All Discussions > Steam Forums > Steam Discussions > Topic Details
Steppenwolf Jan 5, 2022 @ 7:44am
Good people, yesterday I realized I got phished. I would appreciate advice/clarification.
Now this is the story all about how
My acc got phished, turned upside down
And I'd like to take a minute just sit right there
I'll tell you how I fixed this problem and ask for more advice.

Ok, time to get serious now.

First to explain my situation. I have been using Steam for 11 years now, never had any problems. Until now. I am usually pretty careful about suspicious stuff but I admit this kind of blindsided me. I have a friend on Steam who I have known for 3+ years now. We must have spent 500+ hours together playing games during the pandemic. I know he is trustworthy in general. I also knew he was an avid CS:GO player (2k+ hours spent playing), he played in some online tournaments and such. Because of this I did not really think when he sent me a message with a link to a website where a new tournament will be playing out, and asked me to support his team with a like or something (this was in early December). Unfortunately I fell for it.

As it turned out, my friend's account got phished first, and whoever did it used it to send/spam messages to his friends. Me included. Because this was somebody who I knew for years, not some random person, I fell for it.

Now this it where it gets kind of weird. My acc got phished or kind of hijacked. But not in an obvious manner. Whoever did this did not lock me out or change my passwords. He/she also managed to I guess bypass my steam guard and 2FA. I also did not get a notification that my account was accessed from a new location/ip adress. He just used my acc to, again, send the same messages to my friends. He/she would send a message to one of my friends (containing the same request I got) then he would Block that same person in my friend list, so that I could not see that there has been chat activity with that person. I realized this yesterday, because the (I will call him "the hacker") sent a message to a friend from my personal life with whom I do not speak in English. My friend got suspicious asked him questions, took a screenshot of the chat and sent it to me via Facebook. At the same time the hacker realized that he was discovered and immediately erased my entire friend list. That is when I got my friends message and I realised what has been happening.

Like I said, I could still access my account, and since I don't trade with items (cuz I do not play things like CS:GO or Rocket League), there was nothing in my inventory to take and I don't use Steam Wallet. So the only damage was that my acc was used to spread these messages and erase my friendlist.

Now, I have done the recommended steps I have seen to fix this. I scanned my pc for Malware, deauthorized all devices on steam. I went to a clean safe pc and changed my email password. Then I created a brand new email and changed so that it is now my designated mail for steam. Changed my steam password, verified mail. Generated new back-up codes and revoked the API key.

My question is do I have to do anything else, or is my account now safe?

Furthermore, I had a lot of steam friends. I went through my chat history to see who the hacker contacted. However, now all of them are not on my friend list and some of them have not accepted my new friend request. Now I cannot warn them what happened. What should I do if my acc gets reported? I have screenshots of the messages to prove I got phished (am a victim) myself. And I also have in my steam login history that my account has been accessed from Russia since the 21st of December. I live in Croatia and have never been to Russia. Can I do anything else? Thank you.
< >
Showing 1-10 of 10 comments
nullable Jan 5, 2022 @ 7:58am 
Originally posted by Steppenwolf:

My question is do I have to do anything else, or is my account now safe?

If you've properly secured it, yes. If you haven't, then no.

Which one do you believe you've done?

Originally posted by Steppenwolf:
Furthermore, I had a lot of steam friends. I went through my chat history to see who the hacker contacted. However, now all of them are not on my friend list and some of them have not accepted my new friend request. Now I cannot warn them what happened. What should I do if my acc gets reported?

Nothing. This happens ten thousand times a day. You'll be fine.

Originally posted by Steppenwolf:
I have screenshots of the messages to prove I got phished (am a victim) myself.

Valve is well aware that scammers are often using compromised accounts. And they're not chopping the heads off victims to deal with it.

Originally posted by Steppenwolf:
And I also have in my steam login history that my account has been accessed from Russia since the 21st of December. I live in Croatia and have never been to Russia. Can I do anything else? Thank you.

