buy the key from you. Try it, it will take no more than 30 seconds. You go -> press the ROLL button, a free game falls out -> you take the key and write to me) Well, or you activate the game on your account)

Or this:

Hey, m8!Get a free random game (GTA V, PUBG, CSGO and more) on ...://t(dot)co/xNAKzWQ5ew Only for new users, full legit and no deposit
//
🎁 Go to 👉 ...://t(dot)co/qucKFViqZv 👈 аnd tаkе yоur 50$ Skin Gift !
PRОМ0C0DE: LUCК4Y0U 🎁

1. Can SteamGifts support staff can help me to recover my Steam account?

First of all we're unable to help you, as we're not connected with Steam Support.

All we can do is suspend your SteamGifts account on your request, so it won't be possible to do any harm here - see keys from ended giveaways, change e-mail, spam discussions, make fake giveaways etc.
You can request to be suspended under 1st post of this PSA. We will suspend you for number of days listed in your request, or give permanent suspension, if you prefer. You can write unsuspend request when you recover ownership of your account, to use SG again before suspension runs out.

If you don't want to suspend your account and have active / not claimed giveaways:
It is not possible to see keys from active giveaways. But when giveaway ends keys are available on /created page. That's why you should click on Modify link next to the key, copy it to secure place (such as txt file) and exchange it with gibberish, or already used key. That way no one, except for you, will be able to see them.

2. What to do when I was phished?

  1. Write to Steam Support, explaining situation
  2. Attach proof of purchase(s) that are connected to your account:
    • keys activated on account from bundles
    • keys activated on account from retail shops
    • receipt of buying game on Steam with credit card
    • steam wallet codes
    • photograph of boxed game code activated on Steam
    • more information here
  3. Wait for reply, it should take 2 - 3 days to recover account, if you manage to provide all necessary information

3. How to avoid being phished in the future?

When link redirects you to "Log in with Steam" page (same is true for log in with Facebook, Twitter etc) never write your credentials there.

  1. Open log in site on your own, by writing known address or using google. In case of preventing Steam phishing:
    • steamcommunity.com
    • store.steampowered.com
  2. Log in using your credentials
  3. Go back to site which required you to log in and refresh
    • if you're logged in your Steam account, and see green button "Log in" you're free to access website.
    • if refreshing did not remove request to provide your credentials - it's phishing attempt.

4. Anything I can do to help my phished friend?

To avoid further spam of phishing messages you can block communication with friend. And unlock it, when friends regain access to account. That way you don't need to remove user from friends to stop seeing messages, and don't cut ties with them.

As pointed here it is possible to report compromised Steam accounts.

You can also report sites, which are used in phishing attempt here:
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://app.webinspector.com/
https://submit.symantec.com/antifraud/phish.cgi
https://phishing.eset.com/report

Thanks for notice, Nask


1. Do not create new threads about this issue

We don't need to spread information and updates about this attack in multiple threads. It makes it hard to follow current state of situation.

That's why I will close all other threads about this matter. You can inform other users that you were attacked in this thread. No reason to create separate thread for every case.

Also please, don't create new threads in case of future attacks. Stick to posting all relevant information in thread created already by other user.

2. Do not accuse others of being "scammers", as they sent you link to phishing site.

They are victims of this situation, not attackers.
Do not write user reports on them

3. Do not create spam / mocking threads about this issue.


You can post any relevant information here, such as changes in phishing message, change of phishing site address, tips how to recover account, and discuss it in general. I will update this post in my free time. I do not like to cut ongoing discussions in other topics, but it is necessary to keep all information in one place.

Previous PSA posts about this attack:
https://www.steamgifts.com/discussion/HWhcX/psa-accounts-being-hackedphished-in-steam
https://www.steamgifts.com/discussion/TioOP/danger-careful-with-1-free-game-for-new-userstake-the-game-you-want-https-spindatgamexc-no
https://www.steamgifts.com/discussion/GCxxD/a-wave-of-steam-scams-beware-to-not-lose-your-account
https://www.steamgifts.com/discussion/xc8jE/i-fell-into-the-hack
https://www.steamgifts.com/discussion/cnNgf/definitely-not-clickbait-easy-steps-to-avoid-the-next-phishing-attempt-on-your-pc#oRnNU7W

5 years ago*

Comment has been collapsed.

Reply here (with number of days, or need for permanent suspension) if you request suspension. You can also write other ticket about this

5 years ago
Permalink

Comment has been collapsed.

