I have no idea what happened...

First some guy added me to trade a "card" (ignored him) and told me to add his other account (he has at least 4 accounts) next thing I know I'm logged out of Steam and it says I was logged in from Ukraine and that the person entered Steamguard correctly. But my eMail account associated with Steam says the last logged in countries are only Israel (I'm from Israel, so nothing suspicious about that)

Of course I changed passwords for both my Steam and my eMail, but what the fuck just happened? and maybe this could've turned out much worse if I haven't been awake at 4:45 AM!?

Is my account vulnerable to further "damage" now!?

P.S. MY WHOLE INVENTORY IS FUCKING GONE.

I realized this might be due to phishing.

P.S.S. Luckily I have all information about said guy including his Phishing link, the profile to which he sent all my stuff... I just need to know how I can find out his IP? (Also, this is just in time for my birthday and he stole the stuff I meant to giveaway on it -__-)


Some people say this is obviously missing information.

Well, at first I wrote this post before I discovered I really was hacked and my inventory was gone, and I got more and more information after this post was opened.

I will now gladly tell you what happened, as copied from my much more informed S.Trades warning.

@#% added me and told me to add his main account. That was actually a phishing link to a fake Steam page. His supposed real account's name is $$$!$$% and if you search on Steam you will only find 2 accounts sharing that link. Well, it's pretty late at night (5 AM and I was about to go to sleep just the moment he asked me to trade) so I entered the link and logged in, some how he got through Steamguard (He did not enter my eMail, because my eMail account says it was only acessed from Israel , and as some guy suggested he did not keylog me or something because I only changed passwords about 10-20 minutes when I finally realized what happened, and I did not turn off Steamguard because that's a stupid thing to do) and a second later I have no inventory items except for 3 emoticons and all my unvaluable TF2 items.

I currently have all information about him including his profile link, his fake phishing link, a list of all my items stolen + a picture of the list to make sure. All of this wouldn't have been possible if he hadn't forgotten to freaking block me (I think he's still in my friends list).

4 years ago*

Comment has been collapsed.

Turn on Two-factor authentication for your email if it has it. Open a Steam support ticket too.

4 years ago
Permalink

Comment has been collapsed.

No, the thing that's confusing me is that no one else accessed my eMail!

4 years ago
Permalink

Comment has been collapsed.

wow.. sorry to hear about that.
do you still have access to your account? if so, check gift / trade history to see where your inventory went.

4 years ago
Permalink

Comment has been collapsed.

I have access, thanks for the idea!

I now clearly know who the thief is.

4 years ago
Permalink

Comment has been collapsed.

ok. report the thief, and try to provide as much proof as possible

4 years ago
Permalink

Comment has been collapsed.

Just found who he is.

4 years ago
Permalink

Comment has been collapsed.

Must be just a glitch, wait it out.

4 years ago
Permalink

Comment has been collapsed.

Nope, confirmed phishing link.

4 years ago
Permalink

Comment has been collapsed.

What was the nature of the phishing link? Obviously don't share the exact link, but what did it purport to be? I ask because I had a similar thing happen where someone got onto my Steam account and traded off some of my TF2 items (and oddly bought 2 keys on the marketplace, which I could resell now for a profit, but whatever). Only, I can't recall clicking any phishing links or signing in with my steam information anywhere recently.

4 years ago
Permalink

Comment has been collapsed.

How can you sell two keys from the marketplace for a profit? Someone must have listed it wrong because market price is 30%+ real trade price.

4 years ago
Permalink

Comment has been collapsed.

think he meant the guy that robbed him left 2 keys behind who's market value is higher than what was taken so ushsam sold them?

4 years ago
Permalink

Comment has been collapsed.

He used my steam wallet funds to buy 2 keys for $1.80 a piece on the marketplace. Now they are selling for $2.18, which would give me $1.90 back after Valve takes their cut. They are still in my inventory, though, as I am waiting for a response from support.

4 years ago
Permalink

Comment has been collapsed.

It looked just like the regular Steam home page but in Russian (which made sense to me because I only use Steam on my browser to see Russian store prices.)

4 years ago
Permalink

Comment has been collapsed.

Check IPs logged in from.

4 years ago
Permalink

Comment has been collapsed.

Where can I see that?

4 years ago
Permalink

Comment has been collapsed.

Go to your email and there should be an unsuspected activity thing or something from Steam and their Ip address should be provided within the email

4 years ago
Permalink

Comment has been collapsed.

Nothing like that, sadly :(

4 years ago
Permalink

Comment has been collapsed.

Aw Idk :( It's quite weird how he didn't have to access your email for Steamguard o.O maybe he knew where you were from and changed his IP xD? Try restoring deleted emails and see if he deleted the Steamguard email

4 years ago
Permalink

Comment has been collapsed.

How do I restore emails? :)

4 years ago
Permalink

Comment has been collapsed.

Do you use hotmail :3? I never really use the other messengers, but I think both yahoo and google has them. To restore for hotmail you only need to go to Deleted and somewhere inside or near the Deleted window, a highlighted restore your deleted emails SHOULD be there :3.

