Just lost < $500 to a scammer using a TeamSpeak server + an error message.

Todas as discussões > Fóruns Steam > Help and Tips > Detalhes do tópico

Este tópico foi trancado

azwethinkweiz 15/abr./2017 às 17:39

Just lost < $500 to a scammer using a TeamSpeak server + an error message.

Title pretty much sums up my grief.
I thought something seemed off, but my trustworthy inner dumbass allowed myself to install this patch for "teamspeak."

User added me to invite me to competitive play, which I don't even play but whatever.
Wants me to use teamspeak so we can play efficiently, whatever.
I dont use it personally, so I was ignorant, and listened to the scammer.

My steam account dropped offline, and was completely replaced with a fake steam, a trojan at that. 14 different threats detected in the file system so far. (scanning as I type)

[Trojan.FakeSteam.Gen] x14

Next my steam guard was completely useless, the phone authentication didn't do anything to help me, nor did my email. Both of those would not let me sign in.

Now that I've spent 15 minutes with the wonderful steam support, all of my items in TF2 are just plain gone. Wiped from existence.

Now I also have to reinstall steam, and hope the damage doesn't continue, or is any more severe.

And to hell with you Valve, you don't have control over the hackers.

I thought the phone authentication made it harder for scammers.
Instead it just wasted MORE of my time.

I think I'm done.

User's name was - at the time.

Última edição por Spawn of Totoro; 15/abr./2017 às 20:40

< >

Exibindo comentários 1–15 de 151

Narcoleptic Marshmallow 15/abr./2017 às 17:53

You clicked on a phishing link sent to you by a hijacker and provided them with your username password and steam guard code.

It's harsh, but not clicking links sent by strangers should be common knowledge by now.

azwethinkweiz 15/abr./2017 às 18:20

Yes I'm quite aware of that now thank you.
I just wish I wasn't so powerless in this situation.

Chompman 15/abr./2017 às 18:28

1. Do not name and shame.

2.If you give away all your account passwords and the authenticator like that what did you expect?

PsydeFX 15/abr./2017 às 19:38

One thing I keep hearing that's in common with all of these new teamspeak hijackings is that SMA is doing nothing to prevent the instant transfer of items.

What I'd like to know is how is THAT possible. We know how he lost his credentials, but where is the 15 day hold?

Narcoleptic Marshmallow 15/abr./2017 às 19:49

Escrito originalmente por PsydeFX:
One thing I keep hearing that's in common with all of these new teamspeak hijackings is that SMA is doing nothing to prevent the instant transfer of items.

What I'd like to know is how is THAT possible. We know how he lost his credentials, but where is the 15 day hold?

From what I've seen, the executable that is downloaded under the guise of TeamSpeak will show a fake login screen, that will ask you not only your Steam username and password, but also the code sent to phone, which is only asked after correctly inserting the username and password.

Steam Guard would have protected someone with your account and password from logging in, but if you give the code away, no amount of security is going to prevent this from happening.

Then, I imagine, the hijacker simply trades everything away to an account that also has the authenticator enabled, and the trade is concluded without a hold.

Spawn of Totoro 15/abr./2017 às 20:42

Escrito originalmente por Narcoleptic Marshmallow:
Then, I imagine, the hijacker simply trades everything away to an account that also has the authenticator enabled, and the trade is concluded without a hold.

Not possible. If they turned off the authenticator, then there would be a 15 day wait period. If they did not turn it off, then the user would have had to approve the trade.

In any situation, the trade would not have been instant or with out the ability to prevent.

Narcoleptic Marshmallow 15/abr./2017 às 20:53

Escrito originalmente por Spawn Of Totoro:
Escrito originalmente por Narcoleptic Marshmallow:
Then, I imagine, the hijacker simply trades everything away to an account that also has the authenticator enabled, and the trade is concluded without a hold.

Not possible. If they turned off the authenticator, then there would be a 15 day wait period. If they did not turn it off, then the user would have had to approve the trade.

In any situation, the trade would not have been instant or with out the ability to prevent.

Got it, that was a silly assumption from someone who typed without thinking.

In that case I have no idea how it's done.

Start_Running 15/abr./2017 às 20:53

So this Team Speak thing is making the rounds again.... wow...

azwethinkweiz 15/abr./2017 às 20:54

I didn't use any of my steam information though. I used my email address, but an iteration of a common password of mine. I'm not stupid enough to type in all that information. All it took was the open connection to my IP through teamspeak, plus the exe I opened to "patch" teamspeak. My account was drained in a heartbeat.

Spawn of Totoro 15/abr./2017 às 20:58

Escrito originalmente por Prick:
I didn't use any of my steam information though. I used my email address, but an iteration of a common password of mine. I'm not stupid enough to type in all that information. All it took was the open connection to my IP through teamspeak, plus the exe I opened to "patch" teamspeak. My account was drained in a heartbeat.

Not possible.

It could run a script localy, yes, and that could start the trade process, but there would still have been a 15 day wait or you would have had to accept the trade through your mobile device. The items would not have been traded with out one of those two happening.

Última edição por Spawn of Totoro; 15/abr./2017 às 20:58

#10

azwethinkweiz 15/abr./2017 às 20:59

See I tried to login to steam as soon as it crashed out. Then it was asking me for my mobile code, which was right in front of me, but did not work. Then it sent me a code to my SMS which also did not work. I was literally locked out of my own account until I reset my password through email, which also required me removing the authenticator from my phone.

#11

Spawn of Totoro 15/abr./2017 às 21:03

Escrito originalmente por Prick:
See I tried to login to steam as soon as it crashed out. Then it was asking me for my mobile code, which was right in front of me, but did not work. Then it sent me a code to my SMS which also did not work. I was literally locked out of my own account until I reset my password through email, which also required me removing the authenticator from my phone.

No, that shows you did give the infromation. All that was done through the fake program.

Even if you did remove the authenticator, there would have been a 15 day wait. There is no way to avoid that or having to confirm the trades, no matter what you do.

Remove authenticator? You have a 15 day wait for trades.

Have the authenticator? Then the trades need to be confirmed in order to go through.

#12

azwethinkweiz 15/abr./2017 às 21:06

I know how the authenticator works. But the codes from steam gaurd did not work when I tried to login. They also wiped my trade history, and made it impossible to follow the items. But I do have a trade left that shows all of my tradeable items being dumped into a level 0 account.

#13

Spawn of Totoro 15/abr./2017 às 21:07

Escrito originalmente por Prick:
I know how the authenticator works. But the codes from steam gaurd did not work when I tried to login. They also wiped my trade history, and made it impossible to follow the items. But I do have a trade left that shows all of my tradeable items being dumped into a level 0 account.

Trade history can not be wiped.

Unless 15 day has passed or you confirmed the trades, then the items would not have been traded.

#14