All Discussions > Steam Forums > Help and Tips > Topic Details
This topic has been locked
azwethinkweiz Apr 15, 2017 @ 5:39pm
Just lost < $500 to a scammer using a TeamSpeak server + an error message.
Title pretty much sums up my grief.
I thought something seemed off, but my trustworthy inner dumbass allowed myself to install this patch for "teamspeak."

User added me to invite me to competitive play, which I don't even play but whatever.
Wants me to use teamspeak so we can play efficiently, whatever.
I dont use it personally, so I was ignorant, and listened to the scammer.

My steam account dropped offline, and was completely replaced with a fake steam, a trojan at that. 14 different threats detected in the file system so far. (scanning as I type)

[Trojan.FakeSteam.Gen] x14

Next my steam guard was completely useless, the phone authentication didn't do anything to help me, nor did my email. Both of those would not let me sign in.

Now that I've spent 15 minutes with the wonderful steam support, all of my items in TF2 are just plain gone. Wiped from existence.

Now I also have to reinstall steam, and hope the damage doesn't continue, or is any more severe.

And to hell with you Valve, you don't have control over the hackers.

I thought the phone authentication made it harder for scammers.
Instead it just wasted MORE of my time.

I think I'm done.

User's name was - at the time.
Last edited by Spawn of Totoro; Apr 15, 2017 @ 8:40pm
< >
Showing 61-75 of 151 comments
azwethinkweiz Apr 16, 2017 @ 11:04am 
Thank you for your time Muppet, you've been a gentleman.
And those of you other users who have been courteous enough, thank you as well.

I've sent a help request to steam support under the section for steam guard.
I'll post here if anything intersting ever happens.
#61
Muppet among Puppets Apr 16, 2017 @ 11:10am 
It wasnt easy to get to it with earlier cases.
One time the usual replies and discussions about "your fault" distracted it,
the next time the affected person wasnt that helpfull.

And i couldnt find how they do it to prove that it can happen.
This time there was evidence THAT they do it.
#62
Washell Apr 16, 2017 @ 11:16am 
Originally posted by Prick:
maybe they will figure out a new way to keep peoples items from getting drained even if you are hijacked.
When you let malicious software on your PC, Valve is powerless. Anything they do to stop the software, also stops you as the user, because the malicious software is operating on the same level as you.

You shouldn't click links supplied to you by chat, e-mail or otherwise. Open a browser, and type the url to the site (teamspeak, your bank, your e-mail, whatever) yourself. At this stage, most government and financial organisations I deal with don't even include links any more, and explicitly give the same warning. Sorry you had to learn this the hard way.
#63
PsydeFX Apr 16, 2017 @ 11:21am 
Originally posted by Washell:
Originally posted by Prick:
maybe they will figure out a new way to keep peoples items from getting drained even if you are hijacked.
When you let malicious software on your PC, Valve is powerless. Anything they do to stop the software, also stops you as the user, because the malicious software is operating on the same level as you.

You shouldn't click links supplied to you by chat, e-mail or otherwise. Open a browser, and type the url to the site (teamspeak, your bank, your e-mail, whatever) yourself. At this stage, most government and financial organisations I deal with don't even include links any more, and explicitly give the same warning. Sorry you had to learn this the hard way.
All this he knows, he explained why he fell for it. But it doesn't change the fact that hijackers have seemingly found a way to circumvent sma, so then, what is the point of sma being mandatory. At this rate, it's no better than email confirmations, and the 15 day hold is useless.
#64
Muppet among Puppets Apr 16, 2017 @ 11:24am 
In this moment as seen here, its not a protection but a tool for the perfect crime.
#65
Tito Shivan Apr 16, 2017 @ 11:27am 
Originally posted by PsydeFX:
All this he knows, he explained why he fell for it. But it doesn't change the fact that hijackers have seemingly found a way to circumvent sma, so then, what is the point of sma being mandatory. At this rate, it's no better than email confirmations, and the 15 day hold is useless.
They're not circumventing SMA. They're tricking users into sending the recovery codes SMS to change the authenticator to the thieves phone.
Good old social engineering.
#66
PsydeFX Apr 16, 2017 @ 11:28am 
Originally posted by Muppet among Puppets:
In this moment as seen here, its not a protection but a tool for the perfect crime.
Exactly, and has been my #1 concern since day 1 of it becoming mandatory. I forsaw it coming, these hijackers are extremely innovative.

