Originally posted by henry.bethell2014:

I was not sure if it was legitimate or not, so I sent the link to my friend to discuss it. He told me it is a scam and that he accidentally clicked the link. He isn't joking, and I am worried whether it will affect my account that he clicked the link.

Just in case...

All steps...

Scan for malware. https://www.malwarebytes.com/ or with whatever.

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

Originally posted by cSg|mc-Hotsauce:

Originally posted by henry.bethell2014:

I was not sure if it was legitimate or not, so I sent the link to my friend to discuss it. He told me it is a scam and that he accidentally clicked the link. He isn't joking, and I am worried whether it will affect my account that he clicked the link.

Just in case...

All steps...

Scan for malware. https://www.malwarebytes.com/ or with whatever.

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

:winterbunny2023:

is there a official steam process...

where does this come from...

should customers be doing steam security when we have paid mods now...

What happens if other people click on a phishing link that they sent me? Will it affect my account?

To each their own, kind of.

For starters, phishing links always require active participation by the victim nowadays -- whether it's confirming an action or not having updated their browser so it has old security problems.

Steam, additionally, requires suitable authentication for anything that affects an account -- so just sending a link to a third party, even if it's specifically targeted for your account, isn't going to do anything to you unless THEY can authorize the action for YOUR account.

In most cases, a phishing link isn't even targeting an account -- they are targeting a person. As an example, if they were sending you a link pointing to YOUR inventory, how would that make you do anything? Phishing works along the lines of "log into your account here to receive $100 wallet credit!". So everyone gets that same link anyway.

It also depends on where the link goes to. More advanced phishing tracks click interaction separate from execution. With this I mean a phishing link might lead to a phishing page instead of a direct script execution. And a page can contain a lot of tracking methods. This collected information can be sold to other parties as potential gullible for scams.

Now if you send that link to another one there might be a history build up about the click interaction that shows you send it to someone else. That makes you valuable target because you are seen as willingly spreading the phishing further.

It is by this principle mail chains were such a problem in the past.


Can it lend you in hot water potentially but only limited liability is possible if it causes damage and it is by malice or sheer lack of regard of security. But it will not lead to a specific account action unless you shared it through someone else there platform and they see it as breach of ToS.

Originally posted by ragefifty50:

Originally posted by cSg|mc-Hotsauce:

Just in case...

All steps...

Scan for malware. https://www.malwarebytes.com/ or with whatever.

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

is there a official steam process...

where does this come from...

should customers be doing steam security when we have paid mods now...

This is a working way to clean your account in case it is compromised. And if people actually paid attention to security this wouldn't be necessary as there's no way someone gets in their account.

When someone got in their account THEY already were sloppy with security. Steam can't magically prevent people from giving their account information away.

It's not just pishing. There may be also other dangers. It can also work in such a way that a user opens a page, this page opens another page, which in turn opens another page (redirect chain (Google, for example, has been infested with such sites for a long time.)), download some nasty stuff (so called drive by downloads) and inizialized file execution automaticilly. Even if it is only trackers that are initialized. Security settings should therefore have a certain minimum.

That's why it's important to keep the system up-to-date, although it can avoid most dangers by disable Javascript. If someone is unsure, don't click on anything or do some research first.

What is annoying about Steam chat is that if you want to copy some stuff, you sometimes click on it by mistake. The filter there is inconsistent.

Originally posted by Unn4m3d (♥AUT♥):

Originally posted by ragefifty50:

is there a official steam process...

where does this come from...

should customers be doing steam security when we have paid mods now...

This is a working way to clean your account in case it is compromised. And if people actually paid attention to security this wouldn't be necessary as there's no way someone gets in their account.

When someone got in their account THEY already were sloppy with security. Steam can't magically prevent people from giving their account information away.

ok..


but where is the official steam way....

why are customers doing steams job...

steam pay people to do this stuff....

where are they...

Originally posted by ragefifty50:

Originally posted by cSg|mc-Hotsauce:

Just in case...

All steps...

Scan for malware. https://www.malwarebytes.com/ or with whatever.

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key (this should be empty) https://steamcommunity.com/dev/apikey

:winterbunny2023:

is there a official steam process...

where does this come from...

should customers be doing steam security when we have paid mods now...

Uhhhhhhh

"NEVER click unknown links from untrusted sources."

https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

Paid mods cannot protect you from yourself, nor can Valve.

Originally posted by ragefifty50:

Originally posted by Unn4m3d (♥AUT♥):

This is a working way to clean your account in case it is compromised. And if people actually paid attention to security this wouldn't be necessary as there's no way someone gets in their account.

When someone got in their account THEY already were sloppy with security. Steam can't magically prevent people from giving their account information away.

ok..


but where is the official steam way....

why are customers doing steams job...

steam pay people to do this stuff....

where are they...

Noone is paid to tell you how to protect your account with basic internet safety and security. Do you open random junk emails and click links? I hope not.

Originally posted by C²C^Guyver |NZB|:

Originally posted by ragefifty50:

is there a official steam process...

where does this come from...

should customers be doing steam security when we have paid mods now...

Uhhhhhhh

"NEVER click unknown links from untrusted sources."

https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

Paid mods cannot protect you from yourself, nor can Valve.

Originally posted by ragefifty50:

ok..


but where is the official steam way....

why are customers doing steams job...

steam pay people to do this stuff....

where are they...

Noone is paid to tell you how to protect your account with basic internet safety and security. Do you open random junk emails and click links? I hope not.

i think you missing the point....

where is the steam official process...

we are customers telling people to click on links....

why isnt steam intercepting these posts
and providing the correct official details...

i could post any link and say its about account recovery...

There is no official process because support will do this stuff when a user recovers their account through support.

Originally posted by cSg|mc-Hotsauce:

There is no official process because support will do this stuff when a user recovers their account through support.

:winterbunny2023:

so if we dont post these links... who aint doing their job....

Originally posted by ragefifty50:

i think you missing the point....

where is the steam official process...

we are customers telling people to click on links....

why isnt steam intercepting these posts
and providing the correct official details...

i could post any link and say its about account recovery...

Because those resources are really really lacking.
https://help.steampowered.com/en/wizard/HelpWithAccountStolen


And yes anyone can pretend something is helpful it is up to the user to apply healthy skepticism and do there own research. When I see a link that is the same domain as the one I am already on than I am not going to question it. When I see a outside link mentioned I will type it in a search engine and see what comes up.

It would behoove Valve to update there documentation but as long as that is not going to happen rather take advice from a stranger and apply skepticism than follow incomplete instructions from the source itself.

Originally posted by m662:

Originally posted by ragefifty50:

i think you missing the point....

where is the steam official process...

we are customers telling people to click on links....

why isnt steam intercepting these posts
and providing the correct official details...

i could post any link and say its about account recovery...

Because those resources are really really lacking.
https://help.steampowered.com/en/wizard/HelpWithAccountStolen


And yes anyone can pretend something is helpful it is up to the user to apply healthy skepticism and do there own research. When I see a link that is the same domain as the one I am already on than I am not going to question it. When I see a outside link mentioned I will type it in a search engine and see what comes up.

It would behoove Valve to update there documentation but as long as that is not going to happen rather take advice from a stranger and apply skepticism than follow incomplete instructions from the source itself.

exactly...

thanks

Valve wants users to contact support and support will take care of it.

We users would like the hijacked user to do it all themselves, leaving support to do other stuff and giving users a way to self help themselves if support takes to long to respond.

Depends on if he uses that report button or not!