Counter-Strike 2

Counter-Strike 2

View Stats:
sandu Nov 30, 2019 @ 2:19pm
Don't trade on CS.MONEY and don't trust Steam Guard
Hello everyone,

I just wanted to make a post to show how not to trade online. A few months ago I logged on CS.MONEY and traded a few skins, all well so far. However, today when I logged in I was surprised to find everything missing in my inventory. When I looked at the past trades, this is what I saw:
https://imgur.com/NtCH6If

Now, I understand that when I logged in on those sites, I have given them my own credentials on my own risk, I was fully aware of that. That is why I had 2-way authentication via Steam Guard. When checking my email, I had the surprise to see this email in the 'Updates' tab:
https://imgur.com/OrJ9L3f

As far as I know, the main idea behind 2-way authentication is that if one of the security measures fails (for example, someone finds my password), the other will stop any malicious intent (Steam Guard in this case). But with Steam it seems that Steam Guard can be changed on a new device without any SMS or email confirmation, rendering it completely useless. I have +1000 hours in this game and I am considering on giving up on it.

Please, do not follow my mistakes and learn how to trade responsibly.
< >
Showing 1-15 of 31 comments
.Newbiedienloan. Nov 30, 2019 @ 2:27pm 
Having steam guard on a new device means you enter your login detail to a phishing site and they have your account information. Maybe on some point you ended up signing in a fake csmoney. The bot in your trade maybe a fake bot.
So do as the email said, lock and reset all devices. Also change password.
Those skins sadly cannot be returned to you.
aska Nov 30, 2019 @ 2:31pm 
RIP for you man. Although its the first time I've seen somebody's steam guard change when logging in onto a phishing site..
sandu Nov 30, 2019 @ 2:34pm 
'Having steam guard on a new device means you enter your login detail to a phishing site and they have your account information'? Sorry, I do not understand this phrase.

Steam Guard is a 2-way authentication method (https://en.wikipedia.org/wiki/Multi-factor_authentication). This means that every time you login on a new computer, or you want to make a trade, or you want to disable Steam Guard, you need to get that code from Steam Guard. If you do not have Steam Guard, Valve forces you to give the code they gave you via SMS or email.

So my question is that, how can they not only connect, but also trade on my account without the code that I should be receiving via Steam Guard, or SMS, or email?

And for that last sentence, no, I do not expect to get them back. My mistake was trusting CS.MONEY and also Valve for protecting my own stuff.
inT_Sheriff Nov 30, 2019 @ 2:37pm 
Hello, sandu i need to tell you, you logged in to a phishing site (a api scam one probably) check https://steamcommunity.com/dev/apikey so you see there should be one created you should revoke that. Maybe you got baited and did not logged in to real cs.money, but i can confirm they are real, you only fall in a fishing site. You should revoke the key and get authenticator back, just call the support in worst case if you need help. Because they are the ones that can save you (but you don´t get items back).
Hope i helped you!
sandu Nov 30, 2019 @ 2:45pm 
I know about the API key and also revoked that when I first saw that I was scammed. The bots seem legit, here are the URL for the bots, maybe you can see my inventory in there:

https://steamcommunity.com/id/FauraFayra
https://steamcommunity.com/id/Fast_Fingers
https://steamcommunity.com/id/Ragni_Sawyer
.Newbiedienloan. Nov 30, 2019 @ 2:47pm 
You clearly don’t know how phishing sites work. They basically make a fake login steam page that pop up when you try to login. Then after you enter name + password they will send another page with steam guard code that clearly resemble the real login page.
Here’s the catch: when you login on browser, you can save the login to the browser, so every time you log on 3rd party site you don’t have to login again. The fake sites however, always ask you to login. You can also try pressing the home button, the real page will direct you to steam store login page, while the fake page will show error.
inT_Sheriff Nov 30, 2019 @ 2:47pm 
The bots look kinda legit, because in the cs.money bots group, but somehow they look weird aswell, i believe they got hacked, but i got no proof.
sandu Nov 30, 2019 @ 2:53pm 
.Newbiedienloan. thanks for the reply, I know how phishing sites work (currently studying software security at uni). No, I did not sign in on any of this kind of websites, and again, the bots look legit af.
⭕⃤ Jager Nov 30, 2019 @ 2:54pm 
...
inT_Sheriff Nov 30, 2019 @ 2:56pm 
I suggest you, never to click on urls that look weird just always go on the real site, by visiting it over google. So cs.money directly (only if you know the domain) because scammers are doing css.money and stuff like that many people fall in that (i know a scammer that makes 20k/month) i already always try to ban him, he makes new accounts etc
sandu Nov 30, 2019 @ 3:19pm 
One more thing, as I was looking on my emails, I found that two days ago, I received two emails saying that someone tried changing the Steam Guard phone and that an SMS code was sent to me.
https://imgur.com/AxXJ2Ui

I actually did receive a message from Steam two days ago, but it seems that I did not pay attention enough, what a fool I was:
https://imgur.com/6YXt4aB
(the second SMS is since I changed my Steam password when I found out that I was scammed)

Now the $1.000.000 question is, how did they know the code?
Carlos100 Nov 30, 2019 @ 3:20pm 
Originally posted by sandu:
One more thing, as I was looking on my emails, I found that two days ago, I received two emails saying that someone tried changing the Steam Guard phone and that an SMS code was sent to me.
https://imgur.com/AxXJ2Ui

I actually did receive a message from Steam two days ago, but it seems that I did not pay attention enough, what a fool I was:
https://imgur.com/6YXt4aB
(the second SMS is since I changed my Steam password when I found out that I was scammed)

Now the $1.000.000 question is, how did they know the code?
Because you signed into a fake site at some time..................its the only answer
.Newbiedienloan. Nov 30, 2019 @ 3:23pm 
All mentioned in my previous comment, where I explained how phishing sites work. Even the fact that they know your code.
sandu Nov 30, 2019 @ 3:23pm 
How can the fake site know the code required to change the Steam Guard app? I should be the only person on this world that knows this code.
< >
Showing 1-15 of 31 comments
Per page: 1530 50

Date Posted: Nov 30, 2019 @ 2:19pm
Posts: 31