Just lost < $500 to a scammer using a TeamSpeak server + an error message.

Összes téma > Steam fórumok > Help and Tips > Téma részletei

Ez a téma zárolásra került

azwethinkweiz 2017. ápr. 15., 17:39

Just lost < $500 to a scammer using a TeamSpeak server + an error message.

Title pretty much sums up my grief.
I thought something seemed off, but my trustworthy inner dumbass allowed myself to install this patch for "teamspeak."

User added me to invite me to competitive play, which I don't even play but whatever.
Wants me to use teamspeak so we can play efficiently, whatever.
I dont use it personally, so I was ignorant, and listened to the scammer.

My steam account dropped offline, and was completely replaced with a fake steam, a trojan at that. 14 different threats detected in the file system so far. (scanning as I type)

[Trojan.FakeSteam.Gen] x14

Next my steam guard was completely useless, the phone authentication didn't do anything to help me, nor did my email. Both of those would not let me sign in.

Now that I've spent 15 minutes with the wonderful steam support, all of my items in TF2 are just plain gone. Wiped from existence.

Now I also have to reinstall steam, and hope the damage doesn't continue, or is any more severe.

And to hell with you Valve, you don't have control over the hackers.

I thought the phone authentication made it harder for scammers.
Instead it just wasted MORE of my time.

I think I'm done.

User's name was - at the time.

Legutóbb szerkesztette: Spawn of Totoro; 2017. ápr. 15., 20:40

< >

106–120/151 megjegyzés mutatása

Muppet among Puppets 2017. ápr. 16., 15:22

Spawn Of Totoro eredeti hozzászólása:
Muppet among Puppets eredeti hozzászólása:
Trade hold for thiefs was bypassed

No, it was not bypassed as the user provided the codes to do it.

There shouldnt be codes to circumvent trade holds. Its that simple.

#106

RHYMIN SIMON 2017. ápr. 16., 15:23

Prick eredeti hozzászólása:
install this patch for "teamspeak." <---- Keylogger

And to hell with you Valve, you don't have control over the hackers

its your own fault.. dont click any links

dont blame valve for you own stupidy

Legutóbb szerkesztette: RHYMIN SIMON; 2017. ápr. 16., 15:24

#107

Spawn of Totoro 2017. ápr. 16., 15:34

Muppet among Puppets eredeti hozzászólása:
It doesnt matter so much how it happens,
important is that it does happen.

And they make use of it.

People feel safe, adding extra a phone as authenticator, then they login twice, and all is gone.

The irony is, without having auth activated the items would be protected by trade hold.

People do so in order to trade faster.

Someone falling for phishing is out of Valve's hands. Social engineering always makes us of people's complacency, greed and laziness.

Not falling for a phishing scam would have been good. Taking some time to read and think instead of recacting to the situation is alwasy the best solution. Never think any form of security is 100% or foolproof as there is always a way around it.

I have always though that removal of trading it's self would be for the best and would stop all these issue from happening and gone far to secure our accounts.

Muppet among Puppets eredeti hozzászólása:
Spawn Of Totoro eredeti hozzászólása:

No, it was not bypassed as the user provided the codes to do it.
There shouldnt be codes to circumvent trade holds. Its that simple.

Again, there was no circumventing. The user provided the information needed.

Legutóbb szerkesztette: Spawn of Totoro; 2017. ápr. 16., 15:35

#108

Muppet among Puppets 2017. ápr. 16., 15:40

Its strange how you say the same things as before steam auth was introduced.

If infection of your computer is still enough to get by that 2 way protection, and especially getting by trade holds instantly, why do we actually have it?

Simply giving 15 day trade hold for phone number change would solve this.

#109

Teksura 2017. ápr. 16., 15:54

Oh for goodness sake.

Totoro, Muppet is saying that simply using the SMS recovery code to put the authenticator on a different phone should trigger a 15 day trade cooldown, and argues that a forced cooldown after using the recovery code that the OP provided to the phiser may have done some good here.

