I am sorry...
I tried bringing this website to everyone's attention a month ago and and got a lot of heat for it. So I closed the discussion.
I got a random steam message in Japanese just like a few posts above.
Here is how i found out it was a scam...without having to sign-in:
Whatever game you win, during the countdown...the visible part of the game key remains the same.
Its probably a little late now. But if you are ever unsure about a website in future let me know...a second pair of eyes is always helpful.
Comment has been collapsed.
Ok, your joke about Putin being a hacker was funny the first time. But posting it in every recent phishing thread is just silly.
Comment has been collapsed.
Remove the link because someone else could click it by accident. Keep us updated!
Comment has been collapsed.
damn it's why you and VCC sent me a lot of spam with this link
Comment has been collapsed.
how can they check with their fake login site, if my credentials are correct?
none of the links there are working, and the language on the top right is strangly russian, but everything is in german
Comment has been collapsed.
hello bro I sent a message to steam support for told them you're account has been stolen maybe if a lot of people do this, steam can be more qfast for help :)
Comment has been collapsed.
Yeah, i created suport ticket: https://help.steampowered.com/en/wizard/HelpWithAccountStolen
Comment has been collapsed.
Grats, Steam support can be on the ball at times. Hope nothing got lost in the meantime.
Comment has been collapsed.
I had to unfriend because of the spam. Sorry your account got hacked. Let me know when you get it fixed.
Comment has been collapsed.
Like everyone in this thread I feel you and hope you'll get your acc back soon. But I think all you guys should also report that phishing site so internet browsers would warn people before entering.
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
Comment has been collapsed.
A steam friend of mine also got his account hacked. He sent me around 10 messages with 2 different malicious links. I didn't click them, obviously. Still, how do people fall for this scam? I'm not saying this in order to judge them negatively, but I mean that this type of scam is nothing new. So, how has this new one got so many victims? Is it more trustworthy-looking than the others?
Comment has been collapsed.
I just wanted to see what those sites look like and what to look at in such occasions (yea sure first thing is never click and login only to official steam site, OK, but I still want to know and still want to look; more informations are always good) but the site seems to be down, at least for me.. DNS_PROBE_FINISHED_NXDOMAIN using https and ERR_NAME_RESOLVING on http..
Comment has been collapsed.
someone just wrote me via steam (5 x)
1 free game for new users!
take the game you want!
rolldatgamexx.com (don't visit this site)
yea sure.. just an example that there are different sites spreading right now.
Do not klick on that link and block all friends who send you those.
This is just too obvious, how can people even klick on those links and LOG IN with their real steam accounts. :|
Comment has been collapsed.
because they are very desperate for steam games desperate enough to sacrifice their account.
Comment has been collapsed.
I don't want to be that guy, but stopping login into random sites just to get a crappy +1 might be a good start for not losing your account.
Comment has been collapsed.
It's not a random site. On first glance, it looks like a legit Steam login page for "Login via Steam" thing, except for the URL.
People should lean what's easily fakeable and what's not (Webpage look, URL, certificate).
Comment has been collapsed.
Was two-factor authentication not turned on? I'm confused as to how they could have used your password to hack your account without also having access to your mobile authenticator code, which constantly changes. Not doubting your story, but it's a big problem if these hackers have discovered a way to bypass two-factor authentication.
Comment has been collapsed.
I didn't try it, but I assume that the fake login site also asks for 2FA code.
Comment has been collapsed.
But the code changes, like every 30 seconds right? Once the new code activates the old code stops working, so the only way I could see this working is if the logins to the scam page were being actively monitored so that the scammers could log into real Steam with the active code inside of 30 seconds. Or could there be some script running on the site that automates that process? If so that's pretty disturbing.
Comment has been collapsed.
Seems like that could potentially work with any fake site claiming to be an authentic one and using 2fa - Amazon, banking sites, anything. That's scary.
Comment has been collapsed.
Of course that works with everything. If you give someone everything he needs to authentificate as you, then it takes mere seconds until password and email are changed ynd you are logged out everywhere.
Thats why so many people get "hacked". Because people are morons. Thats all what it boils down to. Phishing is like scamming. You don't need to get everyone, only the 2 out of hundred people which are to stupid.
Comment has been collapsed.
True that. I'm typically overly-cautious about where I'm entering my account info - to the extent that sometimes I'll even check out the SSL certificate to make absolutely sure I'm on the legit page. But I never considered that 2FA could be so easily bypassed if you're not paying attention to where you are. I'm going to have to keep that in mind and make sure I don't get complacent.
Comment has been collapsed.
The thing is it depends on the service.
Let alone "You can not remove/change your phone, change your email or change your password at the same day" would help quite a lot. Or "You really need your phone to change 2fa, if it got destroyed, you need to go through support." would prevent alot.
Comment has been collapsed.
Oh yeah; I'll admit years ago I was lax enough to use the same password for almost everything, but I had a scare and immediately changed that policy - these days every login gets a different password. It's a PITA, but it's just one of the steps we have to take in this day and age.
Comment has been collapsed.
Of course it's automated. Or did you think there is a guy sitting 24/7 waiting for some moron to enter his credentials?
Comment has been collapsed.
Yep, a single guy sitting in front of a single computer 24/7. That's definitely what I thought...
Comment has been collapsed.
Not me. Possibly because of where I reside? Still scared, don't know what else I can do.
Comment has been collapsed.
My account has been stolen.
Email was changed as well as password and the steam autenticator removed.
What can I do fast?
The site that steals accounts:
spindatgamex
DO NOT LOGIN THERE
Don't accept any friend requests or links in messages from anyone who said their acc was stolen in here
our accounts have been hacked and all 3 of us without account were his common friends.
AND DO NOT CLICK LINKS FROM HIM UNLESS IT IS SOLVED (you can also check comments on his profile)
Comment has been collapsed.