All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
This topic has been locked
Maximilian Kohler 24 Apr, 2020 @ 5:29pm
Major issue with irreversible damage from a phishing scam
I fell prey to a recent phishing scam that takes control of a friend's account and asks you to vote for their CS team. It sends you a link, and once at the link it prompts you with a Steam Authentication login. Using that authenticated login lets them access your account, and the same phishing/scam messages & link get sent to your friends. Thus it spreads exponentially.

The Damage:

After the scammers send the messages and links from your account to your friends, it deletes and blocks them. I lost dozens of friends I've had for over a decade and there is no way I can remember or find them all. I can't even find the friend that I originally got the spam link from. Doing a steam friend search for his name gives me thousands of results, and I can't even filter that by country.

It seems like this would be relatively easy for Steam to reverse. They could:

* Reverse all actions taken on an account during a certain timeframe.
* Reverse all actions taken by the scammers.

Scams on Steam are quite common over the 15+ years I've been on it. It would seem like they would be quite experienced and adept at dealing with them and reversing the damage.

When I view my account information there is quite a lot of information there, and I can even see that the scammers were in Russia.

However, Steam support tells me they do not log the required information to reverse this friend-list-damage. If this is the case, I will have permanently lost dozens of long-time friends.

In what seemed like a stroke of luck, I discovered that the scammers also block the friends they deleted. I looked for a block list and there is none on my end. I again assumed that Steam would be able to access a block list on their end and use it to reverse the damage, yet in the reply I received they indicated they would be unable to do this.

I cannot stress how big of an issue this is. I am also quite appalled that after all these years of common scamming on Steam that they have not implemented ways to reverse the damage of bad actors.

Screenshot of Steam support discussion: https://i.imgrpost.com/imgr/2020/04/24/Annotation-2020-04-24-170550.png
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by FFL2and3rocks:
Originally posted by Don't click link, its spam:
In what seemed like a stroke of luck, I discovered that the scammers also block the friends they deleted. I looked for a block list and there is none on my end.

From your profile, click Friends, then Blocked on the left.
< >
Showing 1-15 of 25 comments
Satoru 24 Apr, 2020 @ 6:40pm 
Scam are all avoidable

You are responsible for your account security

Don't blame steam because of your greed
#1
The author of this thread has indicated that this post answers the original topic.
FFL2and3rocks 24 Apr, 2020 @ 6:46pm 
Originally posted by Don't click link, its spam:
In what seemed like a stroke of luck, I discovered that the scammers also block the friends they deleted. I looked for a block list and there is none on my end.

From your profile, click Friends, then Blocked on the left.
#2
Brian9824 24 Apr, 2020 @ 7:37pm 
That would require steam to try to track and save every action ever done as steam doesn't know when you were guilable enough to give away your credentials
#3
Maximilian Kohler 25 Apr, 2020 @ 9:07am 
Originally posted by Satoru:
Scam are all avoidable

You are responsible for your account security

Don't blame steam because of your greed
What an idiotic and unrelated statement. Greed had absolutely nothing to do with this. The scam was asking people to help their friends with a vote.

It's also idiotic to say that users should be fully responsible for their accounts and Steam has no responsibility in protecting their users from scams. Virtually every other major company I've interacted with has extensive anti-scam mechanisms and reversibility.

#4
cSg|mc-Hotsauce 25 Apr, 2020 @ 9:09am 
You might want to read up on the API scam...

https://www.reddit.com/r/GlobalOffensiveTrade/comments/a5t6kc/psa_huge_csgo_youtuber_fell_for_the_fake_site/

https://forums.steamrep.com/pages/hijacking/

:qr:
#5
Maximilian Kohler 25 Apr, 2020 @ 9:15am 
Originally posted by FFL2and3rocks:
From your profile, click Friends, then Blocked on the left.
Thank you so much. What an extremely good stroke of luck. And Pretty sad that Steam Support wasn't aware of this.
#6
Crazy Tiger 25 Apr, 2020 @ 9:19am 
Originally posted by Don't click link, its spam:
It's also idiotic to say that users should be fully responsible for their accounts and Steam has no responsibility in protecting their users from scams. Virtually every other major company I've interacted with has extensive anti-scam mechanisms and reversibility.
Most companies don't have the market economy that Steam has.

It's, however, completely irrelevant what other companies do. On Steam, you are responsible for the security of your account. In the past, Steam was more lenient (for example with returning scammed items), but of course users abused the ♥♥♥♥ out of that.

Steam has all kinds of measures in effect to protect users. We've come to the point where users have to actively do things to lose access to their account (namely entering credentials on phsishing sites or falling for social engineering). Just because Steam doesn't keep a log of your friend list, doesn't mean they do nothing in protecting users.

