Since yesterday new wave of phishing attack spreads through Steam chat.

Works similar to previous attacks:

  • friend sends you message with link and information about free game
  • link leads to fake Steam log in page
  • logging in compromises your account, so that you're unable to log into it again
  • now-zombie account sends the same message you get to all your Steam friends, fishing for more unwary users

Do not click on any links, that are sent with this message:

1 free game for new users!
take the game you want!
....://spindatgamex(dot)com / rolldatgamexx(dot)com / spindatgamexx(dot)com / takedatgamex(dot)com

Or this:

Hi, can you spin this roulette <LINKREMOVED-JUSTINCASE> ? If GTA V, PUBG or CSGO falls out, I can buy the key from you. Try it, it will take no more than 30 seconds. You go -> press the ROLL button, a free game falls out -> you take the key and write to me) Well, or you activate the game on your account)

1. Can SteamGifts support staff can help me to recover my Steam account?

First of all we're unable to help you, as we're not connected with Steam Support.

All we can do is suspend your SteamGifts account on your request, so it won't be possible to do any harm here - see keys from ended giveaways, change e-mail, spam discussions, make fake giveaways etc.
You can request to be suspended under 1st post of this PSA. We will suspend you for number of days listed in your request, or give permanent suspension, if you prefer. You can write unsuspend request when you recover ownership of your account, to use SG again before suspension runs out.

If you don't want to suspend your account and have active / not claimed giveaways:
It is not possible to see keys from active giveaways. But when giveaway ends keys are available on /created page. That's why you should click on Modify link next to the key, copy it to secure place (such as txt file) and exchange it with gibberish, or already used key. That way no one, except for you, will be able to see them.

2. What to do when I was phished?

  1. Write to Steam Support, explaining situation
  2. Attach proof of purchase(s) that are connected to your account:
    • keys activated on account from bundles
    • keys activated on account from retail shops
    • receipt of buying game on Steam with credit card
    • steam wallet codes
    • photograph of boxed game code activated on Steam
    • more information here
  3. Wait for reply, it should take 2 - 3 days to recover account, if you manage to provide all necessary information

3. How to avoid being phished in the future?

When link redirects you to "Log in with Steam" page (same is true for log in with Facebook, Twitter etc) never write your credentials there.

  1. Open log in site on your own, by writing known address or using google. In case of preventing Steam phishing:
    • steamcommunity.com
    • store.steampowered.com
  2. Log in using your credentials
  3. Go back to site which required you to log in and refresh
    • if you're logged in your Steam account, and see green button "Log in" you're free to access website.
    • if refreshing did not remove request to provide your credentials - it's phishing attempt.

4. Anything I can do to help my phished friend?

To avoid further spam of phishing messages you can block communication with friend. And unlock it, when friends regain access to account. That way you don't need to remove user from friends to stop seeing messages, and don't cut ties with them.

As pointed here it is possible to report compromised Steam accounts.

You can also report sites, which are used in phishing attempt here:
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://app.webinspector.com/
https://submit.symantec.com/antifraud/phish.cgi
https://phishing.eset.com/report

Thanks for notice, Nask


1. Do not create new threads about this issue

We don't need to spread information and updates about this attack in multiple threads. It makes it hard to follow current state of situation.

That's why I will close all other threads about this matter. You can inform other users that you were attacked in this thread. No reason to create separate thread for every case.

Also please, don't create new threads in case of future attacks. Stick to posting all relevant information in thread created already by other user.

2. Do not accuse others of being "scammers", as they sent you link to phishing site.

They are victims of this situation, not attackers.
Do not write user reports on them

3. Do not create spam / mocking threads about this issue.


You can post any relevant information here, such as changes in phishing message, change of phishing site address, tips how to recover account, and discuss it in general. I will update this post in my free time. I do not like to cut ongoing discussions in other topics, but it is necessary to keep all information in one place.