Valve has that information too, since you know you got it from their system.
#1
Steppenwolf Jan 5, 2022 @ 7:59am 
Originally posted by Snakub Plissken:
Originally posted by Steppenwolf:

My question is do I have to do anything else, or is my account now safe?

If you've properly secured it, yes. If you haven't, then no.

Which one do you believe you've done?



Well I am asking if I need to do anything more? Or is this enough?
#2
nullable Jan 5, 2022 @ 8:09am 
Originally posted by Steppenwolf:
Originally posted by Snakub Plissken:

If you've properly secured it, yes. If you haven't, then no.

Which one do you believe you've done?



Well I am asking if I need to do anything more? Or is this enough?

Sure.

Although my advice also would be to set up a proper password manager and make sure you have that new email address stored in it, your Steam account credentials, steam recovery codes, and other important data/notes.

The big problem people have is when they lose their accounts they've got nothing which makes account recovery more difficult and time consuming. It sounds like you got off easier than some folks do, so you may not be keen to go the whole nine yards. But this close call is definitely an opportunity to get everything in order moving forward.
Last edited by nullable; Jan 5, 2022 @ 8:09am
#3
wuddih Jan 5, 2022 @ 8:11am 
just to comment on account security after you have been evidently compromised

Please do the following steps in order:
  1. Scan for malware (with whatever)
  2. Deauthorize all other devices
  3. Generate new backup codes
  4. Change your Steam account password, preferably from a known safe device.
  5. Revoke API key

if nothing else was compromised, like your email, then your Steam account should ok after that.
#4
ShelLuser Jan 5, 2022 @ 8:20am 
Originally posted by Steppenwolf:
Now this it where it gets kind of weird. My acc got phished or kind of hijacked. But not in an obvious manner. Whoever did this did not lock me out or change my passwords. He/she also managed to I guess bypass my steam guard and 2FA.
No, as you said yourself you got phished. You logged into a website thinking that you were using Steam but instead you gave your credentials away, including the 2FA code. That made it possible for the attackers to take over.

It's not uncommon for them not to act right away. Sometimes it takes weeks or months before something happens, sometimes they'll simply use your account to lure others, stuff like that.

Originally posted by Steppenwolf:
My question is do I have to do anything else, or is my account now safe?
Sounds about right. The most important part is the API key since that's what they used to gain access. Changing your password is also a good thing, but the risk factor is not that high because they can't easily retrieve it, only optionally change it (which is why changing it yourself is a good idea).

Originally posted by Steppenwolf:
Now I cannot warn them what happened. What should I do if my acc gets reported?
You'll have to wait it out.

"I got phished" is not a valid excuse because account security is always your own responsibility, so if the attackers broke any rules and others reported your account then there's definitely a chance that action could be taken.

I don't think Steam support is going to ban your account "just like that" but if the attackers also spammed certain fora and such then there is a chance your account got banned from those places; that'll be hard to reverse.

Originally posted by Steppenwolf:
I have screenshots of the messages to prove I got phished (am a victim) myself.
That's not considered proof and therefor useless. Problem is that screenshots can be faked, it happens all the time. People even get scammed through the abuse of fake screenshots so... yah, not going to fly.

Basically best you can do is wait and sit it out, though I don't think much will come from this.


And... of course... don't blindly log into 3rd party websites anymore while using your Steam account. As a rule of thumb: as long as you're logged onto the Steam website (so... you can post messages like these) then every website which asks for a username & password is a fake. Doesn't matter how famous or "reliable" they may claim to be... as soon as this applies you can be certain that they're trying to scam you.
#5
Steppenwolf Jan 5, 2022 @ 9:50am 
Originally posted by Snakub Plissken:
Originally posted by Steppenwolf:



Well I am asking if I need to do anything more? Or is this enough?

Sure.

Although my advice also would be to set up a proper password manager and make sure you have that new email address stored in it, your Steam account credentials, steam recovery codes, and other important data/notes.

The big problem people have is when they lose their accounts they've got nothing which makes account recovery more difficult and time consuming. It sounds like you got off easier than some folks do, so you may not be keen to go the whole nine yards. But this close call is definitely an opportunity to get everything in order moving forward.

