I was logging in a somewhat suspicious site, as one often does when you're a SG user, which used the "log in through steam" thingie, as this site for example does so I thought "safe enough" but apparently it was used to steal (phish) my Steam account from me, now I don't have access to it, steam won't recognize my email or phone number anymore for the automatic recovery process so I've panicked and don't know what to do next. I'm trying to directly contact Steam support but can't even find how. Help pleeease.

UPDATE: Steam Support has done a good work after I provided all the info they needed and I got my account back a couple of hours ago.

5 years ago*

Comment has been collapsed.

5 years ago
Permalink

Comment has been collapsed.

What SilverBlack posted is what you have to do.

For the future, if you get your account back, always make sure you are on an official Steam site when entering your login data.

Edit: Well, you might have to change the language if you don't understand Turkish, I guess.

5 years ago
Permalink

Comment has been collapsed.

you have never entered your username and password on this site?
because I don't think they could have stolen your account without it.

were you already connected to steam before pressing the button or did you give your login because pressing the button asked you to?

5 years ago
Permalink

Comment has been collapsed.

Ok, so....

@tucsoufle yes I made the mistake of entering my login info after pressing the button, thinking I just got logged out of Steam. Obvious naive mistake, I guess I have been very lucky so far, over the years I had logged in a good number of sites using that method with zero problems, also have been a trader for a long time and have had no account-threatening experiences, so I clearly got overly trusting.

The issue I was having now was that the steam support page (the one that you guys posted above) was asking me to confirm my email account to start the recovery process... but ofc that email account had been changed... then asked me to enter my password instead... which had already been changed, AND they had removed my authenticator aswell, so I was on a loop and there was no way to start the recovery process.

Finally, I figured out that I had to click on "forgot password" on that last instance, then they suggested to lock my account, which I promptly did, and then after looping through the same process again, it finally got me to the form page, where I was able to enter my personal info, billing, paypal transaction IDs, CD-keys etc. as proof of ownership so now I guess my recovery process is underway.

Let's hope it all ends well and thanks for your comments and help.

5 years ago
Permalink

Comment has been collapsed.

You have a separate account for Steam support, for this very reason (an astonishing number of users get their account stolen with the most childish traps, so Valve separated them completely). There is a good chance you do not even have an account there yet if you never visited it. But you can use your normal email address.

5 years ago
Permalink

Comment has been collapsed.

Hey, thanks. I probably didn't have a support account. As I said I had never encountered anything like this in 8+ years as a very "hardcore" user of Steam and vaguely related sites. My dumb luck ran out I guess.

5 years ago
Permalink

Comment has been collapsed.

a very "hardcore" user

Would you be a hardcore user, you wouldnt lost you account in this stupid way -.-

5 years ago
Permalink

Comment has been collapsed.

Valid point. Obviously stupid of me.

My point stands, tho. Don't call it hardcore if you don't like it. I just mean I have spent a lot of time and money on it over the years, and sites like SG and other not-so-official sites that may seem fishy sometimes (hell, lots of ppl find SG and ST "fishy"), but do not intend to steal your account. I have been lucky so far I guess, to the point I got too trusting of this login method.

5 years ago*
Permalink

Comment has been collapsed.

entering my login info after pressing the button

That means it was not stolen. Thats means you dont need it anymore so you gift it to somebody.

Also what do you want now? We are not the steam support. Create a ticket write them you dont need this account anymore. -.- Maybe they will delete it for you.

5 years ago
Permalink

Comment has been collapsed.

What I wanted was some advice and info on how to proceed, while I was trying to get to send my steam support ticket, exactly the help and advice I did get from all these nice users.

Also, of course, even if I did "give my account away", (phished may be the proper word) I wasn't aware of it, obviously I was scammed into doing so, and I do need the account. And while it's clear I fell into a dumb trap, I don't think its's very nice to blame the victim here.

5 years ago*
Permalink

Comment has been collapsed.

If I ask you "What is your login" and you freely give me, thats definitely not phishing.

5 years ago
Permalink

Comment has been collapsed.