Previous PSA posts about this attack:
https://www.steamgifts.com/discussion/HWhcX/psa-accounts-being-hackedphished-in-steam
https://www.steamgifts.com/discussion/TioOP/danger-careful-with-1-free-game-for-new-userstake-the-game-you-want-https-spindatgamexc-no
https://www.steamgifts.com/discussion/GCxxD/a-wave-of-steam-scams-beware-to-not-lose-your-account
https://www.steamgifts.com/discussion/xc8jE/i-fell-into-the-hack
https://www.steamgifts.com/discussion/cnNgf/definitely-not-clickbait-easy-steps-to-avoid-the-next-phishing-attempt-on-your-pc#oRnNU7W

4 days ago*

Comment has been collapsed.

Whoever falls for this obvious scam deserves no better.

4 days ago
Permalink

Comment has been collapsed.

yeah....it always makes me wonder how people fall for this :D
all they need to see is free game? sad

4 days ago
Permalink

Comment has been collapsed.

I think it's mainly because most people when they get a message through Steam from a friend they're not processing it with spepticism. Our first thought is probably never, 'is this a bot sending me this message?'

Of course, greed (for a free game) and the subsequent haste doesn't help either.

What surprises me now, is that I thought Steam itself even puts a big warning around any links in chat to try and help prevent these attacks. It's like the phenomenon of stickied threads being the most likely to be ignored. Once people are used to something common they block it out as noise. I do that with certain roadsigns even.

3 days ago
Permalink

Comment has been collapsed.

yeah, it make little sense, that is why i even click on that link
but before i even try to log in, i always search if that page is valid, if not, closing the page, no matter how interesting it might be
btw, that warning i saw too, but only rarely
but still, for someone who is long on steam, he should expect something like this, but for new users it might be problem and steam almost doing nothing against it

3 days ago
Permalink

Comment has been collapsed.

I'm a programmer specialised in Cyber Security. Believe me, you would be wise to not mock the victims of such attacks. You might not fall for this one, but i'm sure you will fall for some other fraud attempt ;).... and now i'm kinda hoping you will. It only takes one small second of not being sharp.

4 days ago
Permalink

Comment has been collapsed.

+1

4 days ago
Permalink

Comment has been collapsed.

You don't need to be sharp as long as you are cynical. I haven't managed to see even one believable fraud attempt yet and I'm very skeptical there ever will be one, but I guess some people believe ads are true as well.

3 days ago
Permalink

Comment has been collapsed.

If you follow a protocol of verifying what you are doing you at least shouldn't fall for these fake sites.

3 days ago
Permalink

Comment has been collapsed.

You should try +1'ing your personality with some compassion. It's free and comes bundled with empathy.

3 days ago
Permalink

Comment has been collapsed.

one of the best Tzaars ever seen

:P

2 days ago
Permalink

Comment has been collapsed.

No one 'deserves' that.

That's like saying someone was 'asking' to get robbed because the neighborhood they live in. You never been mugged? Must be nice....

3 days ago
Permalink

Comment has been collapsed.

An astonishingly high number of people think rape victims deserved it because of their vesture. As long as there's a malicious act, there will be someone blaming the victim and not the perpetrator. It's a sad thing.

2 days ago
Permalink

Comment has been collapsed.

kek, for the first time I almost got hijacked, I was so distracted and trusted the guy who gave me the link that I actually gave all my information, but I was fast enough to click on deauthorize all devices on steam and change my password, so nothing happened.

4 days ago
Permalink

Comment has been collapsed.

lucky you...

4 days ago
Permalink

Comment has been collapsed.

Nice! Way to be sharp even if you werent for a moment :).

It happens to the best of us. Just take this as a lesson. And don't blame the trusted guy (not that im saying you were), he's just a victim to ;)

4 days ago
Permalink

Comment has been collapsed.

deauthorize all devices on steam

Taught me something new today.
Haven't been hacked, but good to know 👍

3 days ago
Permalink

Comment has been collapsed.

So just a question then about sending keys to winners. Have a few gives finishing tonight. Should I contact winners individually (or something?) to make sure i am not sending a key to a compromised account?

4 days ago
Permalink

Comment has been collapsed.

You have a week to send the key after a giveaway expires. If waiting a few days means the person can get his/her account back, I don't see any harm in this. Checking their steam comments board as well may reveal the current state of the account also.

4 days ago
Permalink

Comment has been collapsed.