I'd like to request permament suspension. Better safe than sorry.

5 years ago
Permalink

Comment has been collapsed.

Done.

5 years ago
Permalink

Comment has been collapsed.

Edit: he actually lost his account lmao. Dang this really caught up, huh.

View attached image.
5 years ago
Permalink

Comment has been collapsed.

The madlad actually did it!

5 years ago
Permalink

Comment has been collapsed.

I was fooled like some newbie in internet. Just shame.
Suspend me till 16 February or so, if it's not problem. Hope that will be enough time for steam-support to return my profile, whole work-week.

5 years ago
Permalink

Comment has been collapsed.

Done.

5 years ago
Permalink

Comment has been collapsed.

Thanks for very fast suspending and unsuspending.

5 years ago
Permalink

Comment has been collapsed.

Saw your message, but suspend me until the 16th of Feb just to be sure please. Hopefully I'll hear back from steam soon and also hope those stories about super long wait times for support are no longer a thing.

5 years ago
Permalink

Comment has been collapsed.

Done.

5 years ago
Permalink

Comment has been collapsed.

I don't have any active/unclaimed giveaways atm. Would you still recommend a suspension anyway? Or is it unnecessary?

5 years ago
Permalink

Comment has been collapsed.

No need, if you don't worry someone could tamper with account in "troll" way.

As suspended user you can access:

  • your suspension page
  • support section
  • FAQ
  • guidelines
  • settings

If you don't want suspension, just make sure that your contact e-mail is not changed when you recover your account. To make sure scammer did not change it, to get key / giftlinks from creators.

5 years ago
Permalink

Comment has been collapsed.

Haven't thought about what Quisty wrote earlier but it looks like something possible. If scammers know about sg that is.
I would ask for suspension just to be safe :/
EDIT: If I were you xD

5 years ago*
Permalink

Comment has been collapsed.

You did not specify time frame, I will set it till 16th.

Write other ticket, if you'd need more time, or unsuspend ticket, if you'd recover your account earlier.

5 years ago
Permalink

Comment has been collapsed.

Thanks xD I should work on my English skills in the future xD

View attached image.
5 years ago
Permalink

Comment has been collapsed.

THANK YOU for taking the time to clean up the forums and get all relevant information in one place.
This is much easier to follow than the dozen other threads.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

Your post, and those of others, were helpful in their own ways.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

There is one more problem: they could get the email addresses of every winner. For me that's no problem, as I have an own email address for SG but others may not.

Maybe you could talk with cg about the possibility to disable the display of the email as soon as the user has marked the key as received? I don't see any reason to show it after that. :)

5 years ago
Permalink

Comment has been collapsed.

One way to avoid that is to have your account temporarily suspended. Such information is not available to a suspended user.

5 years ago
Permalink

Comment has been collapsed.

Yes I know that's what this discussion is about ;)

But I meant that it could be done generally for all users as I don't see any reason why someone should see the email after the giveaway process is completed. It's basically one if condition around the display so no big thing. :)

5 years ago
Permalink

Comment has been collapsed.

I think I understand your point, but having that email address allows unforeseen problems to be addressed by contacting the winner directly. Setting an arbitrary "cut off" period does not seem worth the trouble to me.

I'm not sure I wrote that in the best way, but I hope you understand what I was trying to express.

5 years ago
Permalink

Comment has been collapsed.

I have seen many of these lately. Thankfully I stopped at the rright time after clicking the link so I didn't enter any information

5 years ago
Permalink

Comment has been collapsed.

I usually enter any links I find sketchy in a incognito tab, and search if it's safe first.

5 years ago
Permalink

Comment has been collapsed.

Thanks.

5 years ago
Permalink

Comment has been collapsed.

Yep, I got tagged by this -- so did GediKnight, so don't click any links from us.

BTW...you don't have to remove people from friends list to quiet things down...just block communication from those people for now, and unblock when this whole mess is fixed.


My SG account appears to be unaffected right now. I will alert support immediately if I see any weird activity. In the meantime, this is one of the only places I have to communicate with Steam friends, so I prefer to leave things active until there is an issue. I'll stay very focused to insure I catch things right away if something goes sideways.

5 years ago*
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

Cool...you can feel free to block me for the time being, too. I plan to post in here when this gets resolved.

So far, my support request I filed 18 hours ago has not been responded to in any way. Jesus, Steam needs a real support line.

