Alle diskusjoner > Steam-forum > Help and Tips > Emnedetaljer
LieutenantCommanderData-XGP 16. okt. 2019 kl. 6.09
Sign in attempted from China?
My cousin got this email that they try to sign in from china but he then change his password then about 2 days later it happen again so i went to my cousin house and install an antivirus and malewarebytes and i change his password for a very long one and then 2 days later it happen again!! i don't know what to do how do they get his password? i would think a key logger will be detected by those software he has 2 PC i was thinking about formating his old PC
i recently build a new PC for him
it's so annoying to see someone from china accessing his account
when i copy and paste the email from google translate this is what it says,

""" This email was generated because the computer with the address 111.170.105.227 (CN) tried to log in to your account. This address entered your correct account name and password when attempting to log in.

To complete the login, you will need a Steam token verification code. No one can access your account without accessing this email.

If you haven’t tried to sign in, please change your Steam password and consider changing your email password to keep your account secure.

If you're unable to access your account, you can use this account-specific rescue link to get assistance with assistance or to lock your account. """

any advice??
< >
Viser 114 av 14 kommentarer
Satoru 16. okt. 2019 kl. 6.20 
Have them stop reusing old passwords
#1
LieutenantCommanderData-XGP 16. okt. 2019 kl. 6.29 
but i did went to his house and change it for a very long one it's very strange it's a 27 Character long password that i made up and he still got that email

it's from Valve: Steam 客服 <noreply@steampowered.com>
#2
wuddih 16. okt. 2019 kl. 6.41 
Opprinnelig skrevet av LieutenantCommanderData-XGP:
it's from Valve: Steam 客服 <noreply@steampowered.com>
that is easy to fake, no indicator.

the account name is mentioned in the email

Dear <accountname>,

Here is the Steam Guard code you need t....

it is the exact same accountname as he is using?
Steam settings -> account -> account name

if not then he has another Steam account on that email(which is possible) and they acquired username and password from somewhere else.
let the email address run through https://haveibeenpwned.com/
#3
+Me™ 16. okt. 2019 kl. 6.52 
check this to see recent logins to your steam
https://help.steampowered.com/en/accountdata/SteamLoginHistory

if there are none from china, then it's a fake email
#4
cSg|mc-Hotsauce 16. okt. 2019 kl. 6.57 
Attempts don't show there.

:qr:
#5
LieutenantCommanderData-XGP 16. okt. 2019 kl. 7.39 
Opprinnelig skrevet av LieutenantCommanderData-XGP:

it's from Valve: Steam 客服 <noreply@steampowered.com>

but how do they have the same email as steam if it was a fake?

by the way i check his email if it got Pwn it has Pwned on
"" 4 breached sites and found no pastes""
1. Anti Public Combo List
2. Collection #1
3. Nexus Mods
4. Snail
---------------
but still i went to his house and change the password for my self that day and i get the verification email code and the ip address is fine it's were he lives and yet about the next day after tomorrow it happened again from china,

i'm gonna go to his house tomorrow change his Email address and his email password and steam password see if that helps or i'll make him a new Email instead :sage:
Sist redigert av LieutenantCommanderData-XGP; 16. okt. 2019 kl. 7.43
#6
Joke 16. okt. 2019 kl. 8.19 
The "From:" field on an email has no connection to where that email actually comes from. You can set it to whatever you want in your email client. However this looks pretty legitimate.
Does the " ...account-specific rescue link..." go to a steam domain?

Does your cousin use any external web sites (trading, give-aways, csgo, etc) where he can login using his steam credentials? Any of them can steal the username/password.

There is a list of actions to take if your account has been compromised:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
#7
wuddih 16. okt. 2019 kl. 8.23 
Opprinnelig skrevet av LieutenantCommanderData-XGP:
Opprinnelig skrevet av LieutenantCommanderData-XGP:

it's from Valve: Steam 客服 <noreply@steampowered.com>

but how do they have the same email as steam if it was a fake?
https://en.wikipedia.org/wiki/Email#Header_fields
the "From:" field does not have to be the real sender of the email message
you can manually set that to whatever you want. the knowledge required to do so is reading a step-by-step guide.

check for the account name. it is not a rare case that people have multiple accounts that they can't remember.
Sist redigert av wuddih; 16. okt. 2019 kl. 8.24
#8
LieutenantCommanderData-XGP 16. okt. 2019 kl. 9.11 
Opprinnelig skrevet av Joke:
The "From:" field on an email has no connection to where that email actually comes from. You can set it to whatever you want in your email client. However this looks pretty legitimate.
Does the " ...account-specific rescue link..." go to a steam domain?

yup i hover over the link it looks fine but in Chinese region the only deference
"" https://help.steampowered.com/zh-cn/wizard/HelpUnauthorizedLogin?stoken= "" it Continues on...

and here is the one i got from when i log on a new device:
"" https://help.steampowered.com/en/wizard/HelpUnauthorizedLogin?stoken= "" it Continues on...

from the looks of it they some how get his steam password and attempts to login especially new ones

the day i went i scanned with malwarebytes and antivirus malwarebytes found "pup" something like that but it got removed but with the antivirus it found nothing but there was something i found strange when the scan was finish it found 3,000 and something about "protected files" i did not take a good look on it
#9
Muppet among Puppets 17. okt. 2019 kl. 2.51 
Is the hello (name)
in the email the login name of the account?

Rest is irrelevant for now.
#10
LieutenantCommanderData-XGP 17. okt. 2019 kl. 5.33 
Opprinnelig skrevet av Muppet among Puppets:
Is the hello (name)
in the email the login name of the account?

Rest is irrelevant for now.
his user name is in it
#11
Muppet among Puppets 17. okt. 2019 kl. 6.02 
Opprinnelig skrevet av LieutenantCommanderData-XGP:
Opprinnelig skrevet av Muppet among Puppets:
Is the hello (name)
in the email the login name of the account?

Rest is irrelevant for now.
his user name is in it
So not the name he logs in with? Then the email is not about that account.
#12
LieutenantCommanderData-XGP 17. okt. 2019 kl. 7.54 
it's the Username he login with not the name that everyone sees
so far today there were no attempts to login but i'm still gonna change his password and email on my laptop running Linux when i get there just to be secure
#13
Muppet among Puppets 17. okt. 2019 kl. 8.12 
Is the name he logs in steam with part of the email address or used elsewhere?
No need to answer this here.
But this determines if the email just uses an email address as steam name. Trying their luck to make an email appear legit.
#14
< >
Viser 114 av 14 kommentarer
Per side: 1530 50

Alle diskusjoner > Steam-forum > Help and Tips > Emnedetaljer
Dato lagt ut: 16. okt. 2019 kl. 6.09
Innlegg: 14
Start en ny diskusjon

Diskusjonsregler og retningslinjer