I just hope that the OP has been 100% honest, and that valve takes steps NOW to fix this problem because I have been forced to use SMA to be able to effectivly trade or market items, Then Valve needs to be sure it's always working as intended, and not a needless, useless hurdle.
#67
PsydeFX Apr 16, 2017 @ 11:28am 
Originally posted by Tito Shivan:
Originally posted by PsydeFX:
All this he knows, he explained why he fell for it. But it doesn't change the fact that hijackers have seemingly found a way to circumvent sma, so then, what is the point of sma being mandatory. At this rate, it's no better than email confirmations, and the 15 day hold is useless.
They're not circumventing SMA. They're tricking users into sending the recovery codes SMS to change the authenticator to the thieves phone.
Good old social engineering.
But how are trades instant?
#68
Muppet among Puppets Apr 16, 2017 @ 11:29am 
Originally posted by Tito Shivan:
Originally posted by PsydeFX:
All this he knows, he explained why he fell for it. But it doesn't change the fact that hijackers have seemingly found a way to circumvent sma, so then, what is the point of sma being mandatory. At this rate, it's no better than email confirmations, and the 15 day hold is useless.
They're not circumventing SMA. They're tricking users into sending the recovery codes SMS to change the authenticator to the thieves phone.
Good old social engineering.
A trade cant happen by description if auth is changed. For 15 days. Look at the time stamps, to see the problem.
#69
Teksura Apr 16, 2017 @ 11:32am 
Originally posted by PsydeFX:
Originally posted by Muppet among Puppets:
In this moment as seen here, its not a protection but a tool for the perfect crime.
Exactly, and has been my #1 concern since day 1 of it becoming mandatory. I forsaw it coming, these hijackers are extremely innovative.

I just hope that the OP has been 100% honest, and that valve takes steps NOW to fix this problem because I have been forced to use SMA to be able to effectivly trade or market items, Then Valve needs to be sure it's always working as intended, and not a needless, useless hurdle.
Question:
What exactly can Valve do to stop people from simply giving their security info to hijackers like this?
#70
Muppet among Puppets Apr 16, 2017 @ 11:35am 
Originally posted by Teksura:
Question:
What exactly can Valve do to stop people from simply giving their security info to hijackers like this?
Well, they can invent an app that is required to agree to trades, or make a 15 days coold down when the app gets removed.....
Like they did for exact this scenario.....
But something isnt working right
#71
PsydeFX Apr 16, 2017 @ 11:40am 
Originally posted by Teksura:
Originally posted by PsydeFX:
Exactly, and has been my #1 concern since day 1 of it becoming mandatory. I forsaw it coming, these hijackers are extremely innovative.

I just hope that the OP has been 100% honest, and that valve takes steps NOW to fix this problem because I have been forced to use SMA to be able to effectivly trade or market items, Then Valve needs to be sure it's always working as intended, and not a needless, useless hurdle.
Question:
What exactly can Valve do to stop people from simply giving their security info to hijackers like this?
They can't (no offense OP, just my saying) you can't fix stupid.

Stupid things happen, they always will. But my question is, what can valve do to stop hijackers? Either way it's and uphill battle with rollerblades on during an ice storm. They're not going to win no matter what they do. All SMA is for is to protect the users inventory. It is failing apparently, and THAT is the issue.

I'm not going to go off on why we have SMA, that's just going to derail the thread. What we need to get to the bottom of is HOW and WHY SMA is failing. All users in the last month with the teamspeak hijacking describe it in the same way, damn near exactly, and it's ending with the trades being instant

So, this is clear at least from what we know in this thread

1. Trades were instant AFTER SMA device change

2. User was not using emulators, so DEVICE and PC were not compromised at the same time.
#72
PsydeFX Apr 16, 2017 @ 11:44am 
Originally posted by Prick:
No emulator, I promise. Really wouldn't even know how to use it.
Now unless they installed one with the software and I don't know it...
I'm not sure how the email and trade timing is that significant.
His bot account sent me a trade request, and the program allowed him to accept it for me.

Originally posted by Prick:
conversation with scammer around 6:50-7:00
installation of fake steam around 7:05ish
panic ensues when steam crashes out, prompting me to login
7:06 is when the first email for steam guard recovery was received (An SMS code)
This was me trying to log back in to the fake steam
The next email was at 7:07 for "steam guard mobile device changed"
"You are now getting Steam Guard Mobile Authenticator codes on a new device.
If you did not perform this action, please follow the link below to lock your account and submit a request for assistance."
I must have not been paying attention to my emails.
But I'm also uncertain if this was me trying to remove it or not.
7:08 and 7:09 is when the trades occured without my knowledge.
At 7:15 I was regaining my account by changing my password through steam website via email.
After I had control I scanned my system and quarantined the 14 files and rebooted.
Then I had to reinstall steam and make a backup of my steam app files.
It wasn't until around 8pm that it was all over.
#73
Muppet among Puppets Apr 16, 2017 @ 11:47am 
Originally posted by Prick:
His bot account sent me a trade request
This might be important
Last edited by Muppet among Puppets; Apr 16, 2017 @ 11:48am
#74
Tito Shivan Apr 16, 2017 @ 11:48am 
Originally posted by Muppet among Puppets:
A trade cant happen by description if auth is changed. For 15 days. Look at the time stamps, to see the problem.
IIRC transferring the authenticator (through the recovery process, using the sms code from the registered phone) does not trigger cool downs.
#75
< >
Showing 61-75 of 151 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Apr 15, 2017 @ 5:39pm
Posts: 151
Start a New Discussion

Discussions Rules and Guidelines