All Discussions > Steam Forums > Steam Discussions > Topic Details
p1LL_b0x Apr 2, 2024 @ 6:03pm
Word of caution “friends” asking you to vote for there team in tournament CS2 account theft
I recently accepted a friend request from someone calling themself fosa but with other aliases. They asked to play a few games and seemed friendly. They asked me to vote for their team to get entry to A CS2 tournament i clicked the link they shared and it it asked me to connect to steam to validate. I used the app to scan the presented QR code and nothing happened so i left it that apologized and forgot about it. Today I received confirmation of a purchase for something I hadn’t bought something from DOTA for 3€ emptying my wallet, turns at it normally sells for 10cents. I then see my entire inventory has been given to someone. This person has a logi OG shigggan but no name to select so impossible ti report. I then look at connected devices and see a connection from russia. I disconnect report fosa and file a report for theft scamming but expect that my years of CSGO inventory are lost to the slippery fingered fosa and thier cronies.
Be aware and don’t be as stupid or trusting as I was. A glimmer of hope steam help with these issues but I’m not holdiing my breath.
Last edited by p1LL_b0x; Apr 2, 2024 @ 6:10pm
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by C²C^Guyver |NZB|:
https://help.steampowered.com/en/faqs/view/7958-1D76-CA26-7BB4

This is not a new scam.
< >
Showing 1-10 of 10 comments
The author of this thread has indicated that this post answers the original topic.
C²C^Guyver |NZB| Apr 2, 2024 @ 6:30pm 
https://help.steampowered.com/en/faqs/view/7958-1D76-CA26-7BB4

This is not a new scam.
#1
cSg|mc-Hotsauce Apr 2, 2024 @ 6:37pm 
Over a decade old scam.

:winterbunny2023:
#2
Chika Ogiue Apr 2, 2024 @ 10:50pm 
Originally posted by p1LL_b0x:
I was sure it wasn’t but a QR code scan shouldn’t bring such missery seems unsecure

All a QR code is, is a representation of data. That can be a link to anything, it can be a text string. There is no security in a QR code alone, just a way to hide a dodgy link from people.

There are apps out there that will read any QR code for you and tell you precisely what information that QR code is going to present or act on without letting it automatically do so (in the case of redirecting to a website, etc.).

It might be a good idea to make use of such an app in the future.

For example, the QR code for the Steam authenticator serves up a link looking like this:
s dot team / q / 1 / <string of numbers>

Which then resolves into: store dot steampowered dot com / about / qrlogin / 1 / <string of numbers>

If you scan an authenticator code for Steam that doesn't look like this, it's likely taking you a to a fake page.
Last edited by Chika Ogiue; Apr 2, 2024 @ 10:54pm
#3
ReBoot Apr 2, 2024 @ 11:01pm 
Originally posted by p1LL_b0x:
Thanks indeed a certain blind trust in QR codes, and that it can get the authenticator to authenticate is surprising
A QR code (here) is just an encoded URL and URLs have been potentially insecure for a couple decades now.
Last edited by ReBoot; Apr 2, 2024 @ 11:16pm
#4
HEXEN Apr 3, 2024 @ 4:28am 
Apologies for the seismic shift in your perception, but those solemn "words of caution" are about as effective as a "friendship service" among "the community".

It's ancient, it's common knowledge, and most importantly, it's entirely avoidable.

No, not everyone is susceptible to such ploys.

No, it's not a manifestation of the Dunning-Kruger effect.

Some folks simply aren't wired to be "hacked", duped by scams, or have their personal data "stolen".

Because if you exercise even a modicum of critical thinking, refrain from mindlessly clicking on dubious links, and safeguard your access credentials, then you're impervious to harm.
#5
Amaterasu Apr 3, 2024 @ 5:12am 
Originally posted by ᕭᑌᑎᕬ:
Apologies for the seismic shift in your perception, but those solemn "words of caution" are about as effective as a "friendship service" among "the community".

It's ancient, it's common knowledge, and most importantly, it's entirely avoidable.

No, not everyone is susceptible to such ploys.

No, it's not a manifestation of the Dunning-Kruger effect.

Some folks simply aren't wired to be "hacked", duped by scams, or have their personal data "stolen".

Because if you exercise even a modicum of critical thinking, refrain from mindlessly clicking on dubious links, and safeguard your access credentials, then you're impervious to harm.

It's one of the few benefits of not being able to trust anyone. If you think everyone secretly hates you and wants to do something bad to you, you end up being the worst possible mark for a scammer. :SpadeSmug:
#6
p1LL_b0x Apr 3, 2024 @ 6:09am 
Good point well made I meed new glasses!
#7
Defrinol Enjoyer May 18, 2024 @ 3:05pm 
This same fosa guy texted me. His messages are mostly the same and he repeats them when I asked him some questions to mess with him. If you have an authenticator then you are safe unless you enter the code that disables your Steam Authenticator. Just report him and move on.
#8
Coinkydink May 19, 2024 @ 8:29am 
This probably why there is problem with Russia.
#9
Noc May 19, 2024 @ 8:42am 
There is another version of this scam where steal accounts on any social media platform, and then pretend to be that person and ask for help with ABC and give you a link to click.
#10
< >
Showing 1-10 of 10 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details
Date Posted: Apr 2, 2024 @ 6:03pm
Posts: 10
Start a New Discussion

Discussions Rules and Guidelines