Instalar Steam
iniciar sesión
|
idioma
简体中文 (chino simplificado)
繁體中文 (chino tradicional)
日本語 (japonés)
한국어 (coreano)
ไทย (tailandés)
Български (búlgaro)
Čeština (checo)
Dansk (danés)
Deutsch (alemán)
English (inglés)
Español de Hispanoamérica
Ελληνικά (griego)
Français (francés)
Italiano
Bahasa Indonesia (indonesio)
Magyar (húngaro)
Nederlands (holandés)
Norsk (noruego)
Polski (polaco)
Português (Portugués de Portugal)
Português-Brasil (portugués de Brasil)
Română (rumano)
Русский (ruso)
Suomi (finés)
Svenska (sueco)
Türkçe (turco)
Tiếng Việt (vietnamita)
Українська (ucraniano)
Comunicar un error de traducción
El autor de este tema ha marcado un mensaje como la respuesta a su pregunta.
Normas y directrices sobre discusión
Denunciar este mensaje
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
It's not new. It happens all the time. Your son in all his skin trading and likely participating on 3rd party (non-steam) trading sites has figured out a way to compromise his account. Perhaps providing his credentials into a login form that looks like a legitimate Steam login. Regardless of the exact details, the root cause is usually the user being reckless with their account security. Users tend to be the weakest link when it comes to account security.
And greed is a powerful motivator and is often used to get people to act against their own best interests. Your story highlights this. A scenario was concocted for him to get him to trade his valuable items so he would be "eligible" for something valuable to be given to an account with virtually no items.
Whenever greed is driving your decisions, it's a big red flag. Stop and take an inventory of what you're doing.
The Steam policies are pretty clear about this. Trades are not reversed, items aren't duplicated or returned.
You must do the steps given above in order to secure the account but any items lost this way aren't returned.
Thank You for quick answer. This is crucial for me to know that my son steam account was compromised - that means he is still in danger
Worse thing is that You suggest that also his computer could be compromised and also steam guard on mobile phone?
I wonder why newest and actual Bitdefender 2020 did not reported anything.
I will do exactly as You told.
If you have any link describing what exactly those scammers do - I would appreciate that. If You do not want to promo scammers techniques - I respect that also.
Great thanks anyway!
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.
Do each of the steps.
What happened is your account became compromised, most likely through a third party site. This well known scam then requires you to authorize the trade giving your items away after you allow them access to your account through either malware, or giving away your details through a phishing fake login page or other trick used by those shady third party sites.
The way it does this is after it gains access to your account, a bot waits until you send out a trade offer, and then using the access you gave to them, their bot cancels the trade, changes a bot account to match the name and profile picture of the person you wanted to trade with, and then sends a trade giving your stuff away for free.
The scam depends on you ignoring all the warnings, such as "this user is not on your friends list", "this user has a similar name to someone on your friends list", their items missing from the offer, the big "you will receive nothing" text, the fact that they have the wrong level, wrong "has been on Steam since" date (usually obviously too recent to make sense), and a few other obvious warnings. It only works if you're not even looking at what you're doing. Sadly, an awful lot of people don't care enough to verify the trade is what they are expecting, so this scam continues to work.
Valve will not return items you gifted away to the scammer as a result of ignoring all the warnings. https://support.steampowered.com/kb_article.php?ref=9958-MJDG-3003
Unfortunately most of these scams require people with a trusting nature to be tricked into willingly moving their inventory once their account has been compromised.
https://steamcommunity.com/discussions/forum/7/1747893804397849536/#c1747893804398016279
I don't understand how it was possible for your son to become scammed, surely he read all of the other warning topics such as this one, correct?
Now I also understand how it could be done.
I just have been talking with my son - I told him that experts on steam (You dear fellows) insist that he had to give at some point access to his account along with steam guard code.
And he admitted that on some page - lured with greed - he simply entered steam creditentials along with steam guard code.
Now I undeerstand this "mystic scam"
I am starting the porocedure provided by Brockenstain.
Great respect to both of You!
Well good for your son. It's not an easy thing to admit, and a lot of people want to argue or shift the blame because protecting their own egos ends up being more important to them.
The only other thing I can say is for him not to take it too hard, thousands and thousands, perhaps millions of Steam users have fallen into the same trap. All this really proves is he's just a regular human being like the rest of us. But if he can learn from his mistakes on the first go around he'll be better off than many.
Borockenstein, J4MESSOX4D, The Living Tribunal, Obey, Teksura
This is my first post for help ever and I am astonished with the speed and quality of your help.
I hope I can repey it somewhere in the future to other steam users.
The case is closed. We are processing the steps provided
Computer is not likely to be infected (screening is running now)
My sons admited to go to page provided him on steam group (a person who provided it has been reported) which rules user to login with his steam creditentiald and steam guard code
The rest is exactly as You described:
He willingly created and offer directed to real me with all his items in order to temporarily have "poor" acount in order to take a part in free give away <- THIS IS HOW THEY RULED HIM
The offer for proper me was "somehow" rejected
The an offer appeared somehow (it was a scammer diguised as me)
My son just confirmed it
Steam warned him that this person is not his steam friend
My son IGNORED that and confirmed it
This is a hard lesson for him. He has been earning this 50$ for skins for a few months by making dozens of english self learning english lessons. We allow him to buy digital goods only if he invest an "earning" time into his education. Those skins are equivalent of dozens of hours of making translations from english to polish - in order to improve his skills
So some money has been lost, expierience has been gained, case has been understood - thanks to You!. Some english have been improved on my sons side
It is important to male such a mistake once. That what I want him to learn
Best regards
Mariusz / Red Ezzio
^^^ Indeed.
Now both of you know to be a little bit more wary. Enjoy your gaming, but be careful what you do online!
Last thing to say which 100% confirms that mechanism described by all of You was exactly what happened - > at last step of cleaning instructions we have found the filled field API key - never generated by us.
Of course reseted immidietely
My son asked me to thank to all of You on his behalf - this account is precious for him as he earned GOLD in CS:GO for the first time in his life this morning.
Who knows for what else this account could be used for by scammers - resulting for example in ban.
I wish all of You the very best!
Dear fellow Steam Friends!
In my case I dont see a list. Only an input field and a checkbox to register a new key. Is it what it should look like?
My account which I believe has not been compromised has exactly looking APIkey page as You described (empty imput field and checkbox)
My son's account which was hijacked had an API key field fully filled with somethin like this
zaCELgL!0imfnc8mCDFwsAawjYr4Rx-Af50YYqtlx <- just a fake API key here
As my son has no clue what an API key is <- it was a proof that his account had been compromised.
I went through all the steps described by those helpful colegues in order to regain this account.
I hope that answers Your question
regards!