It doesn't matter what we think of such things, that's the choice Valve makes and whether one likes it or not, it's what we have to deal with.
Last edited by Crazy Tiger; 25 Apr, 2020 @ 9:19am
#7
nullable 25 Apr, 2020 @ 9:32am 
A lot of your complaint seems to center around how your friends list was decimated. But if I unfriend you (because your account was hijacked), I don't need Steam undoing that because you claimed you got scammed...
#8
Maximilian Kohler 25 Apr, 2020 @ 9:38am 
Originally posted by Brockenstein:
A lot of your complaint seems to center around how your friends list was decimated. But if I unfriend you (because your account was hijacked), I don't need Steam undoing that because you claimed you got scammed...
Except that's not what happened. Read things before you offer your uninformed opinions.
#9
cSg|mc-Hotsauce 25 Apr, 2020 @ 9:40am 
Historic friends, if cached, can be found here...

https://steamid.uk/profile/76561197980712618

:qr:
#10
Maximilian Kohler 25 Apr, 2020 @ 9:58am 
Originally posted by cSg|mc-Hotsauce:
Historic friends, if cached, can be found here...

https://steamid.uk/profile/76561197980712618

:qr:
Thank you very much.

Obviously now there is a concern that sites that have you do a Steam login could be scamming you. The link you previously shared https://forums.steamrep.com/pages/hijacking/ - has a streamable.com gif showing how to determine if a site is fake.

On the steamid.uk page, current Firefox does not have that same layout and option to right click on the green "Valve Corp" and view image. And neither does Edge browser.

I guess the complete absence of that popup window means the site is legit? Maybe the streamable.com gif needs to be updated?
#11
76561198407601200 25 Apr, 2020 @ 10:31am 
Originally posted by Don't click link, its spam:
It seems like this would be relatively easy for Steam to reverse. They could:

* Reverse all actions taken on an account during a certain timeframe.
* Reverse all actions taken by the scammers.

No, not all scams involve more than 1 person. Such as in a case where one fakes being sent scam links from a "friend", which is in fact an alternate account which those items are then sold to a person not involved in the scam. This then creates the problem of valve removing that item from a legit buyer and compensating them what ever was given in their trade. As with all suggestions you have to look beyond yourself and realize that having this go on with thousands of accounts is not ideal. The best solution is not returning the items and leaving it as a lesson learned for the "victim".
#12
Maximilian Kohler 26 Apr, 2020 @ 12:45am 
Originally posted by The Living Tribunal:
This then creates the problem of valve removing that item from a legit buyer and compensating them what ever was given in their trade. The best solution is not returning the items and leaving it as a lesson learned for the "victim".
First of all, you're talking about something completely different to what this thread is about.

Secondly, absolutely no legitimate, major business would ever get away with doing nothing about it's customers being scammed. It's absurd that so many people defend Valve doing nothing.
#13
76561198407601200 26 Apr, 2020 @ 1:16am 
Originally posted by Don't click link, its spam:
Originally posted by The Living Tribunal:
This then creates the problem of valve removing that item from a legit buyer and compensating them what ever was given in their trade. The best solution is not returning the items and leaving it as a lesson learned for the "victim".
First of all, you're talking about something completely different to what this thread is about.

Secondly, absolutely no legitimate, major business would ever get away with doing nothing about it's customers being scammed. It's absurd that so many people defend Valve doing nothing.

I gave a reason why valve won't returned "scammed" items, which is what the topic is about. I suggest you keep up.

Regarding the second point you made, If i purchase an item from walmart, someone scams me into giving them that item, I can guarantee I can't go back to walmart and state "Someone scammed me. You are a major business so you should defend me and also return my item or compensate me" If you can show me a "major business" that does otherwise, please cite it.
#14
Nx Machina 26 Apr, 2020 @ 1:18am 
Originally posted by Don't click link, its spam:
Secondly, absolutely no legitimate, major business would ever get away with doing nothing about it's customers being scammed. It's absurd that so many people defend Valve doing nothing.

Accounts are hijacked. This is not a Steam issue.

Hijacking occurs when the user interacts and inputs their details and or clicks links which triggers the process, as you did. No one but the user is responsible for those actions. Ignoring all the warnings regarding sites not affiliated nor associated with Steam is on the user.

Like you I have been with Steam for 15+ years. My account has never been compromised.
#15
< >
Showing 1-15 of 25 comments
Per page: 1530 50

All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
Date Posted: 24 Apr, 2020 @ 5:29pm
Posts: 25
Start a New Discussion

Discussions Rules and Guidelines