If you falsely appear to be Steam asking for it, it is. It is exactly the textbook definition of phishing. I though I was logging in to Steam, as I have done thousands of times, and that was their clear intention. Don't be a troll.

5 years ago
Permalink

Comment has been collapsed.

He already learned his lesson and asked for help which people gladly provided. There is zero reason to go out of your way to 'correct' his wordings.

5 years ago
Permalink

Comment has been collapsed.

5 years ago
Permalink

Comment has been collapsed.

"by sending an email that looks as if it is from a legitimate organization,"

How the already suspicious site looked like a legit site? Like he wrote, he already know it was a suspicious site but he still entered it.

5 years ago
Permalink

Comment has been collapsed.

I haven't seen the site myself to guess, but I've heard about some of these sites to wonder if I might not notice after a few beers/tired or with screaming children in the background etc ^^

5 years ago
Permalink

Comment has been collapsed.

after a few beers/tired or with screaming children in the background

Thats own fault. If I ask you on street to give me $1,000 and you give me, I dont phished you, I just asked you friendly.

5 years ago
Permalink

Comment has been collapsed.

It depends what jurisdiction you live. In most, you have legal recourse if you have entered into contract under false pretense. In fact, intoxication is a valid legal defense in contract law.

Another example is if someone accidentally leaves their credit card laying around. Picking it up and using it for yourself is fraudulent. It might be your own fault to lose your card but it does not give others rights to your belongings. Same with leaving your door unlocked etc.

5 years ago
Permalink

Comment has been collapsed.

Probably a better example might be if while you were drunk one day you told your roommate the PIN number for your bank card. It still does not entitle your roommate access to your bank funds.

Or another example is if your drop the key to your house on the front sidewalk. The neighbor that sees you drop it can pick it up but they can't use it to get into your house. ^^

5 years ago
Permalink

Comment has been collapsed.

marsHm311oW is the usual "blame the victim" guy. There's always at least one around. :shrugshoulders:

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

5 years ago
Permalink

Comment has been collapsed.

Honestly as a 3rd party, marsHm311oW is giving off every vibe that he himself phishes, the victim blaming, the broken English, the lack of empathy... IT'S ALL THERE!

5 years ago
Permalink

Comment has been collapsed.

As I understood OP, the suspicious site wasn't the one looking like Steam but the one pointing to the site looking like Steam. Kind of as if SG looked suspicious (I'm sure a few ppl find it that way) but, then SG properly points you to Steam for logging in, not to a phishing site.
But yeah, always checking the URL is a must, particularly when you expect to already be logged in as is the case with Steam.

5 years ago
Permalink

Comment has been collapsed.

This exactly. Of course there's fault of my own too, but this user is making it appear as if I purposefully gave my info to just a random site that asked for it, and I would have never done that if I wasn't convinced I was giving it to Steam instead.

5 years ago
Permalink

Comment has been collapsed.

Sites use a specific steam affiliated login system to link accounts (or use account details). If they are adequately able to fake that page, then it can be an effective phishing method. The same way that the second wave of phishers learned to mimic official correspondence on a visual level (formatting, decals and logos, font) rather than just dropping random "Yo its me, your bank, gimme your deets" in plain text. For a site to seem 'suspicious' is only needs to have an unprofessional looking design, or promote things like the whole 'hot random keys' racket, or be involved in skin raffles or grey market trades.

Given you're speaking so confidently about the subject of phishing you should already be aware of this. Yes they took a risk, made the dumb mistake and are paying the price for it, but you seem to be either scraping the barrel to add extra salt for no reason, or you're genuinely not that familiar with the subject of phishing and should perhaps consider that when shaping your tone in reply. :P

5 years ago
Permalink

Comment has been collapsed.

Yes, exactly that. Every step, the "affiliated login system to link accounts" was what I appeared to be using, as I do to log in on Steamgifts and many other sites, so they clearly were "looking as if it is from a legitimate organization". So: Phishing.

5 years ago
Permalink

Comment has been collapsed.