Edit: For Outlook/Hotmail

4 years ago
Permalink

Comment has been collapsed.

This is all the Steam email will say:

Dear [your email],

We've received a request to access your Steam account from a new computer or web browser. To complete this process, enter the following special access code into the authorization dialog before trying to log in again:

[Authorization code] If you did not attempt this action, please change your password immediately.

Thanks for helping us maintain the security of your account.

The Steam Support Team http://www.steampowered.com

4 years ago
Permalink

Comment has been collapsed.

I'd advise you to deauthorize all other computers.

4 years ago
Permalink

Comment has been collapsed.

oh.. maybe when he told you to add his other account he provided a link to it, then you had to provide your username and password to login again. that was probably it.

edit: yeah, again. really sorry to hear that, especially with your birthday coming and stuff :/

4 years ago
Permalink

Comment has been collapsed.

Tell steam support. Maybe they can do something. Hopefully they could restore your inventory.

4 years ago
Permalink

Comment has been collapsed.

Well from what I heard about them being lazy shitheads, guess I won't do my birthday giveaways in time.

4 years ago
Permalink

Comment has been collapsed.

They're neither "lazy" nor "shitheads". The team for millions of player is quite small and need time to reply. Needless to say when they reply you're problems are fixed

I can't see anyone else helping you here.

4 years ago
Permalink

Comment has been collapsed.

Than Valve is cheapskate who doesn't want to spend money to hire few more people so wait time wouldn't be few days.

4 years ago
Permalink

Comment has been collapsed.

I've usually found them to offer unhelpful solutions and be inappropriately snarky.

4 years ago
Permalink

Comment has been collapsed.

+1

4 years ago
Permalink

Comment has been collapsed.

I'm not sure if its fixed but it says that you have 96 items in your inventory before actually seeing it. Which then goes to 0 items (probably because inventory is set to private)

4 years ago
Permalink

Comment has been collapsed.

That's including all my game items in TF2... He only took 3 genuines from TF2 but the rest is some Steam gifts I had in my inventory and tons of cards.

4 years ago
Permalink

Comment has been collapsed.

This just happened to me too, i opened that phishing site but didn't logged it...

I just reported the guy to steamrep.

4 years ago
Permalink

Comment has been collapsed.

That is interesting that with Steamguard enabled he was able to enter your account. Raises a question if there's a way to circumvent Steamguard's authentication out in the wild.

Also, keep your inventory hidden to everyone. Nobody needs to know just exactly what you have on you.

4 years ago
Permalink

Comment has been collapsed.

Thanks for the advice :o I should do that too

4 years ago
Permalink

Comment has been collapsed.

There must be some trick, because a similar thing happened to me a few days ago, and the Steamguard email was found sitting in my deleted items folder. Wasn't deleted by me and even if they had my Steam password somehow, my email password was different.

4 years ago
Permalink

Comment has been collapsed.

Hrm. Did you check the logged in log for another IP address?

There's the possibility they're also hijacking your PC I guess, but I don't know how easy that is, much less via a phishing link.

4 years ago
Permalink

Comment has been collapsed.

Just means they have both, which probably means you logged in to your email and steam on a compromised PC. Net cafe perhaps?

4 years ago
Permalink

Comment has been collapsed.

I don't think is that difficult to circumvent SteamGuard, complicated yes but not impossible.

One way is to grab the cookies used to mark "safe" browser/computer, spoof the target IP, some other technical details, but not much more than this. Another way is to grab the SteamGuard through the pishing page, but that would require that the attacker to log in at steam to trigger a email on the target.

Is possible, probably more complicated than that's the essence.

I never understood some of SteamGuard's behavior, some times I got 2 different codes after I tried to log in 2 times in 3 minutes on the other hand one day I tried to log in 3 times with 5 min between each other and receive the same code!

I think his computer was compromised and he was unaware of that!

4 years ago
Permalink

Comment has been collapsed.

Damn man, sorry to hear that :/

4 years ago
Permalink

Comment has been collapsed.

Thieves are so wild this days.

4 years ago
Permalink

Comment has been collapsed.

I'm sorry to hear. I hope it gets fixed and that you get all your stuff back. Hate to see those b*tards get away with things like these.

4 years ago
Permalink

Comment has been collapsed.

I guess everybody here is scared now...

4 years ago
Permalink

Comment has been collapsed.

Now imagine if the lawsuit against Steam is passed and all games in the library can now be resold/traded. Not only your inventory would've disappeared, but your library too. o.o

My worst fear, realized.

4 years ago
Permalink

Comment has been collapsed.

Yeah, okay... I'm afraid to have Steam now. I mean, literally all of the games I actually play are on Steam.

Someone hold me ;_;.

4 years ago
Permalink

Comment has been collapsed.

Well I hope that they would beef up their customer support if that happened.

4 years ago
Permalink

Comment has been collapsed.

Steam Support isn't really that great, to be honest. I have yet to actually encounter the emotionless monster, but there's too many complaints about it.

4 years ago
Permalink

Comment has been collapsed.

I've gotten a few replys like this:


Hello Jason,

We apologize for the delay.

Thank you for taking the time to report this issue.

We are aware of the problem and are investigating the issue further.


