I almost got scammed today :: Steam Discussions

All Discussions > Steam Forums > Steam Discussions > Topic Details

Dosendusche 10 hours ago

I almost got scammed today

I almost never get scammed but today was the day and it was very close. After a long and exhausting day at work it was very convincing to me because i don't know how steam support would normally contact you. Basically never having issues here...
Anyway i found my account blank, all my friends blocked, my profile pic removed, profile completely blank and stuff. Ducking scary if you ask me. So one guy impersonated a steam employee and asked me a lot of stuff about my account because he wanted to "verify it was me". You might already see where this goes but let me explain. They could also "uninstall" games from my pc. With that they wanted to "verify" that they are real. I asked multiple timesbif they could provide any proof like sending me a mail from a steampowered domain. They never did... so yeah i'm stupid i know. I just realised, after they asked me to join a family sharing thing as child (like wtf?! WHY would steam support need to do this.), that everything they did is possible having a session token and access to the api. So i called the bluff reset my password and got to damage control. Funny enough no real damage done because of steam protection stuff.
But how did they get the session token? Well windows defender found a virus and deleted it just in time before I changed my password. A lot of work for something worth 20 bucks or whatever. I will now reinstall my operating system maybe it is time for me to switch to a linux dist after all.

Experienced users might laugh at me and completely rightful so as i realised how ♥♥♥♥♥♥♥ scammy everything of that sounds. Anyway lesson learned.

Be safe out there, don't be so stupid like me, don't get scammed guys.

< >

Showing 1-12 of 12 comments

Ben Lubar 10 hours ago

Originally posted by Dosendusche:
I almost got scammed today

Congratulations on not quite getting scammed today!

cSg|mc-Hotsauce 9 hours ago

Basically everything mentioned on every official Valve employee profile page...?

https://gtm.steamproxy.vip/id/pilor

Dosendusche 4 hours ago

Originally posted by cSg|mc-Hotsauce:
Basically everything mentioned on every official Valve employee profile page...?

https://gtm.steamproxy.vip/id/pilor

:nkCool:

I'm stupid yes.
I did not know, now i know. Thank you. I just use this to play games after work.

Dan5000 3 hours ago

It is basically the same for every kind of platform in every kind of environment. No specific knowledge for Steam, but basic knowledge for navigating the internet.

Lilim 45 minutes ago

Originally posted by Dosendusche:
...everything they did is possible having a session token and access to the api. So i called the bluff reset my password and got to damage control...

Take all of the following steps to secure your account:

1. Scan for malware. If you don't have a malware scanner use https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://gtm.steamproxy.vip/dev/apikey

Dosendusche 45 minutes ago

Originally posted by Dan5000:
It is basically the same for every kind of platform in every kind of environment. No specific knowledge for Steam, but basic knowledge for navigating the internet.

You are correct of course but: having a session token and using it to do stuff/to scam that user might actually be steam specific as far as i know. On GOG this kinda stuff would not really work, on social media your account just starts posting weird ♥♥♥♥.
Not every platform has a public api that can be used to trick a user. I guess very few have that.
I think this specific attempt is very much steam only.

On the other hand loosing a session token could do much more damage on other platforms if they are not that secure. Since apparently they could not login to the steam account with just that token. Better than most platforms. loosing the session token is basically on me not checking for viruses before that.

deeper 42 minutes ago

OP, do you know where you picked up the virus?

Dosendusche 17 minutes ago

Originally posted by deeper:
OP, do you know where you picked up the virus?

Yes sadly i do know. Yes i will just wait for next steam sale instead.

Dosendusche 15 minutes ago

Originally posted by Lilim:
Originally posted by Dosendusche:
...everything they did is possible having a session token and access to the api. So i called the bluff reset my password and got to damage control...

Take all of the following steps to secure your account:

1. Scan for malware. If you don't have a malware scanner use https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://gtm.steamproxy.vip/dev/apikey

Ah yes malwarebytes. Totally forgot that name thank you for linking that again. I did it with windows defender for now but the other stuff is done.

Lilim 13 minutes ago

Originally posted by Dosendusche:
Originally posted by deeper:
OP, do you know where you picked up the virus?
Yes sadly i do know. Yes i will just wait for next steam sale instead.:lkbc_kitty:

What do you mean? Has the scammer "removed" games from your account?

#10

Dosendusche 9 minutes ago

Originally posted by Lilim:
Originally posted by Dosendusche:
Yes sadly i do know. Yes i will just wait for next steam sale instead.

What do you mean? Has the scammer "removed" games from your account?

No they didn't. You know i tried to dust off the old pirate hat but i'm too old now i don't understand that kind of stuff anymore i guess. That is what got me.

#11