This topic has been locked
Taberone Mar 8, 2014 @ 8:44am
[ALREADY RESOLVED STOP BUMPING]SSFN File Phishing that hijacks steam accounts
ANOTHER EDIT:Wow, this is still alive. Yeah, its "dumb" to fall for this nowadays, but I fell for this when not many people knew what the SSFN File Phishing was, and my blind faith in Steam caused me to pass it off as "A even more reliable way to verify".





Trust is a weakness.

Yes, I should have been more careful. Im like that other guy who fell for the phishing too, we both legitimately thought it was a new steamguard thing.

(END EDIT. Original post below with quotes added..)

Logging into steam, I noticed it said to upload a SSFN file or something. Then I noticed Steam Community was mispelled. Theres stories of traders telling you to add a guy and upload a SSFN file to him or something, but no stories of telling you to do it to a website. Whats going to happen now that I fell for the phising link thanks to this one steam group named INFBLOG thats russian?

-
They posted "free DAYZ ADD DIS GUY"

Steamguard permissions changed, all computers cleared, password changed, but TF2 items lost according to Steam Inventory. Checking TF2 now to make sure. Am I safe? All tf2 items are still there ingame, but Steam Inventory is empty.

Originally posted by UberFiend:
Originally posted by Taberone(Probably Hijacked):
Already did. What about the email? The reddit post said that it gives them acess to email.

Hopefully you have different password for email, so they shouldn't be able to. If they have/had access to your account all they could get is the email address. They would then have to brute force 'crack' the password.

But they are very quick at getting in, fleecing you, & getting out again. If you have ANY doubts or suspiscions, change your email password ASAP too.

Create an Steam Support Ticket & see if you can have your items returned. And report that scumbag!
So am I safe now that I changed the password and erased all authorized steamguard computers?
Originally posted by I AM SHODAN!:
This right here is the REAL problem.

Originally posted by NGATaberone:
They posted "free DAYZ ADD DIS GUY"

NOT instantly recognizing this as being a potential scam/hijacking waiting to happen is the single biggest factor in hijacks. In all honesty, no measures Valve can take to keep people safe will work until people start READING and understanding the information they're given when they sign up to make an account.

Similarly, it's a basic internet safety rule that you never upload a file from your computer that someone requests of you, because unless you're the programmer you have no idea what sort of information could be contained in that file to be used against you. That is what is happening here with this SSFN stuff.

If you can't handle your own internet safety, you need to educate yourself, hopefully before more damage is done such as a compromised credit card or bank account. I know what the common excuse is - it's all about reading and I know people, in particular kids, hate reading but it's either you learn how to avoid common mistakes, or you stay ignorant and remain a target.

Knowledge is power! If you close off all of the holes scammers use to try to lure people, you cannot be scammed.

>Do not trust people on the internet, even if you THINK you know them well. People have been lied to by friends, neighbors, even family memebers, and also scammers frequently find out who your friends are an make duplicate accounts with the same picture and such to fool you into thinking you're dealing with someone you know.

> Always be wary of someone offering to give you something for free.

>Never trade outside of the Steam trading window. This means never use "middlemen" or trade for paypal, cash, or "Steam wallet credit", and do not reveal your personal information to anyone.

>Never let your friends, cousins, or even siblings use your account. They can get their own.

>Before accepting an offer, ask yourself if you really need that item or items, because more often than not it is simply greed/lust for items or free stuff combined with ignorance of safety protocol that is what ends up getting a person scammed.

Also, be careful of internet sites in general so you avoid picking up viruses and other malware, and always run an active scanning virus/malware scanner at all times while connected to the net.

If you have your account back, changed all the passwords and deauthorized all computers, you should be safe again. Learn as much as you can about how to remain safe.
Last edited by Taberone; Oct 4, 2015 @ 6:28pm
< >
Showing 1-15 of 79 comments
TeKraken Mar 8, 2014 @ 8:47am 
If you already fell for it then the phishers have access to your account.

Try changing your password quickly.

