All Discussions > Steam Forums > Steam Discussions > Topic Details
Lalo Sep 8, 2020 @ 11:50am
New way to steal inventories
I hope this is the right place to post this, if it isnt sorry. And i dont know the time it has been operating.

Last month a message appeared in my brothers profile instead of his name and profile info, and also changed the avatar, what was changed for an image of "BAN", the new name was "Trade Ban", and there was a long message on his profile that resumend said that he had been baned from trades and he had 36 hours to send his skins to other person or he will lose them, he panicked and he send his skins to me, then someone intercepted them and he lost his cs:go inventory, then i told him the recommendations for this things, like de-authorize acces to all sistems, etc.

Same thing happened today to a couple of friends who luckily told me first, I dont know if valve can do something to solve this comoon issue on their sistems, that as it looks like, isnt new.

PD: English is not my first language, so sorry for my bad grammar.
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by J4MESOX4D:
Originally posted by Lunacy:
Originally posted by J4MESOX4D:
The user then confirms the new (compromised) trade via their phone and then the items are essentially stolen.
This is the part that confuses me because the victim only ever confirmed 1 trade, the one that got canceled. How does it force a completely new trade and skip authentication and confirmation?
Basically when the hijackers take control of an account, they also have access to the API key which can automatically cancel instigated trades and then they can resend their own bogus one whilst impersonating the original intended target. The victim sees their initial trade simply cancelled and then when the scammers submit their own trade offer (to their impersonating account) the victim assumes it's just the original target so they confirm it on their phone without realising they've just accepted a scammed trade.

All the hijackers have to do is impersonate the intended trade recipient and then submit a copy of the original trade offer using the API key and hope the user blindly accepts the trade as seen. Other than that, they don't have to do anything and can just sit in the shadows with the user not realising they are compromised.

This is why people must double check trade offers and ensure their API key is not under control of someone else - the field should be blank. Users will often get baited into instigating a trade i.e a fake ban where they are enticed to trade all their items away to a friend. The scammers then cancel that trade, impersonate the recipient, resend the same offer but to themselves and then the panicked victim accepts.

Your friend didn't accept the cancelled trade - they accepted a new one sent by the scammers disguised as the one that was cancelled.
< >
Showing 1-15 of 15 comments
AndresNavaK Sep 8, 2020 @ 11:52am 
Sure he people are trying to robbery my inventory
#1
Snapjak Sep 8, 2020 @ 11:52am 
Old way to steal inventories.


People need to stop going to scammy sites. Seriously, tell your brother and all your friends that they are dumbasses and have given away their accounts.
#2
Cathulhu Sep 8, 2020 @ 12:21pm 
If by new you mean we see this on a daily basis for several years, then yes, it is new.

Valve can't fix stupid. Valve can't fix people entering their login credentials on fake websites because "free stuff".
Last edited by Cathulhu; Sep 8, 2020 @ 12:22pm
#3
J4MESOX4D Sep 8, 2020 @ 1:15pm 
This 'new' way is YEARS old.
#4
Lunacy Sep 8, 2020 @ 1:20pm 
It's an old scam, your brother's profile was hijacked, likely from giving away info on trade or lotto sites.
Don't know how they intercept the trade, however.

Valve is unlikely to do anything, as that is what the authenticator and steam trade holds are for; and have since stopped restoring inventories (afaik).
Last edited by Lunacy; Sep 8, 2020 @ 1:21pm
#5
J4MESOX4D Sep 8, 2020 @ 1:23pm 
Originally posted by Lunacy:
Don't know how they intercept the trade, however.
They take control of the API key then when the user tries to trade, they cancel it, impersonate the account the items were going to and then send a new trade offer to their impersonating account. The user then confirms the new (compromised) trade via their phone and then the items are essentially stolen. The scammers then change their profile back and the victim can then see where the items went in their trade history.
#6
Lunacy Sep 8, 2020 @ 1:30pm 
Originally posted by J4MESOX4D:
The user then confirms the new (compromised) trade via their phone and then the items are essentially stolen.
This is the part that confuses me because the victim only ever confirmed 1 trade, the one that got canceled. How does it force a completely new trade and skip authentication and confirmation?
#7
The author of this thread has indicated that this post answers the original topic.
J4MESOX4D Sep 8, 2020 @ 1:39pm 
Originally posted by Lunacy:
Originally posted by J4MESOX4D:
The user then confirms the new (compromised) trade via their phone and then the items are essentially stolen.
This is the part that confuses me because the victim only ever confirmed 1 trade, the one that got canceled. How does it force a completely new trade and skip authentication and confirmation?
Basically when the hijackers take control of an account, they also have access to the API key which can automatically cancel instigated trades and then they can resend their own bogus one whilst impersonating the original intended target. The victim sees their initial trade simply cancelled and then when the scammers submit their own trade offer (to their impersonating account) the victim assumes it's just the original target so they confirm it on their phone without realising they've just accepted a scammed trade.

All the hijackers have to do is impersonate the intended trade recipient and then submit a copy of the original trade offer using the API key and hope the user blindly accepts the trade as seen. Other than that, they don't have to do anything and can just sit in the shadows with the user not realising they are compromised.

This is why people must double check trade offers and ensure their API key is not under control of someone else - the field should be blank. Users will often get baited into instigating a trade i.e a fake ban where they are enticed to trade all their items away to a friend. The scammers then cancel that trade, impersonate the recipient, resend the same offer but to themselves and then the panicked victim accepts.

Your friend didn't accept the cancelled trade - they accepted a new one sent by the scammers disguised as the one that was cancelled.
Last edited by J4MESOX4D; Sep 8, 2020 @ 1:47pm
#8
StickyPawz Sep 8, 2020 @ 1:41pm 
The victim sets up the trade, but the hijacker cancels it immediately and sets up a different trade ... The second trade is what the victim is confirming.

If users took the time to double-check the trade through their phones, they'd see the warning signs.
#9
Lunacy Sep 8, 2020 @ 2:26pm 
I thought both parties get tradebanned for a week when cancelling a trade offer, though?
#10
Snapjak Sep 8, 2020 @ 2:35pm 
Originally posted by Lunacy:
I thought both parties get tradebanned for a week when cancelling a trade offer, though?
Trade offers that have been accepted yes. I.E. a trade that is on hold.
#11
Taebrythn Sep 8, 2020 @ 5:37pm 
lol responsibility people. know not to go to those shady sites. that is something everyone should know.
#12
Twitch.tv/PvPTimeTV Sep 14, 2020 @ 9:02am 
Made video, might be useful. My account did get hacked. https://youtu.be/TUwhNC5NsV0
#13
Ettanin Sep 14, 2020 @ 9:55am 
Remember: There ain't no such thing as a gift skin.
Last edited by Ettanin; Sep 14, 2020 @ 9:55am
#14
B-o-B Sep 14, 2020 @ 10:11am 
Originally posted by Ettanin:
Remember: There ain't no such thing as a gift skin.
Uhm no ... i and many others gift skins a lot.
You just gotta do it correctly in a controlled environment.
Add me after that statement will grant you instant block... btw.... DON'T ADD
#15
< >
Showing 1-15 of 15 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details
Date Posted: Sep 8, 2020 @ 11:50am
Posts: 15
Start a New Discussion

Discussions Rules and Guidelines