Semua Diskusi > Forum Steam > Steam Discussions > Rincian Topik
AzKat 🐔 2 Mar 2019 @ 11:22am
Is it possible for a phishing website to remove or change your 2FA / email / password from your account?
I'm currently talking with another user who had this happen to him, and English not being his first language it's kind of hard communicating with him.

I've already instructed him to create a steam support ticket, but while he waits for the reply from steam support (he doesn't have access to his account anymore) I'm trying to see if there's anything I can help him with.


So, long story short, I want to know if it's possible for someone to remove your 2FA authenticator, change your email and your password, without your consent.
Pembuat topik ini telah menandai postingan yang menjadi jawaban pertanyaan.
Klik di sini untuk melihat postingannya.
Diposting pertama kali oleh cSg|mc-Hotsauce:
If the hijacker has sufficient proof of ownership to contest the ownership of the account, yes.

But that means they must have plenty and more proof than the true owner.

If it is contested too many times, support will lock it up so no user can regain access.

:qr:
< >
Menampilkan 1-15 dari 29 komentar
Kaladin 2 Mar 2019 @ 11:24am 
Yes it is, happened to me few weeks ago just from clicking a single link.
#1
Theblaze 2 Mar 2019 @ 11:25am 
Diposting pertama kali oleh AzKat:
[...] So, long story short, I want to know if it's possible for someone to remove your 2FA authenticator, change your email and your password, without your consent.

Without your consent?, no.

People have to share their authentification code to a phishing site using a fake steam login for that to happen.
#2
cSg|mc-Hotsauce 2 Mar 2019 @ 11:26am 
Have you read through Vaulty's scam guide?

You should.

:qr:
#3
AzKat 🐔 2 Mar 2019 @ 11:27am 
Diposting pertama kali oleh Theblaze:
Diposting pertama kali oleh AzKat:
[...] So, long story short, I want to know if it's possible for someone to remove your 2FA authenticator, change your email and your password, without your consent.

Without your consent?, no.

People have to share their authentification code to a phishing site using a fake steam login for that to happen.

Yes, but if they share their 2FA only, not their backup code, is it possible to remove the 2FA?

Diposting pertama kali oleh cSg|mc-Hotsauce:
Have you read through Vaulty's scam guide?

You should.

:qr:

Do you know the answer? If you do, let me know, if you don't, thanks anyway.
Terakhir diedit oleh AzKat 🐔; 2 Mar 2019 @ 11:27am
#4
cSg|mc-Hotsauce 2 Mar 2019 @ 11:30am 
It does not matter if they share the backup codes as the hijacker can just create new ones after the user gives away all his info to the fake login screen.

Go to "Fake Steam login sites!"

https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

:qr:
#5
AzKat 🐔 2 Mar 2019 @ 11:32am 
Diposting pertama kali oleh cSg|mc-Hotsauce:
It does not matter if they share the backup codes as the hijacker can just create new ones after the user gives away all his info to the fake login screen.

Go to "Fake Steam login sites!"

https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

:qr:

But can he "remove" the original owner's access to the account? As in, he doesn't have the code generator itself, he just has 1 code which he uses over and over to access the account right?

Or is using a "one time passcode" a way to take over an account?
#6
cSg|mc-Hotsauce 2 Mar 2019 @ 11:35am 
The hijacker could also deauthorize all devices before the account owner can do anything, yes.

:qr:
#7
Count_Dandyman 2 Mar 2019 @ 11:35am 
Diposting pertama kali oleh AzKat:
Diposting pertama kali oleh cSg|mc-Hotsauce:
It does not matter if they share the backup codes as the hijacker can just create new ones after the user gives away all his info to the fake login screen.

Go to "Fake Steam login sites!"

https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

:qr:

But can he "remove" the original owner's access to the account? As in, he doesn't have the code generator itself, he just has 1 code which he uses over and over to access the account right?

Or is using a "one time passcode" a way to take over an account?
Instead of trying to get details about how exactly it is done which is info somebody planning to start doing it would want instead focus on avoiding giving them any access to your account at all.
#8
AzKat 🐔 2 Mar 2019 @ 11:38am 
Diposting pertama kali oleh Count_Dandyman:
Diposting pertama kali oleh AzKat:

But can he "remove" the original owner's access to the account? As in, he doesn't have the code generator itself, he just has 1 code which he uses over and over to access the account right?

Or is using a "one time passcode" a way to take over an account?
Instead of trying to get details about how exactly it is done which is info somebody planning to start doing it would want instead focus on avoiding giving them any access to your account at all.

it's not my account, I've never fallen for this, that's why I ask about this.
#9
Count_Dandyman 2 Mar 2019 @ 11:42am 
Diposting pertama kali oleh AzKat:
Diposting pertama kali oleh Count_Dandyman:
Instead of trying to get details about how exactly it is done which is info somebody planning to start doing it would want instead focus on avoiding giving them any access to your account at all.

it's not my account, I've never fallen for this, that's why I ask about this.
That doesn't change anything about what I said you don't need exact details and giving them out would just increase the number of people with the knowledge of how to do it all that is needed is the knowledge to prevent it which is not opening the door for them in the first place.
#10
AzKat 🐔 2 Mar 2019 @ 11:44am 
Diposting pertama kali oleh Count_Dandyman:
Diposting pertama kali oleh AzKat:

it's not my account, I've never fallen for this, that's why I ask about this.
That doesn't change anything about what I said you don't need exact details and giving them out would just increase the number of people with the knowledge of how to do it all that is needed is the knowledge to prevent it which is not opening the door for them in the first place.

Right, so the guy I'm trying to help right now doesn't matter right?
#11
cinedine 2 Mar 2019 @ 11:45am 
Diposting pertama kali oleh Theblaze:
Without your consent?, no.

People have to share their authentification code to a phishing site using a fake steam login for that to happen.

If you are tricked into giving something away, it's not exactly with consent.
#12
Count_Dandyman 2 Mar 2019 @ 11:47am 
Diposting pertama kali oleh AzKat:
Diposting pertama kali oleh Count_Dandyman:
That doesn't change anything about what I said you don't need exact details and giving them out would just increase the number of people with the knowledge of how to do it all that is needed is the knowledge to prevent it which is not opening the door for them in the first place.

Right, so the guy I'm trying to help right now doesn't matter right?
I never said he doesn't matter I said he doesn't need the details you are asking for
#13
AzKat 🐔 2 Mar 2019 @ 11:48am 
Diposting pertama kali oleh Count_Dandyman:
Diposting pertama kali oleh AzKat:

Right, so the guy I'm trying to help right now doesn't matter right?
I never said he doesn't matter I said he doesn't need the details you are asking for

He doesn't need them, I need them.
#14
Count_Dandyman 2 Mar 2019 @ 11:48am 
Diposting pertama kali oleh AzKat:
Diposting pertama kali oleh Count_Dandyman:
I never said he doesn't matter I said he doesn't need the details you are asking for

He doesn't need them, I need them.
no you don't
#15
< >
Menampilkan 1-15 dari 29 komentar
Per halaman: 1530 50

Semua Diskusi > Forum Steam > Steam Discussions > Rincian Topik
Tanggal Diposting: 2 Mar 2019 @ 11:22am
Postingan: 29
Buat Diskusi Baru

Pedoman dan Aturan Diskusi