I THINK I FELL FOR THIS HELP AAAAAAAAAA

Rainhound eredeti hozzászólása:

This happened to me recently and I actually believed it and clicked their link and followed the instructions. Something else happened as well, some of my steam games wouldn't launch and now they all don't. I was wondering if this was the cause. I've already tried simple methods such as verifying the integrity of the game cache or checking the clock to see if it matched but nothing's working.

Astaroth eredeti hozzászólása:

Scan your computer for malware. You can use Malwarebytes[www.malwarebytes.com]
Deauthorize all other devices from here
Change your password on a secure device from here
If you have the Mobile Authenticator enabled, generate new back up codes from here
Revoke the API key from here

These bots spread through the link alone! Don't touch it. Not even to look at the site

Hey, I just got that exact same thing, And it came to that point were he wrote to me with another person his profile after I was logging in, how is that possible? And is there something else I need to do other than changing the steam trade link and my password?

It would be best to disauthorize all devices. That will kick the bot

Why is this still a problem a year later?

Ducky eredeti hozzászólása:

Why is this still a problem a year later?

It's been a YEAR? I only found it out today!

Partydonut214 eredeti hozzászólása:

It would be best to disauthorize all devices. That will kick the bot

How was he able to access my account? Thought this Steam Authorisation where you login through steam is just some basic information

Dont press any link i sent you! eredeti hozzászólása:

Hey, I just got that exact same thing, And it came to that point were he wrote to me with another person his profile after I was logging in, how is that possible? And is there something else I need to do other than changing the steam trade link and my password?

The Steam community recommends 5 steps, done in order, to make sure that the scammer's bot is not only kicked out of your account, but also cannot get back into your account again through malware or using Backup Steam Guard Codes.

1. Scan for malware https://www.malwarebytes.com/
   
   
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage (scroll down to "Concerned your credentials are saved on another device?" and click the button that says "Deauthorize all other devices." DO NOT remove your Steam Guard Mobile Authenticator).
   
   
3. Change your Steam account password from a clean device
   
   
4. Generate new Backup Steam Guard Codes https://store.steampowered.com/twofactor/manage (scroll down to "Get Backup Steam Guard Codes" and click the button that says "Get Backup Codes").
   
   
5. Revoke your Steam account's Web API key https://steamcommunity.com/dev/apikey if needed (if you see a blank field after "domain name", then the scammer did not register a Steam Web API Key).

Dont press any link i sent you! eredeti hozzászólása:

Partydonut214 eredeti hozzászólása:

It would be best to disauthorize all devices. That will kick the bot

How was he able to access my account? Thought this Steam Authorisation where you login through steam is just some basic information

The real sign-in-through-Steam button opens a separate window to the actual steamcommunity site and uses openid to log in which only gives publicly available information about your account to the site.

But this scam site that you went to had a fake sign-in-through-Steam button which did not actually open a separate window with the real steamcommunity site. Instead it opened a fake sign-in-through-Steam pop-up page inside the scam site's page (you would not be able to move the pop-up out of that site's page because it was not a different site) that phished your login name, password, and Steam Guard code and gave it to the scammer.

Then the scammer's bot used the information that you were tricked into giving the scammer to log into your account.

DrShadowds shows a screenshot of what the fake sign-in-through-Steam pop-up window probably looked like in this earlier post https://steamcommunity.com/discussions/forum/1/1745642381107247101/?tscn=1618533477#c3004429475636707322

https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315

DrShadowds also shows in the second screenshot that if, in the future, you are careful to always sign into the real Steamcommunity site BEFORE you visit any site with a sign-in-through-Steam button, when you click the button it will show your profile avatar, and, in the part understandably blacked out by DrShadowds, your profile name, and your actual account login name (the third-party site does not get your account name - that is only shown to you so you can be sure you are connecting the account you meant to use).

https://steamcommunity.com/sharedfiles/filedetails/?id=2338543075

If you don't see that, but instead are asked to log in to Steam again, then you will know that it is a phishing page instead of the real steamcommunity page.

Dont press any link i sent you! eredeti hozzászólása:

And is there something else I need to do other than changing the steam trade link and my password?

Why did you think that you needed to change your Steam Trade URL?

♥♥tutor♥♥tαrα♥♥ eredeti hozzászólása:

Dont press any link i sent you! eredeti hozzászólása:

Hey, I just got that exact same thing, And it came to that point were he wrote to me with another person his profile after I was logging in, how is that possible? And is there something else I need to do other than changing the steam trade link and my password?

The Steam community recommends 5 steps, done in order, to make sure that the scammer's bot is not only kicked out of your account, but also cannot get back into your account again through malware or using Backup Steam Guard Codes.

1. Scan for malware https://www.malwarebytes.com/
   
   
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage (scroll down to "Concerned your credentials are saved on another device?" and click the button that says "Deauthorize all other devices." DO NOT remove your Steam Guard Mobile Authenticator).
   
   
3. Change your Steam account password from a clean device
   
   
4. Generate new Backup Steam Guard Codes https://store.steampowered.com/twofactor/manage (scroll down to "Get Backup Steam Guard Codes" and click the button that says "Get Backup Codes").
   
   
5. Revoke your Steam account's Web API key https://steamcommunity.com/dev/apikey if needed (if you see a blank field after "domain name", then the scammer did not register a Steam Web API Key).

Dont press any link i sent you! eredeti hozzászólása:

How was he able to access my account? Thought this Steam Authorisation where you login through steam is just some basic information

The real sign-in-through-Steam button opens a separate window to the actual steamcommunity site and uses openid to log in which only gives publicly available information about your account to the site.

But this scam site that you went to had a fake sign-in-through-Steam button which did not actually open a separate window with the real steamcommunity site. Instead it opened a fake sign-in-through-Steam pop-up page inside the scam site's page (you would not be able to move the pop-up out of that site's page because it was not a different site) that phished your login name, password, and Steam Guard code and gave it to the scammer.

Then the scammer's bot used the information that you were tricked into giving the scammer to log into your account.

DrShadowds shows a screenshot of what the fake sign-in-through-Steam pop-up window probably looked like in this earlier post https://steamcommunity.com/discussions/forum/1/1745642381107247101/?tscn=1618533477#c3004429475636707322

https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315

DrShadowds also shows in the second screenshot that if, in the future, you are careful to always sign into the real Steamcommunity site BEFORE you visit any site with a sign-in-through-Steam button, when you click the button it will show your profile avatar, and, in the part understandably blacked out by DrShadowds, your profile name, and your actual account login name (the third-party site does not get your account name - that is only shown to you so you can be sure you are connecting the account you meant to use).

https://steamcommunity.com/sharedfiles/filedetails/?id=2338543075

If you don't see that, but instead are asked to log in to Steam again, then you will know that it is a phishing page instead of the real steamcommunity page.

Dont press any link i sent you! eredeti hozzászólása:

And is there something else I need to do other than changing the steam trade link and my password?

Why did you think that you needed to change your Steam Trade URL?

Thank you. Did all that, was just wondering if I need to do something else too. Regarding the question with the Steam Trade URL, I was just reading it, that I should do this too because it was a skin scam attempt.

Also, you need to be logged in to steam on your browser to have that screen with "Not you?" and your steam account name and profile. But I was not logged in on my browser, therefore I also was not able to see that.