Yeah, i don't want a winner to miss out on their key, i just don't want it accessed by somebody who is not them. I just figured I should be doing more than just checking for unactivated games etc this time.

4 days ago
Permalink

Comment has been collapsed.

Technically, the only thing that happens after seven days is that the winner is allowed to mark the game "not received." That can be quickly addressed by sending the game anytime after, so there is no need to worry if you are simply delaying in sending the gift.

4 days ago
Permalink

Comment has been collapsed.

"Checking their steam comments board as well may reveal the current state of the account also."
I noticed on several of these accounts as part of the take-over it hides all this information (leaving just the name and avatar on top), maybe because people were warning each other like this?
One of those Steam privacy functions that handidly benefits people who take over accounts like this :/

4 days ago
Permalink

Comment has been collapsed.

I got a new friend request on steam around the time this started, and they disabled comments so I can't even ask if they know me from somewhere XD Suffice it to say I've gotten quite careful about random invites. Whelp.

4 days ago
Permalink

Comment has been collapsed.

I had a random invite yesterday. Looked to see if it was for a win here, but it wasn't. So I deleted it. No idea who it was. And it was before I saw the first topic here yesterday about the hijacking.

4 days ago
Permalink

Comment has been collapsed.

I had one too, named Eva with a hot girl on profile pic, but previous names were from CSGO free Items and such. Instant block.

4 days ago
Permalink

Comment has been collapsed.

If I remember, that users name was different but had similar CSGO names.

4 days ago
Permalink

Comment has been collapsed.

Same hot girl, but no remember the name

3 days ago
Permalink

Comment has been collapsed.

New link surfaced as old links are getting removed

Staff feel free to remove if you think I shouldn’t post

“https-takedatgamex”
“http-spin....”
“http-Roll.....”

4 days ago
Permalink

Comment has been collapsed.

Apparently these people have nothing better to do. Like hacking into the pentagon.

4 days ago
Permalink

Comment has been collapsed.

How much are steam accounts worth that there are so many scammers?

4 days ago
Permalink

Comment has been collapsed.

They know that most accounts will be recovered, but not all the items in the inventory. That's mostly why they do it.

4 days ago
Permalink

Comment has been collapsed.

Out of all the different comments out there, I'd like to just state personally, I wish the best for anyone that's been hijacked, like I have. I also appreciate everyone who has 'shouted' (or more appropriately, put up posts to warn others) about the ongoing scam. Now is not the time to get technical with semantics regarding if its a new scam, if its a hack or a hijack, we are here to help each other and support each other (at least I would hope so) and I think the best thing we can do for each other is to continue to push positive thoughts and comments to each other and those affected by this horrible situation.

I would also like to point out that I find it quite appalling that Valve takes 30% of dev income, yet can't even get back to us in a reasonable timeframe when things like this happen. I also find it appalling that they don't have better checks in place like a Russian IP changing account settings for a US account, or actually verifying with the user changes, rather than notifying them if they didn't make the change to contact support (and wait days(?) for a response).

Finally, anyone with positive comments here will be whitelisted by me, and anyone being cynical or mocking will be blacklisted.

Thank you SG and community for your concerns, wishes, and PSAs!

4 days ago
Permalink

Comment has been collapsed.

thanks for the words of wisdom and wish all of us affected have resolutions soon.

4 days ago
Permalink

Comment has been collapsed.

why should all this fall under valve's responsibility?

they give us a 2-step auth and they constantly warn people to check if the site you're entering your info is secure.

what else should they do?
checking if someone is accessing your account from other country sounds good in theory, but what if you're getting hacked by someone in your own country?
should valve send you an email confirming your log in attempt each time?

the only thing i would change is their 2-step auth system and move to something like blizzard-auth. that looks more secure than a random code people can copy-paste into any site.

3 days ago
Permalink

Comment has been collapsed.

"why should all this fall under valve's responsibility?"
cause its allways the responsibility of someone else ;)

3 days ago
Permalink

Comment has been collapsed.

I still find it strange that the mobile authenticator and Phonenumber can be deleted that easily without any extra Securitycode. That is the part where valve should take responsibility and change it to something better.