5 years ago
Permalink

Comment has been collapsed.

Yes, with the amount of money people spent into their Steam account, you think they would have staff to take care of those issues quickly.
Sorry you got caught into this whole mess, I have 3 friends that have been messaging me all day. It seems Steam will have a lot of ticket to take care of, it has been spreading fast:(

5 years ago
Permalink

Comment has been collapsed.

Yeah, a support line would have saved them so much time and energy. But they like to run with minimum expenses...it's just a really short-sighted business strategy. But then, that's GabeN and his love for anything free/cheap.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 4 years ago.

5 years ago
Permalink

Comment has been collapsed.

Yep, and somehow they can't afford a basic level of support.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

👍🏻 🤓😀

5 years ago
Permalink

Comment has been collapsed.

Understood. That is one of the reasons why Support Staff decided to make suspension an option for those who wanted it.

5 years ago
Permalink

Comment has been collapsed.

5 years ago
Permalink

Comment has been collapsed.

Yeah, I would block me on Steam until this gets fixed. Damned Russian hackers.

5 years ago
Permalink

Comment has been collapsed.

I tried to reason with it first but it didn't work 🙄, don't know why but I've received a lot more messages from yours than from all other stolen accounts. Hope you get help from support soon.

View attached image.
5 years ago
Permalink

Comment has been collapsed.

All done...account is reset and I've regained control. I'm signing up again for Steamguard, etc...have to do all of that stuff over :(

5 years ago
Permalink

Comment has been collapsed.

I'm glad you got it back finally, and also happy you didn't get a VAC ban, some people did this time, I read somewhere they were trying new PUBG cheats with stolen accounts. At least the worst part is over, welcome back!

5 years ago
Permalink

Comment has been collapsed.

Yeah, I don't play PUBG, and it's probably been 3-4 years since last time I played TF2...and I don't cheat. :) I'd rather lose than cheat. 👍🏻

Oh wait, you're saying that the hackers were using the accounts they stole for PUBG...lol...so funny that out of my 4K+ games, I don't have PUBG. Joke's on you, hackers! 😂😂😂😂🖕🏻🤣🤣🤣🤣

5 years ago
Permalink

Comment has been collapsed.

I don't think PUBG has VAC, does it now? Stopped playing that pos game awhile ago tho so idk.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

Me too...still embarrassed that I didn't pick up on it being a phishing attack/hack, as much as I lecture everyone else. But it was from Gedi, who is a freaking rock star and trusted source.

Here's where this gets funny...I was IMing with him and basically asked how he fell for it in the first place. He said he was drunk. And you know what? When I clicked on his link in the IM, I wasn't drunk but I was on beer #2 (and I don't drink that sissy, bubbly, massed-produced crap). So we both had alcohol-induced bad judgement that caused this. 😬🤣🤣🤣

Life lessons, people, life lessons. 😉

5 years ago
Permalink

Comment has been collapsed.

Hey, we got it from the same source, we're twins now :D

5 years ago
Permalink

Comment has been collapsed.

That's like getting herpes from the same person. 😬😱 🤣🤣🤣🤣

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago*
Permalink

Comment has been collapsed.

That was a good call...you probably prevented a bunch of people on SG from getting the thing. It was pretty well concealed.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

They did a study once, to check the valdity of the old adage that you shouldn't go into water after drinking beverages or you'd cramp.
They found that there was no correlation whatsoever between drinking beverages and cramping, but there were increased risks all around for going into water while intoxicated. ..because, well, duh.

Just think about it this way, grez. At least you didn't go into the water with your computer.
...pretty sure I'm tying that analogy in correctly..
:sips a beer:

5 years ago*
Permalink

Comment has been collapsed.

Speaking of which...yep, time for a beer. ( ͡° ͜ʖ ͡°)

5 years ago
Permalink

Comment has been collapsed.

thank you very much, MS.
you're precious

5 years ago
Permalink

Comment has been collapsed.

I get those messages from 2 friends.... :(

5 years ago
Permalink

Comment has been collapsed.

time to hide threads and block people 🙋

thanks for this thread, better to have everything in the same place instead of people shouting all over sg.

5 years ago
Permalink

Comment has been collapsed.

Hallelujah

5 years ago
Permalink

Comment has been collapsed.