Easy to answer. After I ckicked on the "Log-in through Steam" button that appears on so many sites, just like this one, the log-in to steam prompt appeared and it appeared to be the usual steam-login prompt. I even got the mobile authenticator pop-up. So, at that point I thought I was loggin in on Steam, not on the suspicious site itself. Which in turn would provide access to the site.as I have said many times. I think you are aware that's the same process one has for logging in on this very Steamgifts site, right?

5 years ago
Permalink

Comment has been collapsed.

Which site, nsme only

5 years ago
Permalink

Comment has been collapsed.

pubgg-free

5 years ago
Permalink

Comment has been collapsed.

figures...I've had a few people send me the same message about free XXX$$ in PubG , Cs:GO and something else...usually followed up in a few days with "OMG so sorry, I got hijacked."

5 years ago
Permalink

Comment has been collapsed.

yup, so dumb. Thing is I rarely pay attention to those things, and I should have realized as soon as the prompt asked for my username smh. As a usual trader, I'm used to ppl I barely know sending me random things but for some reason either I didn't pay attention to them and/or they hadn't ever been harmful before.

5 years ago*
Permalink

Comment has been collapsed.

What I do not get is that I too get friend requests again from accounts that I highly suspect want to spread those links, even though I have zero MP-only games, zero Valve games, zero BR games, and zero seconds logged in multiplayer of anything.

5 years ago
Permalink

Comment has been collapsed.

Damn. These fuckers got their methods

5 years ago
Permalink

Comment has been collapsed.

Omg mate! Nothing is free a not games like this. It must be obvious to you it will be scam :/

5 years ago
Permalink

Comment has been collapsed.

I know, I know. I'll flagellate myself later. Was supposed to be a site where you did stupid actions like watching ads and subscribing to stuff to get pubg items

5 years ago
Permalink

Comment has been collapsed.

Good

5 years ago
Permalink

Comment has been collapsed.

Barely a week old, registered in Russia, promises free keys.
Probability of being legit: we had to invent actual negative probability, defying centuries of established mathematical laws.

5 years ago
Permalink

Comment has been collapsed.

why russia is a high risk country ? isnt that calling out ?
just kidding

5 years ago
Permalink

Comment has been collapsed.

sad, what is the point of the authenticator if anyone can remove it ?

5 years ago
Permalink

Comment has been collapsed.

I guess it's like everything, more security equals more nuisances for the majority of users, a more strict protocol to change/remove passwords, emails, auth, etc. would avoid some situations like this, and as such it would be easy (and wrong) for me to blame Valve for this, but it's also true that it would be bothersome when honest users just need to remove/change one of these things for any number of reasons.

Everyone can do things better, Valve could have more secure methods, I, ofc, should be more vigilant about the sites I try to log in on... but when it's all said and done, neither Valve nor I are to blame for this shit. Fucking thiefs and scammers are.

5 years ago
Permalink

Comment has been collapsed.

Its not easy to remove it. The point is, he seems not using it. Losing the account is quite impossible.

5 years ago
Permalink

Comment has been collapsed.

I use the authenticator to log in every time. In fact, right after the apparent-Steam prompt asked for my user/pass, I got the usual popup Steam mobile auth window, only when I entered the code, it said it was wrong, then a second time. By that time I realized something was wrong, and tried to log in on Steam-Steam, they had already changed my email, my password and removed my authenticator in the span of 1-2 minutes.

5 years ago
Permalink

Comment has been collapsed.

in the span of 1-2 minutes

Bots are fast :)

5 years ago
Permalink

Comment has been collapsed.

They can't though.... "Log in through steam" doesn't give them your info. You can't log in... OP is lying I feel. he used his real log in and then his authenticater. No way they can "hack" it.

5 years ago
Permalink

Comment has been collapsed.

you used Steam Mobile Authenticator?

5 years ago
Permalink

Comment has been collapsed.

Yes. As I just said to the user above, right after the apparent-Steam prompt asked for my user/pass, I got the usual popup Steam mobile auth window, only when I entered the code, it said it was wrong. Then I tried to go and log in on Steam and I was already locked out by that time and the authenticator removed.

5 years ago
Permalink

Comment has been collapsed.

ok this is hard, so this Authenticator is basically useless.