I do agree that the biggest part lies with us. Somehow we still fall for the free games. it's greed ain't it.

3 days ago
Permalink

Comment has been collapsed.

Exactly. The fact that my account always connected from AU and suddenly removes all that from Russia should be more than enough to trigger an automatic lock.

3 days ago
Permalink

Comment has been collapsed.

Then again, perhaps your name is Trump and you just happened to have a "normal business meeting" in Moscow, huh? :D

Seriously tho, phishers likely already use VPNs and such, and after an user visited a phisher's website, the phisher perhaps even specifically picks a VPN closest to the location they learned during that visit.

3 days ago
Permalink

Comment has been collapsed.

This is the one point I simply do not understand and keep asking myself: how?

Good luck to everyone recovering their accounts! (Been through this some weeks ago with my father's account.)

3 days ago
Permalink

Comment has been collapsed.

Why should it fall under Valve's responsibility? Because a company is responsible for the security and safety of its users, period. By going off of your question / statement alone, one could then argue, why have two step authentication, why have SSL certificates, why should the company have any checks in place? Why? Because it is good practice, especially if you want to keep a confident client base.

I already stated what else they should do, verify with the user that the changes they are making are authorized. You couldn't put a hole in that, so you didn't argue that point. The other points, yes I can see how there could be ways for events to fall through the security checks, like the scenarios you brought forth.

If a company wants to simply tell a user that their information has been changed and to contact support if it was not authorized, they better well have a much better turn around time than 25 hours (in my case). Within that time frame, there could be quite a bit of damage to the account.

You cannot trust end users to be savvy, smart, or to do anything that does not require explicit interaction. Even myself, who is very computer and internet savvy, can have a "brain-fart" and not do the due-diligence that is required.

By having in an extra step to state to verify your changes, it would have mainly kept this scam from sweeping across the Valve user base. It is a simple extra step, and I doubt any user would complain about having to click a confirmation link in an email rather than lose control of their account. Other companies have this extra step, even some with the inclusion of having a two-factor authentication, and it works quite well.

Edit: Additionally, just so you know I'm not just here here to complain about policies and not take any action. I did bring up everything I stated in this thread with Valve directly within my support ticket. That's really the only place my ideas or suggestions really matter, because it will be up to them to decide to change policies and adjust the quality of security for their customers.

Edit 2: I do agree with you on the auth change!!

1 day ago*
Permalink

Comment has been collapsed.

I received the message from a 80 level friend,but I couldn’t open the webpage with the GFW......

4 days ago
Permalink

Comment has been collapsed.

Bump.

3 days ago
Permalink

Comment has been collapsed.

Thanks for the info. I've had two friends spam me with these messages. I obviously stayed far away from it. Hope everyone can get there account back

3 days ago
Permalink

Comment has been collapsed.

*their account

3 days ago
Permalink

Comment has been collapsed.

I got my account back today. All of my friends except 1 where deleted. All comments where deleted except for a very suspect message from a Russian account. I won't post the Russians account here, but if anyone else who fell for this has a similar message, it could help to point to the perpetrator.

3 days ago
Permalink

Comment has been collapsed.

Did you lose any of your Inventory? Hopefully not!

As for that account, I take it you reported it to Valve?

I'm glad you got your account back. I still have at least 2 friends that are still affected, but it looks like some of them have had theirs restored (I had 7 friends in total affected so far).

3 days ago
Permalink

Comment has been collapsed.

Lost nothing. Luckily the removal of the authenticator initiates a 14 day cool down on trades, etc.

Reported the account to Valve, but I won't be holding my breath that they actually do anything about it.

The thing that makes me shake my head is that the fact that my account has always connected from AU and then a sudden change of password and removal of the authenticator from a Russian connection is not enough to trigger an automatic lock. It's my own stupid fault that it happened and the fact I was hung over and half asleep is no excuse.

3 days ago
Permalink

Comment has been collapsed.

  1. It's a shame we don't have a "sticky post" functionality in SteamGifts.
    It would make announcements like this one more visible.

  2. I would also add a caution for people to be careful of sites offering free games or giveaways - this is the most common way scammers try to lure people.
    Not all giveaway sites are scams, but (almost) all scams are giveaway sites.