Last edited by TeKraken; Mar 8, 2014 @ 8:47am
UberFiend Mar 8, 2014 @ 8:47am 
Change your passwords immediately & check your stuff is still yours.
Last edited by UberFiend; Mar 8, 2014 @ 8:47am
Taberone Mar 8, 2014 @ 8:47am 
Originally posted by TeKraken:
If you already fell for it then the phishers have access to your account.

Try changing your password quickly.
Already did. What about the email? The reddit post said that it gives them acess to email.
TeKraken Mar 8, 2014 @ 8:48am 
Did you give them your email address? Is your email password the same as your Steam password? If yes then they have access to your email as well.
Last edited by TeKraken; Mar 8, 2014 @ 8:49am
Spawn of Totoro Mar 8, 2014 @ 8:49am 
Originally posted by Taberone(Probably Hijacked):
Already did. What about the email? The reddit post said that it gives them acess to email.

No. Uploading the file bypasses the need for a SteamGuard code. It does not give them access to your e-mail.

I suggest clearing your SteamGuard permissions. You can do that in the settings on the client.
Taberone Mar 8, 2014 @ 8:49am 
I never gave them the email adress, but the reddit post implied that the SSFN file somehow gives acess to the email. All TF2 items are gone, but everything else is saved so far.
Bad_Motha Mar 8, 2014 @ 8:49am 
I would change your email password as well. Never know what all info it may have sent them through the phishing link. While it might not directly give email address info, they can easily figure this out if they actually get a chance to login to your account.
Last edited by Bad_Motha; Mar 8, 2014 @ 8:51am
Taberone Mar 8, 2014 @ 9:04am 
Originally posted by UberFiend:
Originally posted by Taberone(Probably Hijacked):
Already did. What about the email? The reddit post said that it gives them acess to email.

Hopefully you have different password for email, so they shouldn't be able to. If they have/had access to your account all they could get is the email address. They would then have to brute force 'crack' the password.

But they are very quick at getting in, fleecing you, & getting out again. If you have ANY doubts or suspiscions, change your email password ASAP too.

Create an Steam Support Ticket & see if you can have your items returned. And report that scumbag!
So am I safe now that I changed the password and erased all authorized steamguard computers?
Taberone Mar 8, 2014 @ 9:48am 
Originally posted by Muppet among Puppets:
Change secret questions, associated emails (check what they are), etc
Already did that too.
Taberone Mar 8, 2014 @ 11:49am 
Originally posted by UberFiend:
Originally posted by Taberone(Probably Hijacked):
Already did. What about the email? The reddit post said that it gives them acess to email.

Hopefully you have different password for email, so they shouldn't be able to. If they have/had access to your account all they could get is the email address. They would then have to brute force 'crack' the password.

But they are very quick at getting in, fleecing you, & getting out again. If you have ANY doubts or suspiscions, change your email password ASAP too.

Create a Steam Support Ticket & see if you can have your items returned. And report that scumbag!
Better safe than sorry....
Blink Mar 8, 2014 @ 12:11pm 
The onus here is on the user. Why in the world would you upload a file to a web site requesting it? That alone should set off red flags and give you pause to examine the browser URL.

Companies never ask you for passwords, or to upload files or things like that. That should be common sense in 2014.
... Mar 9, 2014 @ 1:55am 
But how am I gonna Login in the Chrome if My ssfn file doesnt Exist?( The one they are asking doesn't exist, but theres another 1 than when I place him it says "Login Incorrect") Please someone Help fast!
How can i erase all unathorized attempts?
metiware.net Mar 15, 2014 @ 6:00pm 
Oh my god. I almost get an heath attack. What if i uploaded them that file. I changed E-Mail. Secret Question. Password. What else should i do ?
WhereIsBusmin Mar 15, 2014 @ 6:02pm 
Originally posted by ☬Alpha☬:
Oh my god. I almost get an heath attack. What if i uploaded them that file. I changed E-Mail. Secret Question. Password. What else should i do ?

Deauthorize all other computers via your Steam Guard settings? Not may more options. You should be okay though, as long as you didn't enter your account info.
Last edited by WhereIsBusmin; Mar 15, 2014 @ 6:03pm
< >
Showing 1-15 of 79 comments
Per page: 15 30 50

Date Posted: Mar 8, 2014 @ 8:44am
Posts: 79