Account got Hijacked - Please DON'T make my mistake!

If you want to learn more about current scams, there’s a subreddit called r/scams where people talk about what scams they’re running into. I’m sorry this happened to you, and it’s not your fault. It’s sad to have to question yourself about a friend who sounds like they always do. Who wants to live in a constant state of mistrust?

I think I'm done hearing about scams to be honest. I don't wanna remind myself about it, but yeah, staying informed is important. I still don't mistrust the person, although I know their account got compromised. I'll be more careful in the future when stuff like this show up. It's a first timer for me, especially coming from friends I had in my list for a long time.

It was nice of you to follow up with everyone on your list. It probably saved several people.

I felt responsible and just downright bad if I wouldn't. It took my entire day to reach to all of them and explain. There were others who fell for it, but they said that didn't notice any sort of damage, so that's fine. They changed their account password and I believe e-mail. It's easy to fall for this coming from people you trust or have expectations of. My intention is to provide trustworthy stuff and if I am acting all sketchy and stuff all of the sudden that doesn't sit well with me. So, that's why I wrote to people one by one, send activity messages with updates and well... made a discussion here. I have a lot of friends from Steamgifts here that trusted me. I don't wanna break that trust.

I wouldn't have unfriended him because we spoke for a while and he never tried to scam me. So it wasn't something that would put my guard up. It's so strange this happened.

Yes. I saw that news... I don't even want the items... would be happy to get the value of the items back, even if they are sold at a minimum price.

Opening the link isn't a problem. Logging in using your steam account is what causes the issue.

I don't think GeForce Now can use automatic login since what they're running is essentially a virtual machine with a standard Steam installation, if I'm remembering correctly you can even find it as one of your account's authorized PC's. So just as with any other PC you use the Steam client from it will need you to re-log if you haven't logged in in a while, but it shouldn't be each time, more like only if you haven't used it in more than a couple of weeks, at least in my experience.

This is a good question, but using NVIDIA GeForce Now kinda uses a funnel so holding credentials is dangerous for them, therefore it doesn't trust. You connect via a server, so you're not really supposed to have your credentials stored in such a place because they are not secured and could be easily cracked opened if NVIDIA has a breach and the hackers steal all the credentials off of people.

eh, seems like you've got enough lecturing already and the important stuff was said and you acknowledged it, so I won't add my two cents on the security side of things.

Yes. I think the most lecturing I got was from myself.

I'll just tell to not beat yourself about that too much since it can happen even to the best in case you don't know, that's Jim Browning - a cybersec genius and professional scambaiter

I remember watching that video. I know it can happen to anybody really.

I'm glad you've regained control over your account even though you lost your cards you still have your library. and I'm gratefull you shared your story with us - maybe you'll save someone from falling for that scam themselves! I wish all the best in this unfortunate time. Stay strong!

Thank you for the kind words. It means a lot!

I've learned my lesson and for sure I'll be a lot more careful when I get this kind of links. I shouldn't have trusted it, but still, I did and I can only blame myself for this.

Kauil, I was trying to get a hold of you on Steam, but you've blocked me. I was trying to explain that I would never do such a thing to you or anybody and warn you that I had my account hijacked and all those messages sent were not made by me. I am really really sorry for what happened and for putting you through all that work. I would understand you're upset. There's a second person I was referring in this messages that I am also hoping would see the discussion.

I honestly didn't know this was happening under my account. I was informed mid-day about the account theft and only after the scammer already sent to 20-30 people and blocked them from communicating or completely blocking them back. I hope you'd accept my apology and if you don't wish to be friends, I can understand but know I'd never invite or try to scam someone.

I tried to log in and I received an SMS on my phone that my authenticator will be moved or deleted.

My app didn't warn me of such changes. So I wasn't aware it happened. I would have prevented it.

I actually found out that's not really possible. I have lost all that I've had forever. It would mean a lot of work for Valve and that was my fault for not being more careful and trusting so easily even when it came from a friend.

Story of my life. 😅

Because if I never saw it coming, surely others didn't either. If I can save a few others from the same faith why not share? Most people keep quiet, and never speak about it and their friends or others don't know about it and more people fall for the same tricks.

2FA only helps in the case of a compromised password. If the victim types the 2FA code into a fake login form it does not do any good. Furthermore I think Steam's TOTP has a really long timeout -- not 30 seconds but instead several minutes, so the window for the scammer to use that code to steal your account is even longer.

Ideally Steam would implement FIDO2 which is resistant to phishing by design and could help to prevent this kind of stuff.

Yes, if you are not giving that access to them.

Yes, well I knew chances are rare to happen, but they still happen. It's harder to believe it would happen to you until it already did.

I have a lead and the accounts got reported. But they are probably just a chain. If I was to do what they would, I'd likely disperse the items all over the place and get the whole thing confusing for the staff to identify. I doubt the dummy account has all my items and they are just sitting there.

Surprisingly not enough. I think this was the wake-up call I needed. Even if it's upsetting to think I lost it because of a scam, I am optimistic that this year is gonna be a lot better than the last.

Happy New Year! I suspected it too, because when it's best to fill your pockets with awesome items from others but during these holidays. You'd expect people to be more kinder to one another during this season, so their guard is down.

You can even capitalize that one so the ones in the back can hear it too.

Yes, that was the advice most people gave here and it's a useful one to remember. Thank you for the kind words.

Sorry man... Did you lose items too?

I'm so happy you got your account back! That's the most important thing.

I can't be any happier knowing my account is safe and I am planning to keep it like that from now on.

I don't have you as friend on Steam anymore but it's not important, maybe you wanted to clean your list!

I don't remember unfriending you to be honest. 🤷🏻‍♂️ I don't unfriend people. Unless the scammer did it when I was not aware. I did try to track my friendlist and see who got unfriended here. I've re-added you back and I am sorry about it. People need to be real douche in order for me to unfriend them or block them. I have over 220+ people as friends, so I honestly struggle to keep track what happened but know you'll never get an unearned ban or unfriending unless it's not me or I don't announce it.

I like to befriend people, so that wouldn't be in my character. 😀

Hope you find a way to get even you cards back!!

I don't think I will, but I will appeal for it. I just hope to hear from Steam support about it at least to tell me "Sorry, we can't help you with recovering your items."

Good people always under attack. That's not fair!

Just have to learn to be more careful who I trust. That's all and learn from my mistakes. We're all evil in someone's story.

One of the person's that blocked me because they thought the real me wanted to scam them is the last remaining person I was trying to get to to explain myself, but I can't do it. So, I reached to his friends and wrote a kind message on their profile if they can please contact the guy for me and ask him to at least listen to me.

In response I got this from him:

View attached image.

View attached image.

Yep, that's how it is. I wish I knew about it, but heck... it is what it is now. Thank you for your kind words. 🙏🏻