Can you recommend a good password manager?
#6
Steppenwolf Jan 5, 2022 @ 9:51am 
Originally posted by ShelLuser:
Originally posted by Steppenwolf:
Now this it where it gets kind of weird. My acc got phished or kind of hijacked. But not in an obvious manner. Whoever did this did not lock me out or change my passwords. He/she also managed to I guess bypass my steam guard and 2FA.
No, as you said yourself you got phished. You logged into a website thinking that you were using Steam but instead you gave your credentials away, including the 2FA code. That made it possible for the attackers to take over.

It's not uncommon for them not to act right away. Sometimes it takes weeks or months before something happens, sometimes they'll simply use your account to lure others, stuff like that.

Originally posted by Steppenwolf:
My question is do I have to do anything else, or is my account now safe?
Sounds about right. The most important part is the API key since that's what they used to gain access. Changing your password is also a good thing, but the risk factor is not that high because they can't easily retrieve it, only optionally change it (which is why changing it yourself is a good idea).

Originally posted by Steppenwolf:
Now I cannot warn them what happened. What should I do if my acc gets reported?
You'll have to wait it out.

"I got phished" is not a valid excuse because account security is always your own responsibility, so if the attackers broke any rules and others reported your account then there's definitely a chance that action could be taken.

I don't think Steam support is going to ban your account "just like that" but if the attackers also spammed certain fora and such then there is a chance your account got banned from those places; that'll be hard to reverse.

Originally posted by Steppenwolf:
I have screenshots of the messages to prove I got phished (am a victim) myself.
That's not considered proof and therefor useless. Problem is that screenshots can be faked, it happens all the time. People even get scammed through the abuse of fake screenshots so... yah, not going to fly.

Basically best you can do is wait and sit it out, though I don't think much will come from this.


And... of course... don't blindly log into 3rd party websites anymore while using your Steam account. As a rule of thumb: as long as you're logged onto the Steam website (so... you can post messages like these) then every website which asks for a username & password is a fake. Doesn't matter how famous or "reliable" they may claim to be... as soon as this applies you can be certain that they're trying to scam you.


I know that screenshots by themselves are not proof as is.

The screenshots I took are from steam data or whatever it is called on the support page where I saw the login history (those log-ins from Russia) and chat history (So I found out how many people got contacted) even though the person removed all my friends. So I knew which people to try and warn.

As far as I am aware the Steam guys could check and see this themselves if I get reported right now. So they can hopefully gather that as evidence themselves.

However, I don't know how long/far does this "history" page go/last. I can scroll through my log in data forever, so I believe that will be fine. But my chat history only went as far as 19th of December. So I took the screenshots of these chat messages if later down the line they will be removed from my chat history cuz I will have new messages. I don't know if they are removed just on my end so I cannot see them, but the support crew can. Or are they deleted forever.

Also, can you please clarify what did you mean by get banned on certain places?
#7
ShelLuser Jan 5, 2022 @ 10:36am 
Originally posted by Steppenwolf:
Also, can you please clarify what did you mean by get banned on certain places?
I'm referring to game hubs and games. If the attacker(s) abused your account to misbehave in one of the game hubs then you could end up getting banned from there. Or if they misbehaved in certain online games then that too could result in a ban from that game.
#8
Steppenwolf Jan 5, 2022 @ 10:59am 
Fortunately that has not happened. Everytime he/she logged in they were only on my acc for about 20-30 minutes. Just so they could send these message to someone on my friend list. I don't have any activity on my recent games and I don't even play stuff where I could get easily banned. Except for maybe Halo. But that hasn't been touched.
#9
Muppet among Puppets Jan 7, 2022 @ 6:08am 
Originally posted by Steppenwolf:

Can you recommend a good password manager?
Keepass. Written like that. Find it by reading in reputated computer magazines.

Make settings. You can adjust it to circumstances.
Keep backups of the small encrypted file that will be your password container.
#10
< >
Showing 1-10 of 10 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details
Date Posted: Jan 5, 2022 @ 7:44am
Posts: 10
Start a New Discussion

Discussions Rules and Guidelines