Drowning witch Jun 5, 2014 @ 11:42am
steam does not take action against phishers?
you can read my full report with evidence over at steamrep with scresnhots of valve support responses.

I can't link it here or the thread will be closed, of course, an excuse to close the thread is always good.

Neither the guy who sent the phishing link, nor the guy who stole my gifts were punished at all.

Valve simply gave me new copies of games, and the guy gets to keep all of my games+ 4 keys he got from selling one.

Not even a trade ban and item revoke.

I am absolutely shocked. I kept my mouth shut for a few weeks, thinking this takes time, but it definitely looks like there will be no repercussions for this actual, real life crime: theft of credentials and virtual items paid with real world currency.

Anyways, just wanted to put this out in the public, as I don't think this kind of behavior from Valve is acceptable.

I certainly won't be in a rush to put any more money into their pockets.

Yeah, I don't have all the facts. But I do know that Valve does know all the facts from chat logs and trade logs, IP logs, etc. Why would they return my items if they weren't certain of a scam?

people get trade banned for much, much less, so even If I don't have the facts, what can you expect from a phisher whose phishing goes unpunished?

He is gonna keep on doing it.

If that's what you want, by all means, keep closing the thread, there is other media that will generate hits.
Last edited by Drowning witch; Jun 5, 2014 @ 11:45am
Showing 1-15 of 161 comments
< >
aiusepsi Jun 5, 2014 @ 12:06pm 
Ok, simple thought experiment: would Valve benefit from cutting down on phishing activity?

Obviously yes: the fewer people who are phished, the fewer people who will have to be processed through Support to get their accounts back. They probably have to take a loss on the extra copies of the games, too.

What does Valve stand to gain from allowing phishing to continue: ??????

Yes, I'm sure Valve doesn't care about phishing at all.
Silicon Vampire Jun 5, 2014 @ 12:56pm 
I've been involved in getting a number of phishing accounts shut down so i do know that Valve does something about it. I could not comment on your situation as I do not have the facts.
Last edited by Silicon Vampire; Jun 5, 2014 @ 12:56pm
aiusepsi Jun 5, 2014 @ 1:26pm 
Also, I just realised what the nightmare scenario is here: the guy who sent you the phishing link was probably a bot using a phished account. Quite possible the account that the items went to was a phished account run by a bot. It's probably bots all the way down.

No wonder Valve is having trouble tracking down the people responsible.
Last edited by aiusepsi; Jun 5, 2014 @ 1:27pm
Drowning witch Jun 5, 2014 @ 6:34pm 
Originally posted by Silicon Vampire:
I've been involved in getting a number of phishing accounts shut down so i do know that Valve does something about it. I could not comment on your situation as I do not have the facts.

I can PM you the link to steamrep, where you can see all the screnshots.

The issue here, for me at least is the fact that stolen gifts, 54 stolen gifts+8 tf 2 keys are in the inventory of the bot account. Whoever is responsible is simply waiting it out and will then have 54 free steam games+ 8 tf 2 keys, and thats just from the day I was scammed.

Even if you can't trace the source fully to the end, which I doubt since even the client end has a full trade log. you don't just let the thieves keep stolen stuff.

54 steam gifts + 8tf 2 keys, that isn't pocket change. I would rather not get any stuff back, and have all the items revoked from the phisher, then get new copies of games, which I did, but to see the scum keep stolen goods and be further encouraged to phish.

From where I am standing, it looks bad, but by all means, would be nice to know why in this case nothing happened and if anyone else had a similar experience.

Last edited by Drowning witch; Jun 5, 2014 @ 6:36pm
Bantocks Jun 6, 2014 @ 11:40am 
DUDES, don't talk to people you don't know, and if you're going to add a friend make sure you get their details before-hand so you don't add some random guy.

Simples
Last edited by Bantocks; Jun 6, 2014 @ 11:40am
Megamii Jun 6, 2014 @ 1:50pm 
Lol this has been a real issue for awhile now... :/

People get phising links all the time, which leads to Hijacked accounts, which leads to more phising and so on and on. I HAVE noticed that Steam doesn't tend to punish them at all, but they can't.

Remember that, also, some "phisers" could have been hijacked accounts, and it would be way worse off if Steam decided to just willy nilly shut down every single account that sends out a phising link.
MA☝Omgwtfbbqstfu™ Jun 6, 2014 @ 1:59pm 
Its been a long time, most phishers are bots and they continue for the simple reason that valves reaction time is so slow that they easily yield results before they have to abandon an account. I'm sure there are ways to identify phishers, after all its a closed system, aka nsa dream. But they seem to rely on just reports and slow human customer service rep response rather than impliment any smart statistical/behavioral detection techniques or whatever, or simply impliment a better flag/blacklist system, I mean seriously just add a flag button to the first couple chats of an add so you can have an unadulterated report of what was actually said, making auto throttle-> ban response from reports fast.

Valve apparently wroks on valve time, meaning employees do whatever they want. So sometimes that results in this apparently, general neglect of things which aren't fun to deal with.

Its been many many months.

Bots are predicatable now, they add people within seconds of a bumped trade for instance. If you have more than one account bumping trades you will see the same phisher add you on multiple accounts at the same time.