This just means that they don't know what happened and it's out of their hands.

4 years ago
Permalink

Comment has been collapsed.

They could at least say that, although the ones getting the message already know it.

4 years ago
Permalink

Comment has been collapsed.

While a portion of customers are just fine being told the truth that X company has no recourse or solution due to any number of external factors, a lot more fly off the handle if you even hint that you cant fix their problem.
This is why you often get 12 different canned responses, all giving you no actual information.

4 years ago
Permalink

Comment has been collapsed.

Yeah, but the ones that fly off the handle probably hate the company anyways.

4 years ago
Permalink

Comment has been collapsed.

Parts of the story are obviously missing.

4 years ago
Permalink

Comment has been collapsed.

Which parts, pr0n?

4 years ago
Permalink

Comment has been collapsed.

Probably ones about clicking some strange links.

4 years ago
Permalink

Comment has been collapsed.

The part, when he admits, he clicked on a phising link, then entered both his username and password.

4 years ago
Permalink

Comment has been collapsed.

Probably also the part where he disabled steamguard.

4 years ago
Permalink

Comment has been collapsed.

Why would I disable Steamguard? I'm not a retard.

4 years ago
Permalink

Comment has been collapsed.

..

"..that was actually a phishing link to a fake Steam page.. so I entered the link and logged in"

If you're not retarded, why did you do this? He got your username and password like this, and probably a copy of your local cookie made by Steam to get past Steamguard (as in, never be asked for a code, at all).

4 years ago
Permalink

Comment has been collapsed.

You must have clicked on a FREE GAMES link.

4 years ago
Permalink

Comment has been collapsed.

I wrote exactly what happened up there.

4 years ago
Permalink

Comment has been collapsed.

If you pressed phishing link it's your fault and you got what you deserve. Nothing more to say.

4 years ago
Permalink

Comment has been collapsed.

Yes, it was unwise of him to visit a phishing site. However,

"The other premise is that people who are fooled are gullible. We've heard from lots of people. That's not true. Anybody can be fooled. No matter how smart you are, no matter how much you know, there is always sombody out there who could know more than you and can exploit that knowledge to fool you in some way. I wouldn't blame the victim. That's the allure, the trap, to blame the victim."

―Steven Novella

That's something I very much agree with.

4 years ago
Permalink

Comment has been collapsed.

It's not about who is smarter. It's about who is not smart enough to know that this is wrong and it's phishing. If scammer/hacker/phisher takes your account without your actions involved, then it sucks and nothing you can do. But if your actions where there to help him, then it's your fault.

I don't even can think at least one way how he could trick someone to press some stupid link and login there with your steam account.

4 years ago
Permalink

Comment has been collapsed.

So if I trick you into giving me everything you own, you admit that you have no problem with that because "you got what you deserve"?

4 years ago
Permalink

Comment has been collapsed.

No one says there's no problem. It's just it's his own problem and he got what he deserves. Next time he will try to use brains at least one time. He is lucky that it was steam account, not bank account.

4 years ago
Permalink

Comment has been collapsed.

i think thats a challenge...give him what he deserves ppg113

4 years ago
Permalink

Comment has been collapsed.

Dudeee, that must be so fking horrible, I can't imagine my reaction if i get Hijacked like that, i think im going to start taking more precautions with my account.
PS. Sorry about your loss :(

4 years ago
Permalink

Comment has been collapsed.

i hate to tellyou this but is you don't check the address page you enter your details you deserve your fate

4 years ago
Permalink

Comment has been collapsed.

Man, that hurts, thats why I don't add randoms, not worth the risk.

4 years ago
Permalink

Comment has been collapsed.

Your inventory has a trade history. You can see what account took your items. Are you sure you didn't click a link, wich looked just like steam login page? They do that often. I always double check, that it has https in the adress. If not, I know it's a scam and type somethig inappropriate to name and password and then it asks for the steam guard! xD The hacker must be dendi...

4 years ago
Permalink

Comment has been collapsed.

I would've checked but it was 5:00 AM :O

4 years ago
Permalink

Comment has been collapsed.

If you don't already... use different passwords for your e-mail account vs. other things (i.e. Steam). have Steam send the notification e-mails to a separate e-mail, not the one you login to Steam with.

4 years ago
Permalink

Comment has been collapsed.

+1 this is what I do

4 years ago
Permalink

Comment has been collapsed.

Phising link. Not even GAben can help you because of your own mistake and ignorance.

4 years ago
Permalink

Comment has been collapsed.

^^ This And the stupidity...

4 years ago
Permalink

Comment has been collapsed.

Looks like that when he passed you that "link", it was a false steam link where you entered your password or maybe some torjan that stole both your steam + email info when you changed it while in panic(they record your typing), if you would only changed your steam password maybe he would not get his hands in both so soon.

Im sorry what happened,also try to clean your PC as fast as you can with updated antiviruses/spyware detection software(even with trials it works).

4 years ago
Permalink

Comment has been collapsed.

Yep, you clicked a phishing link. Gotta be careful with those yo.

4 years ago
Permalink

Comment has been collapsed.

Closed 4 years ago by vcvc8.