Muppet, Totoro is saying that an infection on your computer isn't enough to get by 2 factor protection, it requires the user to willingly give up critical security information- which no amount of security can protect against. Sort of like how the keys to your car don't stop people from stealing it if you hand them to the thief.

Legutóbb szerkesztette: Teksura; 2017. ápr. 16., 15:55

#110

PsydeFX 2017. ápr. 16., 15:56

Well, no matter how we define it, Sma isn't protecting anyone new. The same types of people able to be punished with ease are still being punished with ease. It's still not protecting their inventory, not stopping spam bots, nothing. but we remember the megathread, so I won't go any further into that.

There should be a 15 day hold on device switch through recovery. That it's not renders it useless because the device isn't needed, just the same silly users as before.

#111

Muppet among Puppets 2017. ápr. 16., 16:08

Teksura eredeti hozzászólása:
Sort of like how the keys to your car don't stop people from stealing it if you hand them to the thief.

Only if it happens by just trying to get in your car yourself. Twice.

#112

Teksura 2017. ápr. 16., 16:28

Muppet among Puppets eredeti hozzászólása:
Teksura eredeti hozzászólása:
Sort of like how the keys to your car don't stop people from stealing it if you hand them to the thief.
Only if it happens by just trying to get in your car yourself. Twice.

Actually according to the OP, they realized they had just downloaded a malicious program when it suddenly hijacked their system and appeared to kick them off their Steam account. At which point they started trying to regain access... From the infected computer... By providing it the infected computer with critical security information. I'll say it again, the critical security information was entered on the infected computer, which was known to be infected. Instead of doing a much more senable thing like cleaning the computer off first, or trying to access from a clean system.

So "trying to get in your car" isn't a good analogy. A better analogy is like "Trying to get into your car by handing the keys to a bunch of thugs who you see are trying to break into your car, and asking them nicely to please unlock the door for you."

Legutóbb szerkesztette: Teksura; 2017. ápr. 16., 16:31

#113

PsydeFX 2017. ápr. 16., 16:36

Teksura eredeti hozzászólása:
Muppet among Puppets eredeti hozzászólása:
Only if it happens by just trying to get in your car yourself. Twice.
Actually according to the OP, they realized they had just downloaded a malicious program when it suddenly hijacked their system and appeared to kick them off their Steam account. At which point they started trying to regain access... From the infected computer... By providing it the infected computer with critical security information. I'll say it again, the critical security information was entered on the infected computer, which was known to be infected. Instead of doing a much more senable thing like cleaning the computer off first, or trying to access from a clean system.

So "trying to get in your car" isn't a good analogy. A better analogy is like "Trying to get into your car by handing the keys to a bunch of thugs who you see are trying to break into your car, and asking them nicely to please unlock the door for you."

No, OP was suddenly disconnected from steam, and he then tried to get into the account. It wasn't until two failed attempts and him checking his email that he realized.

#114

Teksura 2017. ápr. 16., 16:41

PsydeFX eredeti hozzászólása:
Teksura eredeti hozzászólása:
Actually according to the OP, they realized they had just downloaded a malicious program when it suddenly hijacked their system and appeared to kick them off their Steam account. At which point they started trying to regain access... From the infected computer... By providing it the infected computer with critical security information. I'll say it again, the critical security information was entered on the infected computer, which was known to be infected. Instead of doing a much more senable thing like cleaning the computer off first, or trying to access from a clean system.

So "trying to get in your car" isn't a good analogy. A better analogy is like "Trying to get into your car by handing the keys to a bunch of thugs who you see are trying to break into your car, and asking them nicely to please unlock the door for you."
No, OP was suddenly disconnected from steam, and he then tried to get into the account. It wasn't until two failed attempts and him checking his email that he realized.