5 years ago
Permalink

Comment has been collapsed.

No, it's not. You just NEVER EVER log into ANY site with your steam info unless it's actually STEAM.

That's what the "log in with steam" green button is. It "logs" you in without sharing ANY of your information.....

5 years ago
Permalink

Comment has been collapsed.

ok thx for clarifying.

5 years ago
Permalink

Comment has been collapsed.

My friend´s account was stolen as well.. he wrote on steam support and they gave his account back to him so just try to contact support and I guess your account will be returned to you. :) GL buddy.

5 years ago
Permalink

Comment has been collapsed.

Thanks

5 years ago
Permalink

Comment has been collapsed.

What happen to ur authenticator

5 years ago
Permalink

Comment has been collapsed.

You didn't see the post above 'cause I just wrote it, so I'll repeat it here: right after the apparent-Steam prompt asked for my user/pass, I got the usual popup Steam mobile auth window, only this time, when I entered the code, it said it was wrong. Then I suspected and tried to go and log in on Steam and I was already locked out by that time, and the authenticator removed.

5 years ago
Permalink

Comment has been collapsed.

Wow, that shows how useless the authenticator actually is. You don't pay attention to where you log in and there you go.

5 years ago
Permalink

Comment has been collapsed.

I was logging in a somewhat suspicious site, as one often does when you're a SG user,
nice generalization, not everyone give away his login info like that...

5 years ago
Permalink

Comment has been collapsed.

What a useful advice! This really help to him ;)

5 years ago
Permalink

Comment has been collapsed.

at this point, I think OP realized their mistake themselves and don't need any advice

5 years ago
Permalink

Comment has been collapsed.

I didn't mean the giving away the login info, ofc that was dumb, I meant a lot of legit websites and also some suspicious-looking ones use the "log-in through steam" button and it's everyday stuff for instance for SG users, and it's normally ok and safe. If it wasn't, I had had my account phished much earlier.

5 years ago
Permalink

Comment has been collapsed.

Actually the part which bother me is "somewhat suspicious site". You knew from the beginning it was suspicious ?
With a bit of research, you can easily find SteamGift is not suspicious, so I don't really understand the parallel.

Nice to see you got your account back btw

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

5 years ago
Permalink

Comment has been collapsed.

Yeah, thanks, I'm sorry, I noticed after I got it back a couple of hours ago. I'll add you back now that it's safe if it's ok with you.

5 years ago
Permalink

Comment has been collapsed.

It's really sorry to see that your account got stolen hope this is a lesson to everyone here not to fall for free items(barred SG:)).i wish you get your account back soon.

5 years ago
Permalink

Comment has been collapsed.

Indeed. Thanks. I got it back.

5 years ago
Permalink

Comment has been collapsed.

This is a good reminder that you can put as many locks on your door as you want but if you blindly unlock them all every time someone knocks on your door the thief just has to knock to be let in.

Always look twice and thrice to make sure the site you are entering your data into is an official steam site. Never log in to suspicious sites without first verifying they are okay by searching the internet for information about them. Never give any site but steam your login credentials - all external sites should log in through the Steam authentication system which doesn't give them access to your details.

Steam is a high profit target for all sorts of bad guys and you only need to make one mistake to lose everything, so maybe consider an extra time if that suspicious site is worth accessing at all!

5 years ago
Permalink

Comment has been collapsed.

All true, of course.

5 years ago
Permalink

Comment has been collapsed.

This post need to be highlighted

5 years ago
Permalink

Comment has been collapsed.

Let me add
Don't trust anything too good to be true

most ppl always tricked by this kind

5 years ago
Permalink

Comment has been collapsed.

¿Pero dónde te has metido? Prueba el subreddit de steam, que a veces son más rápidos que el propio sistema de atenciones de valve.

5 years ago
Permalink

Comment has been collapsed.

Pues hay que decir que se han portado, hace un par de horas que ya he recuperado mi cuenta.

5 years ago
Permalink

Comment has been collapsed.

Me alegro

5 years ago
Permalink

Comment has been collapsed.

Gracias

5 years ago
Permalink

Comment has been collapsed.