3 days ago
Permalink

Comment has been collapsed.

There is one for CG's announcements, at least

3 days ago
Permalink

Comment has been collapsed.

Only cg can pin posts. And it's done for Announcement category, when there is some bigger change introduced. Like no-value games or change how levels are calculated.

3 days ago
Permalink

Comment has been collapsed.

thanks again, we all owe you a lot :)

3 days ago
Permalink

Comment has been collapsed.

Steam support just got back to me :)
Info for those, who were compromised

  • my steam wallet is the same
  • everything that I had in Steam trades was added to my inventory
  • nothing from my inventory dissappeared
3 days ago
Permalink

Comment has been collapsed.

Welcome back!

3 days ago
Permalink

Comment has been collapsed.

You are third player that got account back.
First is breadman
Second is armpt

Congratulations!

3 days ago
Permalink

Comment has been collapsed.

I got it from the first one :D so I wonder who "gave" that to him

3 days ago
Permalink

Comment has been collapsed.

Good news :-)

3 days ago
Permalink

Comment has been collapsed.

how long did it take for them to respond to you?

3 days ago
Permalink

Comment has been collapsed.

around 42 hours

3 days ago
Permalink

Comment has been collapsed.

hmm so it ranges from about 1-2 full days.

3 days ago
Permalink

Comment has been collapsed.

Just a bump

3 days ago
Permalink

Comment has been collapsed.

I knew there was a reason I kwpt my friends list at only 7 people. I delete everyone after gifting/trading. Soory to hear of all the trouble everyone is having and wanted to bump the thread.

3 days ago
Permalink

Comment has been collapsed.

Hasnt this been around for ages, why is everyone falling for it now?

3 days ago
Permalink

Comment has been collapsed.

I hope everyone who got infected will recover their accounts soon. For those still waiting, have a cute sleeping kitty to look at ;)

View attached image.
3 days ago
Permalink

Comment has been collapsed.

Just got my account back.
Steam support response time = 26 hours
My Steam wallet balance is gone. Hopefully support can help.
Nothing in inventory is gone.

3 days ago
Permalink

Comment has been collapsed.

Glad to see you got your account back. Sorry your wallet balance is gone though.. what was the balanced used on?

3 days ago
Permalink

Comment has been collapsed.

did you just send one ticket and be done with it, or did you have to follow up with them

3 days ago
Permalink

Comment has been collapsed.

Just one ticket got my account back. Still following up on the Steam wallet ballance
Make sure you provide all the information they ask for, otherwise it will take longer, as they will need to ask you questions.

3 days ago
Permalink

Comment has been collapsed.

Soon enough they'll run out of spin iterations and eventually there will be one called helicopter spin and it will look nothing like an average (fake) Steam community page

3 days ago
Permalink

Comment has been collapsed.

UPDATE: I got my account back took about 26-27 hours for steam support with nothing missing in my account :)

3 days ago
Permalink

Comment has been collapsed.

Congrats! :)

3 days ago
Permalink

Comment has been collapsed.

Didn't realize this time around the phishing was this widespread successful. Nobody on my List seems to have been affected (yet, anyway) but hopefully all affected users get their accounts back. bump

3 days ago
Permalink

Comment has been collapsed.

Ok, my account finally got reset, so I'M BACK, PEOPLE!!! 😀 💥 💙 🎶 🎸 🥁 (。◕‿◕。)

3 days ago
Permalink

Comment has been collapsed.

Woohoo! Welcome back!

3 days ago
Permalink

Comment has been collapsed.

Congratulations and welcome back, grez! Everything still where it should be?

3 days ago
Permalink

Comment has been collapsed.

Looks good...no Steambucks gone, cards all still appear to be there, etc. Game count is slightly lower, but I think that they restore from logs, so it probably dropped all of my free games. If that's the worst that happened, all is well.

I've been logging in to check my credit card for weird activity (because they could have charged it for Steambucks and then bought things as gifts), but there was nothing there. Not sure if someone was just trying to prove something or what.

