Store Page
Counter-Strike 2
All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

Counter-Strike 2

Store Page
View Stats:
Global Achievements
This topic has been locked
moo Oct 22, 2024 @ 2:44pm
Just got scammed for my entire inventory
I'd like to start off that I'm typically very careful with trades but unfortunately I was just scammed for my entire CS2 inventory. I had ~400-500 worth of items as well as a bluegem deagle probably worth 200-300. I feel absolutely stupid in hindsight but I thought the actions I was taking weren't risky.

The scam started with someone wanting to play a faceit match but to do so I had to join their "hub". This is the part I feel most stupid about -- to do so I needed to "login with faceit" to my steam guard, which gave them access to my account. Then, they had me create a trade offer to a trusted friend I know in real life and confirm it through steam guard.

Except they had used the access they had just gained to cancel the trade offer and create a new one to a new user. Meaning the trade offer I confirmed was not actually to my friend but to one of their controlled accounts.

Lesson learned -- be very careful when confirming trade offers so that you are sure it is actually the trade offer you made. Additionally, be very careful when scanning anything with your steam guard as a reputable account "link" will never require such a process.

If anyone from Valve is reading this and willing to help, I have been with Steam over 20 years and this was 10-15 years worth of collection. I would sincerely appreciate any help in restoring these items to my account.
< >
Showing 1-15 of 68 comments
gexe Oct 22, 2024 @ 2:56pm 
Scan for malware. https://www.emsisoft.com/en/home/antimalware/
Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a different secure device
OPTIONAL: Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey (if it's empty then don't make any, the point is to have no api keys set)



https://steamcommunity.com/sharedfiles/filedetails/?id=784477482
Last edited by gexe; Oct 22, 2024 @ 2:57pm
#1
Pod Oct 22, 2024 @ 2:57pm 
Oof. This wont help, but you'll feel less salty over this scam in a few years. Horrible people out there.
#2
COREY NEIL(XBOX LIVE) Oct 22, 2024 @ 3:02pm 
Valve needs to do a better job at perma-banning accounts that scam. Better KYC for accounts. Change the rules so multiple accounts are no longer allowed. It sucks to see this and they'll tell you it's your fault but I have a hard time feeling it always is. You are responsible for your account but when they have so many scammers running rampant on their platform who can go years without a ban is just embarrassing. They need to do a better job at communicating all the different scams to look out for.

Most casual players will easily fall for that faceit scam. Nothing can be done. Zero sum game and you lost. Scammer won. You learned your lesson the hard way. Educate yourself on proper opsec and it'll never happen again.
#3
♛⁧Schultheiß Oct 22, 2024 @ 3:06pm 
... really? You just click on random links and then input your steam credentials AND steam guard into them? With playerbase like this, these scammers are probably millionaires by now.
#4
CRAZYCHARLIE Oct 22, 2024 @ 3:13pm 
Its not valves issue, that you guys keep using 3rd party sites and cry fowl when you fall victim to a scam that was originally intended too pad your own inventory.
#5
moo Oct 22, 2024 @ 3:17pm 
Originally posted by COREY NEIL(XBOX LIVE):
Valve needs to do a better job at perma-banning accounts that scam. Better KYC for accounts. Change the rules so multiple accounts are no longer allowed. It sucks to see this and they'll tell you it's your fault but I have a hard time feeling it always is. You are responsible for your account but when they have so many scammers running rampant on their platform who can go years without a ban is just embarrassing. They need to do a better job at communicating all the different scams to look out for.

Most casual players will easily fall for that faceit scam. Nothing can be done. Zero sum game and you lost. Scammer won. You learned your lesson the hard way. Educate yourself on proper opsec and it'll never happen again.

I definitely agree that they need to enhance their KYC processes especially with how much money flows through the market these days. And furthermore on communicating scams that are circulating -- I can typically sniff these out from miles away.

This really boiled down to me being distracted and me taking some unsafe actions that I thought I could hedge through the use of Steam Guard. Their ability to quickly cancel a trade and replace it with another is what ultimately led to my demise -- I confirmed a trade offer that I did not make.

They should not allow trade offers to be made from a new login location that is overseas from where you are typically logged in. And they should make it more clear where traded items are going and where the trade offer was originated from.

This sort of cascade of events would be pretty easy to trigger an alert / lockdown of trades on the account.

Originally posted by Schultheiß:
... really? You just click on random links and then input your steam credentials AND steam guard into them? With playerbase like this, these scammers are probably millionaires by now.

It's honestly a lot more complicated than that. I'm a software engineer by trade and I've worked cybersecurity in the past -- this is the first scam I have ever fell victim to EVER. This was a lot more subtle and relied on content from presumably trusted sources (faceit) that I am admittedly unfamiliar with. There was also some social/time pressure and I was a little distracted by a call with my girlfriend.
#6
moo Oct 22, 2024 @ 3:18pm 
Originally posted by CRAZYCHARLIE:
Its not valves issue, that you guys keep using 3rd party sites and cry fowl when you fall victim to a scam that was originally intended too pad your own inventory.

I wasn't trying to pad my inventory, I collect for fun and don't sell. I merely wanted to play a faceit match with some unknowns on my friends list.
#7
Hamless Hog Oct 22, 2024 @ 3:20pm 
Originally posted by moo:
Originally posted by CRAZYCHARLIE:
Its not valves issue, that you guys keep using 3rd party sites and cry fowl when you fall victim to a scam that was originally intended too pad your own inventory.