For those who don't know...my account was hacked last night and I just wanted to post it on here and hope I get it recovered soon. Anyone on my friend’s list receiving messages from me it is NOT me. Please disregard the messages from me until I have recovered my account. Please let anyone else know that has read this message and knows anyone on my friend’s list. Spread the word thanks.

5 years ago
Permalink

Comment has been collapsed.

Did you have the authenticator thing on your phone?

5 years ago
Permalink

Comment has been collapsed.

Link leads to fake steam site where you have to log in and enter steamguard code. If you do that - they are logged in and can remove your steamguard, change password and e-mail in couple of seconds :)
These bots are really effective.

5 years ago
Permalink

Comment has been collapsed.

I wonder why people use "hacked account". Hacked is when they gain access without your action - especially you're not involved in the attack. When you give them your password and username - it's hijack/scam etc. - the best word is "phishing".
Phishing the aim is to gain access to confidential user data.

5 years ago
Permalink

Comment has been collapsed.

While Phishing may be better off being top-categorized as an alternative form of security exploitation, it does seem to usually fall under the social engineering subset of hacking methods. Given that "security exploitation" doesn't naturally roll off the tongue the way Hacking does, it's also natural that such a term would be more favorable, even if wasn't considered an appropriate association.

I can give you a reasonable accounting as to why broader misterminology occurs, but that'd make for a much lengthier post. Quick summary'd be: Humans can suck (in this case, due to being willing to spread misinformation to individuals new to concepts), societies don't typically value the importance of language highly, people can be naive in their acqusition of new information, people will typically will try to avoid conflict, and bad habits are hard to break.

5 years ago*
Permalink

Comment has been collapsed.

I'm thinking it's people who don't have english as native language confusing "hijacked" and "hacked"

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

5 years ago
Permalink

Comment has been collapsed.

Semantics. At the end of the day, they reach the same goal, so hijack, hacking, phishing, scripting, it's all the same, just different methods of acquiring something that doesn't belong to them. As a techie, I understand these differences, but to the majority of people, the word "hacking" as a blanket term is sufficient. We all understand what they mean. ;)

5 years ago
Permalink

Comment has been collapsed.

Is it ok to post 4 links for reporting (google, eset, semantec) the website? I don't know if it still running. I haven't clicked.

5 years ago
Permalink

Comment has been collapsed.

I am not sure I understand what is being asked, here. P

5 years ago
Permalink

Comment has been collapsed.

He wants to provide links to sites where you can report the phishing sites.

5 years ago
Permalink

Comment has been collapsed.

Yeah bro you can post those sites. Hopefully more people will report the phishing links.

5 years ago
Permalink

Comment has been collapsed.

5 years ago
Permalink

Comment has been collapsed.

This person is hjacjjed too an one hour ago https://www.steamgifts.com/user/winni70

He is from my FL on Steam and i'm start getting these spam messages from him aswell.

5 years ago
Permalink

Comment has been collapsed.

View attached image.
5 years ago
Permalink

Comment has been collapsed.

same

5 years ago
Permalink

Comment has been collapsed.

:angery:

5 years ago
Permalink

Comment has been collapsed.

Thank you for this common thread. Yes, it's better to have only one common thread

5 years ago
Permalink

Comment has been collapsed.

No threads mocking people who got phished? How about threads mocking the unique snowflakes who mock the victims of this round?

And a serious question. If the attackers log in to steamgifts couldn't they use the visible won keys as proof of ownership, assuming there are wins on the compromised accounts? I never had to recover a Steam account, but I've read in many threads that showing some activated bundle keys would be enough for Steam support to give an account back.

5 years ago
Permalink

Comment has been collapsed.

Interesting, since Valve tends to not accept digital keys as proof of ownership, at least according to their FAQ.

5 years ago
Permalink

Comment has been collapsed.

That's why I asked. In that case, disregard what I just said, I must have misunderstood.

5 years ago
Permalink

Comment has been collapsed.

Happy cake day~

5 years ago
Permalink

Comment has been collapsed.

I think what they want is the redemption confirmation emails that you get for redeeming keys, so you would have to redeem the key to your account and generate an email for it. But, that said, I'm not entirely sure. If Steam works like some other online services do, they probably log changes to account information like email addresses, so they can probably revert using that information alone, but proof of ownership is always helpful from a verification standpoint and doesn't hurt to speed things up.

5 years ago
Permalink

Comment has been collapsed.