I think the OP knows what they were thinking and feeling better than you do, and so I choose to discard your opinion on what they felt in favor of believing the much more creditable comments from the OP themself. The OP said very clearly they realized something was wrong and paniced. You may want to read what they said. They installed the virus, and paniced when it started screwing with Steam, prompting a login. The panic is before their attempts to login, before feeding the infected system the security information.

Legutóbb szerkesztette: Teksura; 2017. ápr. 16., 16:47

#115

PsydeFX 2017. ápr. 16., 16:47

He said he paniced when steam crashed, that doesn't mean he paniced because he knew he just got hijacked.

But we can argue semantics and be rude to each other all we want, won't change the fact that there needs to be a 15 day hold on device change. There's a hold for everything else, new PC, new browser, new OS, but not for a new device, which is the MOST CRUCIAL peice of the whole security...

It's kinda useless without it...

#116

Teksura 2017. ápr. 16., 16:51

PsydeFX eredeti hozzászólása:
He said he paniced when steam crashed, that doesn't mean he paniced because he knew he just got hijacked.

Have you ever paniced when a program logs you out? How about when it just sort of crashes? Panic is not the normal responce to a mere program crash (unless you have a lot of unsaved data, which isn't an issue on Steam). Casually cursing at the stupid program and restarting it is. I'm curious why you think it is typical to fall into a panic every time a program crashes.

#117

PsydeFX 2017. ápr. 16., 16:55

I refuse to argue semantics.

The point is, there is a 15 day hold for just about any change you can make, except for the MOST CRUCIAL part of the security. With that type of flaw, SMA is useless for it's intentions.

The same type of person likely to click on a phishing link is the same exact person who would give away their credentials. If all it takes to get to the inventory is trying to log in, then who's inventory exactly is SMA protecting? Because it definitely isn't the inventory of those who don't fall for the phishing links, as we're not the ones losing our inventories...

Without the 15 day hold on device change, SMA is as useless as email confirmation was.

#118

Teksura 2017. ápr. 16., 16:58

PsydeFX eredeti hozzászólása:
I refuse to argue semantics.

That's literally all you have been doing in your past 3 posts, but if you're going to stop and go back to repeating something I've already said in this thread, that's fine. thank you for putting an end to it. It was getting silly.

These sorts of discussions will never go anywhere if people refuse to put any accountability on poor decisions made by the user. No amount of security can protect against poor decisions made by the user. We've already talked about things that could potentially improve the security, but again, poor decisions on the part of the user are also at fault.

Legutóbb szerkesztette: Teksura; 2017. ápr. 16., 17:03

#119

PsydeFX 2017. ápr. 16., 17:05

Teksura eredeti hozzászólása:
PsydeFX eredeti hozzászólása:
I refuse to argue semantics.
That's literally all you have been doing in your past 3 posts, but if you're going to stop and go back to repeating something I've already said in this thread, that's fine. thank you for putting an end to it. It was getting silly.

No, you just need to realize that there is a difference between perception of the words. there are 3 main types of semantics that only the OP can clear up. You're cherry picking my posts to completely ignore and distract from the point (that I've repeated in all 3 of my prior posts).

SMA is intented to protect your inventory by removing it to the device's control and away from the PC side to be completed. If you can give your entire account away through the PC, and then the hijacker can then take control of what device the SMA is on through the pc without the 15 day cool down, then what exactly is SMA protecting from? It's clearly not the moving of items as the MOST CRUCIAL part of the security can be changed and used instantly.

Without the 15 day cool down, it's just as innefective at keeping items secure as it was BEFORE SMA. THAT is the point. Argue what else you want.

#120

< >

106–120/151 megjegyzés mutatása

Laponként: 1530 50

Összes téma > Steam fórumok > Help and Tips > Téma részletei

Közzétéve: 2017. ápr. 15., 17:39

Hozzászólások: 151

Új téma nyitása

Hozzászólási szabályok és irányelvek

Hozzászólás jelentése