Steam support is clearly overloaded and has been for a long time. Even semi automatiing the response would have cut down on their own workload.
Just auto throttling accounts adding based on reports, esp if they actually added a report button o the chat would make the entire process too much of a burden for phishing to be viable. An email spammer who can only send out one email a day isn't going to think its worth it, no different with phishers on steam.
Last edited by MA☝Omgwtfbbqstfu™; Jun 6, 2014 @ 2:01pm
yellowblanka Jun 6, 2014 @ 2:01pm 
Originally posted by Bantocks:
DUDES, don't talk to people you don't know, and if you're going to add a friend make sure you get their details before-hand so you don't add some random guy.

Simples

Seriously! How many times do people need to lose their accounts before they exercise some common sense and don't trade with people they don't know personally? This is precisely why Steam support is so backed up, because you have all these people trading with random people/plugging their account credentials into untrusted sites etc.
Bantocks Jun 6, 2014 @ 2:04pm 
Originally posted by Alisa Noire:
Lol this has been a real issue for awhile now... :/

People get phising links all the time, which leads to Hijacked accounts, which leads to more phising and so on and on. I HAVE noticed that Steam doesn't tend to punish them at all, but they can't.

Remember that, also, some "phisers" could have been hijacked accounts, and it would be way worse off if Steam decided to just willy nilly shut down every single account that sends out a phising link.

Sorry for being a gramma nazi, but it's "phishers". And am I the only one who knows of the existance of the data protection act. These phishers are getting all in acounts and doing their stuff, while helping themselves to whatever personal data in on that account INCLUDING possible credit card information. The data contoller of steam should be in a lot of "doo-doo" if he's doing anything at all this phishing is happening.
Silicon Vampire Jun 6, 2014 @ 2:06pm 
Uh, it's not Valve leaking the data to hijack the accounts. It's the "problem between keyboard and Chair" (or PEBKAC) issue...
MA☝Omgwtfbbqstfu™ Jun 6, 2014 @ 2:06pm 
Originally posted by yellowblanka:
Originally posted by Bantocks:
DUDES, don't talk to people you don't know, and if you're going to add a friend make sure you get their details before-hand so you don't add some random guy.

Simples

Seriously! How many times do people need to lose their accounts before they exercise some common sense and don't trade with people they don't know personally? This is precisely why Steam support is so backed up, because you have all these people trading with random people/plugging their account credentials into untrusted sites etc.

You'd be surprised lol, some kid in the tf2 forum lost his ausi sticky ~50 dollars because one of his "friends" asked for it as collateral for 1 key..$2.49

Some people are just hard to understand.......

You cant call people what you really think these days on forums because of hypersensitivity...so I'll leave it at that.

http://steamcommunity.com/app/440/discussions/0/-/
http://steamcommunity.com/app/440/discussions/0/-/

I don't know how these people remember to breath...
Last edited by Spawn of Totoro; Jun 6, 2014 @ 2:09pm
Bantocks Jun 6, 2014 @ 2:08pm 
Originally posted by yellowblanka:
Originally posted by Bantocks:
DUDES, don't talk to people you don't know, and if you're going to add a friend make sure you get their details before-hand so you don't add some random guy.

Simples

Seriously! How many times do people need to lose their accounts before they exercise some common sense and don't trade with people they don't know personally? This is precisely why Steam support is so backed up, because you have all these people trading with random people/plugging their account credentials into untrusted sites etc.

Thanks for agreeing, I just don't know why these people are doing these things.
It's the Steam equilivent of turning into a mindless lemming and jumping off a cliff. I just want to scream WHYYYYYYY at them. Do they learn nothing?
MA☝Omgwtfbbqstfu™ Jun 6, 2014 @ 2:13pm 
Originally posted by Silicon Vampire:
Uh, it's not Valve leaking the data to hijack the accounts. It's the "problem between keyboard and Chair" (or PEBKAC) issue...

There isn't much you can do about "stupid" but there are probably ways to cut down on the effectiveness of something like phishing. Even scammers are concered with return on investment, and the only reason phishing continues is because the time to response is so slow, they have plenty of time to jump from account to account.

As I said just simply even semi automating this would probably make the tactic ineffective. Flag button on first chats, steam detects if url is on black list, and or if the format of the first post fits a certain profile, its always "please add my friend" after all. If it matches or multiple flags, temporarily throttle the account. if url is on blacklist autoban. If url is new add to queue for human to look at, then add to blacklist. The customer service people probably can work through many more flagged chats per hour than dealing with fixing phished accounts from irate customers per hour thats for sure.
Bantocks Jun 6, 2014 @ 2:15pm 
BRING BACK ALL THE DATA COMMISSIONERS.
Enforce the laws of IT upon the stupid
(btw if you don't know what a data commissioner is then please look it up before commenting)
Last edited by Bantocks; Jun 6, 2014 @ 2:16pm
Silicon Vampire Jun 6, 2014 @ 2:17pm 
deflecting the responsibility toward VALVE will not solve anything though. the problem is the user circumventing any security factors if they perceive a possible gain, no matter how ludicrous or illogical...
Showing 1-15 of 161 comments
< >
Per page: 15 30 50
Date Posted: Jun 5, 2014 @ 11:42am
Posts: 163