How did they bypass the 2FA/Steam Guard ??
Even if they had your log in details, they would still need the 2FA code to log in and change anything, which they can't have without access to your email/mobile

5 years ago
Permalink

Comment has been collapsed.

Yeah, that part is really weird. I did have the mobile auth on, and they didn't access my email. Maybe they used the auth key somehow ehn I tried to enter it.

5 years ago
Permalink

Comment has been collapsed.

I'm guessing they were passing data provided by OP into real Steam session on their servers. They asked for login & pass, op provided it. They asked for Steam Guard code, op provided it.

5 years ago
Permalink

Comment has been collapsed.

That's why you stay always logged on Steam on your browser. If a legit site wants to auth with it, it's just single click. If it asks for user/pass and the browser remembers them, it's a legit site. If it asks and doesn't remember, it's a fake site.

5 years ago
Permalink

Comment has been collapsed.

True

5 years ago
Permalink

Comment has been collapsed.

So correct. and the way i use !

5 years ago
Permalink

Comment has been collapsed.

It is true. BTW: for last week I dont know why firefox started to ask for my logins every day, before it it asked after looong time. It is something strange and potentially dangerous but dont know why it is in that way...

5 years ago
Permalink

Comment has been collapsed.

This happened to me a few years ago. I dunno the cause but I would guess some kind of corrupted settings file. I reinstalled Firefox and that fixed it.

5 years ago
Permalink

Comment has been collapsed.

Thx for this guess. Will try to check some things :).

5 years ago
Permalink

Comment has been collapsed.

Do you have a Mozilla account? Having an account with universal settings that follows you from device to device cuts down on hassles like that, just a thought.

5 years ago
Permalink

Comment has been collapsed.

Yes, but I have it from some time and this logging thing happened recently. So far i noticed it only in firefox, on chrome and steam client it looks like before. Maybe will try to manual clear cookies (maybe corrupted or something)

5 years ago
Permalink

Comment has been collapsed.

UPDATE: Steam Support have done a good work after I provided all the info they needed and I got my account back a couple of hours ago, up and running now Mobile Auth and all. Kudos to them.

5 years ago*
Permalink

Comment has been collapsed.

It's good to hear that. I'm happy for you.
Did they explain to you how your scammer got around steam guard?

5 years ago
Permalink

Comment has been collapsed.

Thanks. No, they just told me they changed the password, sent me the new one so I could recover and told me to activate steam guard again asap.

5 years ago
Permalink

Comment has been collapsed.

congratulations :)

5 years ago
Permalink

Comment has been collapsed.

Thx

5 years ago
Permalink

Comment has been collapsed.

Looks good enough, even they buy whois protection for their domain

too bad I can easily noticed it since I've used Password manager
if it's a real steam site, my id and password should've been filled

View attached image.
5 years ago
Permalink

Comment has been collapsed.

True

5 years ago
Permalink

Comment has been collapsed.

100% Fake. ¡¡¡Yeah!!! look that address!!!

5 years ago*
Permalink

Comment has been collapsed.

Yeah obviously I wasn't paying close attention, I should have noticed the url

5 years ago
Permalink

Comment has been collapsed.

Good news..

got any suspect?

5 years ago
Permalink

Comment has been collapsed.

Yeah a guy I befriended recently for trading purposes and is publicizing the fraudulent site that got me. Ofc there's a chance he was a victim too, they used my account while they got it to spam more of that shit to my friends.

5 years ago
Permalink

Comment has been collapsed.

Oh, that's bad.
I think you need to warn your steam friends about this

5 years ago
Permalink

Comment has been collapsed.

I already have

5 years ago
Permalink

Comment has been collapsed.

I told ya ;)

5 years ago
Permalink

Comment has been collapsed.

You did :)

5 years ago
Permalink

Comment has been collapsed.

congratz :)

5 years ago
Permalink

Comment has been collapsed.

nice

5 years ago
Permalink

Comment has been collapsed.

