Originally posted by ✪elektraN.prO*DONT OPEN THE LINK:

my friend on my steam got a Invite to Mafia: The Old Country Playtest Access
DO NOT PRESS TO LOG IN OR NOTHING, ASK your firends and so on if thats really you have send this, and i have tell all of them not to go in to them or logg in and its not me!

If you have not sent these links yourself, someone else has access to your account.

Take the following steps to secure your account:

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

FOLLOW 1ST POSTER STEPS.

For those that don't know jack how it works on Steam.

Devs has 3 ways to give people early access.
A) They send it to your account there NO DMs for this period. You get email along with Steam alert pop up just like how someone send you a GIFT on Steam same way. If someone sending you link via DMs then you know it's a scam.

FYI Discord still allows people to spoof link text.
https://www.youtube.com/watch?v=299qX3ZjqKE

B) They offer KEYS not a link, KEYS you copy, and paste into redeem page on Steam itself.

C) They offer button on their store page to ask to get early access, and they approve it on their end, and it's automatically added to your library.


NO WHERE IN ANY OF THE 3 OPTIONS there a LINK that someone need give to you, and NO one should be CLICKING on random links from others FROM DMs PERIOD that claiming to be said site, or for something to try get you to login into anything.

https://www.youtube.com/watch?v=Cn2eG0cQaJU

Originally posted by Lilim:

Originally posted by ✪elektraN.prO*DONT OPEN THE LINK:

my friend on my steam got a Invite to Mafia: The Old Country Playtest Access
DO NOT PRESS TO LOG IN OR NOTHING, ASK your firends and so on if thats really you have send this, and i have tell all of them not to go in to them or logg in and its not me!

If you have not sent these links yourself, someone else has access to your account.

Take the following steps to secure your account:

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

-


-----

thanks, will try it, im so angry right now and dont know what the problem is have tell every one i know on my list its not me something have done this and send it to others

This has been a going on since the Deadlock playtest. Playtest invites are never sent through chat messages.

Just keep this in mind for future reference.

Just a heads up, there are also people in games such as CS2 sending you invites to a “tournament” with the promise of prizes and all you need to do is login via Steam on the tournament site.
However, when you press login via Steam, instead of actually opening the real popup to login via Steam it opens a fake popup that mimics a browser window but is just a form on that same site. It might fool people because it has an address bar with the actual Steam URL, but that’s just an input field with plain text on it.

I think Steam should just get rid of the login via Steam feature or implement a whitelist and you could only login to whitelisted sites from within the Steam client.

Originally posted by D.Alexandre:

Just a heads up, there are also people in games such as CS2 sending you invites to a “tournament” with the promise of prizes and all you need to do is login via Steam on the tournament site.
However, when you press login via Steam, instead of actually opening the real popup to login via Steam it opens a fake popup that mimics a browser window but is just a form on that same site. It might fool people because it has an address bar with the actual Steam URL, but that’s just an input field with plain text on it.

I think Steam should just get rid of the login via Steam feature or implement a whitelist and you could only login to whitelisted sites from within the Steam client.

Been a thing for over a decade.

"Scam: Join a Tournament" FAQ...

https://help.steampowered.com/en/faqs/view/4081-BACF-CA77-27F0

Originally posted by D.Alexandre:

Just a heads up, there are also people in games such as CS2 sending you invites to a “tournament” with the promise of prizes and all you need to do is login via Steam on the tournament site.
However, when you press login via Steam, instead of actually opening the real popup to login via Steam it opens a fake popup that mimics a browser window but is just a form on that same site. It might fool people because it has an address bar with the actual Steam URL, but that’s just an input field with plain text on it.

I think Steam should just get rid of the login via Steam feature or implement a whitelist and you could only login to whitelisted sites from within the Steam client.

Known scam for VERY long time.

Steam can't deny people from logging into their own accounts, and Steam WOULDN'T know if you actually decided to travel, asked someone to login at home, and login from somewhere else, maybe VPN/proxy, stuff like that. There nothing to whitelist because it's sending info directly via their device instead of yours, and receiving the login token on their Device, there NO Steam api being used at all for the login.

Go to Steamdb.info, when login in none of that is send, or shown to Steamdb.info at all, the only thing they got as CONFIRM you are the said person for account for Steam ID number that it, this is API system that used. Scammers don't use this at all for logins.

Originally posted by ✪elektraN.prO*DONT OPEN THE LINK:

Originally posted by Lilim:

If you have not sent these links yourself, someone else has access to your account.

Take the following steps to secure your account:

1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

-


-----

thanks, will try it, im so angry right now and dont know what the problem is have tell every one i know on my list its not me something have done this and send it to others

No need.

You are told this:

NEVER click unknown links from untrusted sources, and check links sent by your friends. Their account may be compromised!

https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

I also got a playtest invite. I'm so excited !

I took a screenshot and added it to my "scam collection" .

Some of my folks especially me actually fall in into it but I glad my irl friend bring up this post and technically step in to directly secure account for safety.

Thanks to whoever made this post.

I fell for it because it came from a friend of mine who actually works at 2K Games. Fortunately they weren't able to remove my Steam Guard but I still changed my password and went through all the steps listed in the first reply above.

Thank you so much for posting what to do if this happens to you, it really helps having all the links and instructions in one place like that!

Fell for this last night. Was glad I had the guard on or I'd of been completely screwed. Reset everything, from passwords, to the email, to deauthorizing all associated accounts. Sure enough, someone had set up another Steam Guard account linking back to Russia. Obliterated that instantly.

Don't be a moron like me and fall for this ♥♥♥♥. Ask around to friends and mutuals. This would've been so easily avoided if I didn't assume first, then find out later.

I clicked on the link in the chat, but then didn't click on accept and closed the window. Should I be worried?

Anybody: click on this link and input your Steam password.
Me: No.

It's that simple.

Originally posted by Mr. Sparkle:

I clicked on the link in the chat, but then didn't click on accept and closed the window. Should I be worried?

You don't have to be worried if you didn't enter your login details.

Originally posted by cSg|mc-Hotsauce:

This has been a going on since the Deadlock playtest. Playtest invites are never sent through chat messages.

I have a question!

Last year, during the Deadlock playtest, people were also inviting each other. Were these invites sent through chat?