Regardless, if this had been someone trying to steal things, they would have had 1.5 days to clear things out of my account before Steam did anything about it. Their support is just not acceptable for a company of their size and income. If you're going to be the market leader, you need to act like it.

I will say that the support person that I got (via message in the ticket only) was nice and knew what they were doing, so that's good. But it's just terrible that I can't jump on the phone and alert someone right away to stop the problem before it gets worse. This could have been completely solved in an hour or two, and instead it's still going on as they slog through this one email-based ticket at a time.

Happy to be back, in any case. :)

3 days ago
Permalink

Comment has been collapsed.

Glad to hear you got your account back :)
When you disable the authenticator you have a "cooldown" period of 14 days anyways, so I'm going to assume that they are hoping some people who use their account less often won't noticed or for someone who doesn't have the authenticator. Otherwise what could they really do to gain anything in a day, I wonder, unless there's something I just don't see... You're right thought a day in a half is quite long for any response, if they can't get to it before that they should at least block the account to minimized the damage. Imagine if you lost your credit card and they made you wait a couples day before responding. A lot of people have some kind of payment method linked to their account.
In any case happy to hear that you are back!

3 days ago
Permalink

Comment has been collapsed.

Yep, two weeks before I can trade again or anything, but least of my worries, right?

Glad to be back. :)

3 days ago
Permalink

Comment has been collapsed.

grats

3 days ago
Permalink

Comment has been collapsed.

Nice to hear. Welcome back! :)

3 days ago*
Permalink

Comment has been collapsed.

how long did it take for you?

3 days ago
Permalink

Comment has been collapsed.

About 36 hours :(

And that was after hitting them on Twitter and Facebook to pressure them about 10 times

3 days ago
Permalink

Comment has been collapsed.

Glad to hear that! ^^

3 days ago
Permalink

Comment has been collapsed.

YAY! Welcome back, man!

3 days ago
Permalink

Comment has been collapsed.

Yey, just got my account back! :D

Sorry to everybody who got a scam message from my hacked account! :(

For people wondering, it took support around 24 hours to respond to my ticket, nothing is lost from my account, I did get a permanent ban from PUBG tho.... so now all that's left is waiting for a response from their customer support......

3 days ago
Permalink

Comment has been collapsed.

They are scamming people just to get them banned in PUBG?
Don't they have any other hobbies? -.-

Congrats for getting your account back! ^^

3 days ago
Permalink

Comment has been collapsed.

they probably wanted to sell my inventory stuff, but because they had to remove steam guard, there is a 14 day trade/market restriction :)

3 days ago
Permalink

Comment has been collapsed.

They probably intended that, but getting someone banned is just pathetic.
And even they must know about the 14 days restriction. I don't think any support will need 14 days. ^^

3 days ago
Permalink

Comment has been collapsed.

Maybe they are also selling accounts and cheaters are buying them?

3 days ago
Permalink

Comment has been collapsed.

Could be. But why are they perma-banning the account then (in some games)? I really don't get it - in what world are we living?

3 days ago
Permalink

Comment has been collapsed.

Someone else mentioned CSGO being played on their account. So this is probably exactly it.

3 days ago
Permalink

Comment has been collapsed.

Ow, and apparently I was added to a blacklist yesterday x)

Damn those scammers xD

3 days ago
Permalink

Comment has been collapsed.

Here on SG?

3 days ago
Permalink

Comment has been collapsed.

yup x)

I guess one of the people who received their scam message through steam thought it was me haha

3 days ago
Permalink

Comment has been collapsed.

Well, then have a whitelist as compensation! ^^

3 days ago
Permalink

Comment has been collapsed.

haha, thank you very much, you've been whitelisted back of course :3

(was eating dinner, sorry for the long response time xD)

3 days ago
Permalink

Comment has been collapsed.

Nevermind, I was eating dinner, too! XD

3 days ago
Permalink

Comment has been collapsed.

yeah I was added to a blacklist as well. oh well...

2 days ago
Permalink

Comment has been collapsed.

Congrats! Sorry to hear about the ban and a blacklist though... hugs

3 days ago
Permalink

Comment has been collapsed.

I can't even access the site all I get is some russian site saying its blocked.

3 days ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.