They want proof of keys associated with the account. The keys you see on someone's account are keys activated on other accounts. If you mean won keys, Valve can also ask for screenshots or PayPal receipts to see the keys were bought by that person. They usually tend to, since they are not complete idiots, they know that key trading exists. After all, they are actively aware of grey market sites.

No, this system is not totally perfect, but uncharacteristically for Valve, it is thought over.

5 years ago
Permalink

Comment has been collapsed.

How about threads mocking the unique snowflakes who mock the victims of this round?

The significant majority of the users in question are the exact same ones that spread hostility and prejudice in every single other thread that suffers from such. There's nothing surprising about their behavior, or the fact that their behavior was left unchecked.

That said, one'd assume it's more productive to attempt to change site policies than to aggress dedicated villains.

5 years ago
Permalink

Comment has been collapsed.

I know, Sooth. I tend to block these kind of people on the Steam forums, just felt the need to take a jab at them with that question and that's more attention than they deserve.

5 years ago
Permalink

Comment has been collapsed.

I wasn't arguing your sentiments, just clarifying that the issue wasn't specific to "this round", but is a persistent behavior of the users involved. Which is to say, as annoying as one may find their behaviors in this particular instance to be, the real issue is that the site has taught them that such behaviors are permissible. It's the same basis from which we're seeing such a notable rise in non-constructive thread necroing, and why other problematic behaviors continue to go unchecked.
(Which isn't to say that strict enforcement is necessary or even beneficial, but that there should be some guards against excessive expressions of such behaviors; In the case of necroing, that issue could be limited by threads automatically closing [as if the OP had done so themselves] after a certain timespan of inactivity.)

All I'm saying is, we should focus on the element that we have a chance to improve. The users in question are, even if not entirely beyond hope, certainly likely to be far more demanding in the necessary amount of effort required to affect a change. Well, in theory- cg does seem rather adamant about dodging those requests to do something about necroing. :P

5 years ago*
Permalink

Comment has been collapsed.

You are my second favourite support member for a reason :)
This discussion should be pinned!

5 years ago
Permalink

Comment has been collapsed.

I think 8 people on my friends list have sent me these messages today. This must be a really widespread and successful scam. I imagine Steam Support will take some time to get through all of these cases. I can't believe the links are still not blocked in steam chat.

edit: seems they are blocked as of just now

5 years ago*
Permalink

Comment has been collapsed.

Got a lot of friends sending me those messages

5 years ago*
Permalink

Comment has been collapsed.

Has anyone compromised already got his / her account back? Or atleast an email back from steam?

5 years ago
Permalink

Comment has been collapsed.

Yes, I know of at least one person on my friends list who got their account back in a matter of hours.

5 years ago
Permalink

Comment has been collapsed.

What region was he / she if you know? I heard there are some huge differences between NA / EUW / EUE in terms of response time

5 years ago
Permalink

Comment has been collapsed.

Turkey, I think.

5 years ago
Permalink

Comment has been collapsed.

I can also confirm that my first compromised friend got his acc back.

5 years ago
Permalink

Comment has been collapsed.

What region was he / she if you know? I heard there are some huge differences between NA / EUW / EUE in terms of response time

5 years ago
Permalink

Comment has been collapsed.

NA - USA

5 years ago
Permalink

Comment has been collapsed.

Damn, I am EuE and I haven't got answer in 25 hours. I should probably count with 2-3 days just because of my location
Thank you for the answer tho :)

5 years ago
Permalink

Comment has been collapsed.

Do not accuse others of being "scammers", as they sent you link to phishing site.
They are victims of this situation, not attackers.

they might be victimis
nobody knows

5 years ago
Permalink

Comment has been collapsed.

Well, at least the first one (or first few) were not victims ... then it just went down like domino

5 years ago
Permalink

Comment has been collapsed.

apparently this is not first or last attack, but it's good that SG take it's reasonable

5 years ago
Permalink

Comment has been collapsed.

I know :D

But seeing how wide spread this attack it, it would not be reasonable to accuse random users of starting it.

5 years ago
Permalink

Comment has been collapsed.

Entirely true.

..On the other hand, that avatar does kinda beg for accusations.

View attached image.
5 years ago
Permalink

Comment has been collapsed.

New one being used: https://spindatgamexx(dot)com

Similar to the other one, but with 2 x's. Maybe not worth reporting.

5 years ago
Permalink

Comment has been collapsed.

Thank you for mentioning it (and without creating a link, too).

5 years ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.