How did you recovered the account....the whole process? It would be helpful

5 years ago
Permalink

Comment has been collapsed.

https://help.steampowered.com/en/wizard/HelpWithAccountStolen

Now, the issue I was having now was that the steam support page above was asking me to confirm my email account to start the recovery process... but ofc that email account had been changed... then asked me to enter my password instead... which had already been changed too, AND they had removed my authenticator aswell, so I was on a loop and there was no way to start the recovery process.

Finally, I figured out that I had to click on "forgot password" on that last instance, then they suggested to lock my account, which I promptly did, and then after looping through the same process again ("I can't have access to that email", then "forgot password", it finally got me to the form page, where I was able to enter my personal info, billing, paypal transaction IDs, CD-keys etc. as proof of ownership of my account. I submitted all the info they required and after a couple of hours they sent me an email with my new password so I could have access to it again.

5 years ago
Permalink

Comment has been collapsed.

I just noticed an early Steam email among the many I got today, when they got my account and deactivated Steam Gurd mobile authenticator:
"Dear lucaskane_qd
The Steam Guard Mobile Authenticator has been removed from your account, using an SMS code that was sent to your phone."

How on earth did they manage to do that from Russia? o__O

5 years ago
Permalink

Comment has been collapsed.

There is a deactivation code for emergencies. It may have been in an old email. Ir is for people who no longer have access to their phone, so they probably just worded that poorly, but it's hard to say.

5 years ago
Permalink

Comment has been collapsed.

Also, sign into Steam from the steamcommunity so that you won't have to input your credentials into any site. Even steamgifts. You never know when there's some type of site hijacking. :)

5 years ago
Permalink

Comment has been collapsed.

https://support.steampowered.com/kb_article.php?ref=8625-wrah-9030#sold
"Help, I lost (or sold) my phone and can't log in! What do I do?"

"If you no longer have access to your phone and don't have your recovery code, you'll need the assistance of Steam Support. Use the "Help me with my issue" button at the top right of this page to get help removing your authenticator. If you don’t have access to the email address that is currently associated with your Steam Account please provide proof of account ownership within your ticket."

-

SPECULATION: The mobile authenticator number rolls over every ~20-40 seconds I believe. Its possible that once they had your authenticator and access to your account, the website/bot applied for a change of email address, which asked it to input your mobile auth which they already had. Then they removed the authenticator, which sent a request to the new email address and or used the currently existing token.

Now I would -think- that the people working security for Steam were smart enough to make sure that an authenticator code couldnt be used more than once, or to authenticate multiple things in rapid succession, but thats an oversight that I could imagine might exist.

-

For everyone wondering how this could happen: The issue is that he gave his username, password, and authenticator response to the site unwittingly. He assumed he was logging in on Steam when actually he was logging in on the phishing site that made it look like he was logging in on Steam. Mobile auth stops brute force hacking attempts, but why bother to hack someone with complicated tools when simple social engineering / manipulation can get you legitimate info without all the work?

There are only two places you ever enter your login info into on Steam:
1: Directly from the Store page.
2: Directly from the Community page.

For everywhere else you use the green 'Signin with Steam' button, and if it ever prompts you for a username, password, email, or authenticator, you close the site immediately because its trying to steal your information.

5 years ago
Permalink

Comment has been collapsed.

Yeah, thanks for the advice.

You almost have to give the bastards credit for finding loopholes to bypass mobile auth,

5 years ago
Permalink

Comment has been collapsed.

I wonder how many ppl do similar thing with their bank accounts.

One reason i no longer use quick money transfers to paypal. They require to enter your bank login credentials on third party website...

5 years ago
Permalink

Comment has been collapsed.

On a legit site they redirect you to Paypal to process your transfer. Entering login credentials on the site itself seems very fishy.

5 years ago
Permalink

Comment has been collapsed.

I second that legit sites redirect to Paypal for all transaction info until final payment processing. Might want to avoid a site that doesn't.

5 years ago
Permalink

Comment has been collapsed.

I meant paypal itself. I manually transfer money to PP. It used to be done using Blue Media that redirected to bank website itself for login and then used token.

But now PP switched to trustly that requires entering bank login credentials on trustly website itself.

Its against my bank regulations. If common sense is not enough ;)

5 years ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.