I wasn't trying to pad my inventory, I collect for fun and don't sell. I merely wanted to play a faceit match with some unknowns on my friends list.
Then you should have simply added them on faceit. Did you even secure your account yet?
Last edited by Hamless Hog; Oct 22, 2024 @ 3:20pm
#8
moo Oct 22, 2024 @ 3:32pm 
Originally posted by Hogarth:
Originally posted by moo:

I wasn't trying to pad my inventory, I collect for fun and don't sell. I merely wanted to play a faceit match with some unknowns on my friends list.
Then you should have simply added them on faceit. Did you even secure your account yet?

Yep my account has been secured.

There really is no reason to hate, folks. I know I messed up and I already feel terrible.

It happens -- people make mistakes. Even when they're educated, diligent, and attentive. It only takes a momentary lapse of judgement. A single mistaken assumption.
#9
Hamless Hog Oct 22, 2024 @ 3:39pm 
Originally posted by moo:
Originally posted by Hogarth:
Then you should have simply added them on faceit. Did you even secure your account yet?

Yep my account has been secured.

There really is no reason to hate, folks. I know I messed up and I already feel terrible.

It happens -- people make mistakes. Even when they're educated, diligent, and attentive. It only takes a momentary lapse of judgement. A single mistaken assumption.
Agreed no hate needed. Was there an api key attached to your account?
#10
moo Oct 22, 2024 @ 4:02pm 
Originally posted by Hogarth:
Originally posted by moo:

Yep my account has been secured.

There really is no reason to hate, folks. I know I messed up and I already feel terrible.

It happens -- people make mistakes. Even when they're educated, diligent, and attentive. It only takes a momentary lapse of judgement. A single mistaken assumption.
Agreed no hate needed. Was there an api key attached to your account?

There was no API key. The scam was fairly simple
1. In the FACEIT UI I had a QR code to scan to "link my steam account to faceit". That gave them access to my steam account.
2. I created a trade offer to a trusted friend (know him IRL for 10+ years)
3. They used access gained in step 1 to cancel this trade offer and create a duplicate one to a different user
4. I confirmed what I thought I created in step 2, but actually confirmed their offer in step 3.

I didn't think a QR code generated outside of Steam could be used to gain access to my account. I don't think they could have gotten my account name as it is a very old email that hasn't been used or active in 20+ years.
Last edited by moo; Oct 22, 2024 @ 4:06pm
#11
Hamless Hog Oct 22, 2024 @ 4:12pm 
Originally posted by moo:
Originally posted by Hogarth:
Agreed no hate needed. Was there an api key attached to your account?

There was no API key. The scam was fairly simple
1. In the FACEIT UI I had a QR code to scan to "link my steam account to faceit". That gave them access to my steam account.
2. I created a trade offer to a trusted friend (know him IRL for 10+ years)
3. They used access gained in step 1 to cancel this trade offer and create a duplicate one to a different user
4. I confirmed what I thought I created in step 2, but actually confirmed their offer in step 3.
So here was an api key or not?

They would have only been able to do that with one
#12
moo Oct 22, 2024 @ 4:23pm 
Originally posted by Hogarth:
Originally posted by moo:

There was no API key. The scam was fairly simple
1. In the FACEIT UI I had a QR code to scan to "link my steam account to faceit". That gave them access to my steam account.
2. I created a trade offer to a trusted friend (know him IRL for 10+ years)
3. They used access gained in step 1 to cancel this trade offer and create a duplicate one to a different user
4. I confirmed what I thought I created in step 2, but actually confirmed their offer in step 3.
So here was an api key or not?

They would have only been able to do that with one

There was/is no API key set on my account. What would they have only been able to do with one?

From my understanding they got access to my account via the QR code I scanned (which was on faceit). Then they used that access to cancel the trade offer I made and make their own. I confirmed their offer thinking I had confirmed my own.

I have my suspicions on how they got my account name but that's neither here nor there.

Hard to believe I was this careless -- I relied far too heavily on my having created the trade offer to an account I know and trust. And of course not better scanning for details of the trade offer when confirming.
#13
RedTrustfactor Oct 22, 2024 @ 4:27pm 
Originally posted by COREY NEIL(XBOX LIVE):
Valve needs to do a better job at perma-banning accounts that scam. Better KYC for accounts. Change the rules so multiple accounts are no longer allowed. It sucks to see this and they'll tell you it's your fault but I have a hard time feeling it always is. You are responsible for your account but when they have so many scammers running rampant on their platform who can go years without a ban is just embarrassing. They need to do a better job at communicating all the different scams to look out for.

Most casual players will easily fall for that faceit scam. Nothing can be done. Zero sum game and you lost. Scammer won. You learned your lesson the hard way. Educate yourself on proper opsec and it'll never happen again.
trading should be KYC only imo
everything should be traceable
#14
moo Oct 22, 2024 @ 4:31pm 
From what I've read, the items they stole should be trade locked for 7 days. So hopefully within that 7 days I can have the trade reversed by steam support.

I know their policy is to not restore items since they can get traded onwards to innocent account (and to avoid the market). I've opened a ticket and emailed gaben begging for help.
#15
< >
Showing 1-15 of 68 comments
Per page: 1530 50

Counter-Strike 2 > General Discussions > Topic Details
Date Posted: Oct 22, 2024 @ 2:44pm
Posts: 68

Discussions Rules and Guidelines