Thanks for the report friend :)

Then someone created a steam account with your email.
Shouldnt there be a verification first?

I'm not saying they created an actual Steam Account. I think they are pasting the e-mail address as the account name into a phishing e-mail. That link at the bottom likely takes you to a bogus site where they hope to get your actual account info. Steam got hacked at some point a few years ago, and while no important info was decrypted, they may have gotten a list of e-mail addresses linked to actual Steam Accounts. They can create a phony, but very convincing, "official" e-mail from <noreply@steampowered.com> hoping to lure the unsuspecting into clicking that link at the bottom of the page. I'm only guessing, but I just wanted people to stop and think before nuking there OS. This may just be a spoof, hoping to get people to overreact and wipe there HD's as someone's idea of a cruel prank. Whatever the case, just look closely, and if in doubt contact steam directly to see if the account activity being reported is legitimate. I'm certain at this point that these e-mails that I received are not real. My account was being spammed about three or four times a week with them, each time listing some exotic IP address. Every other aspect of them looked legitimate except the account name. It took me several months to connect the dots. Its so easy to miss because that is my e-mail, just not my account name.

Well, I'm getting those once in a while too. Since I've got 2FA running I don't think they can get in regardless, but it's upsetting.

I've checked the source of the message etc and IMHO things look genuine. The header is correct, the account-name is correct, the email is correct (obviously) and all url's in there point to steampowered.com or steamcommunity.com or valvesoftware.com.

Even though I've got 2FA I've changed my pwd a couple of weeks ago into something completely random (via generator) and remarkably it seems they've brute-forced it again already?

The two 'most inviting' links seem to be to:

https://steamcommunity.com/actions/ReportSuspiciousLogin?stoken=<very long "number">
https://help.steampowered.com/en/wizard/HelpUnauthorizedLogin?stoken=<another very long 'number'>

(fetched from message source)

I'm not sure how these could be phishing links...

If you login yourself, do you get those emails?
If not, especially with auth app codes,
how could the email you get be legit?

Perhaps these are not phishing as much as some sort of practical joke. The e-mails may be taken from a legit steampowered email then doctored up and sent out as a way to get thousands of people to constantly change their passwords and to bombard steam tech support with messages.I've recently gotten as many as five in a single day. As I said earlier the way to tell is to check the account name they are using in the greeting. Steam's emails start as "Dear <account name>". The phony e-mails are starting with "Dear <e-mail address>". If your account name happens to be your e-mail address this will make things slightly more confusing. My account name is not the same as my e-mail, this is how I first caught on to them being fake. I happened to have gotten a legitimate email as I was logging in from a new computer. I expected this e-mail. It just happened to be right above one of the fake ones and I suddenly realized they were not the same thing. I had an epiphany one might say. If you used your email as your account name it will make verification much more difficult. In the end the level of sophistication required to make these seem legit makes me think someone expects to get something other than a laugh out of them. There are certainly people out there who can hide things in these emails while making them look entirely legitimate. They may simply have an active x controller hidden in them that downloads when you click the link but then takes you to the actual steam site. Who knows. I just suggest that you don't click on anything in them. Go to your steam app to make any changes to your account. If you didn't try to log into your account from a new computer, and the login attempt is from a server in Ubekistan, it's probably fake.

In reponse to this:

"Even though I've got 2FA I've changed my pwd a couple of weeks ago into something completely random (via generator) and remarkably it seems they've brute-forced it again already?"

You misunderstand. They don't have your account name or your password. They are randomly sending these e-mails hoping to get whatever response they are seeking (either getting you to click on something to download a virus, or just a laugh that they got you to change your password). They are completely fake. The "login attempt" invariably comes from some remote corner of the world ( PK for pakistan, UZ for Uzbekistan, etc.) I think all of this "information" is randomly generated, as it is different in every one of the fake ones I've gotten. They don't actually have your password. All they have is your e-mail address. They may be trying to get you to click on a link and enter your password, at which point they would actually have it.

Hopefully this clarifies my point.

Originally posted by Muppet among Puppets:

Then someone created a steam account with your email.
Shouldnt there be a verification first?

♥♥♥♥♥♥♥ scammers trying every possible way to get easy money!

Getting these e-mails, sextortion (about my old password and recordings of me through my webcam, and i should pay $1000 to get the recordings deleted).

I changed my password several times and i did not understand how the hell they still being able to log in with a password i only created at the moment and only noted on my paper. The e-mail looks really real and the steampowered e-mail!! damn. I dont remember if i clicked on their links to change my password but i guess not since i still can log in and have everything.

Originally posted by Senee:

♥♥♥♥♥♥♥ scammers trying every possible way to get easy money!

Getting these e-mails, sextortion (about my old password and recordings of me through my webcam, and i should pay $1000 to get the recordings deleted).

I changed my password several times and i did not understand how the hell they still being able to log in with a password i only created at the moment and only noted on my paper. The e-mail looks really real and the steampowered e-mail!! damn. I dont remember if i clicked on their links to change my password but i guess not since i still can log in and have everything.

Is the account name your actual account name? A lot of people find that it's their display name, or a part of their email address which means one of two things either:
A) There is another account attached to your email with that account name, which you haven't changed the password of yet.
B) It's a phishing email.

You'd be surprised how often A is the case (a lot of people out there have Steam accounts they forgot they created).

Originally posted by Darren:

Originally posted by Senee:

♥♥♥♥♥♥♥ scammers trying every possible way to get easy money!

Getting these e-mails, sextortion (about my old password and recordings of me through my webcam, and i should pay $1000 to get the recordings deleted).

I changed my password several times and i did not understand how the hell they still being able to log in with a password i only created at the moment and only noted on my paper. The e-mail looks really real and the steampowered e-mail!! damn. I dont remember if i clicked on their links to change my password but i guess not since i still can log in and have everything.

Is the account name your actual account name? A lot of people find that it's their display name, or a part of their email address which means one of two things either:
A) There is another account attached to your email with that account name, which you haven't changed the password of yet.
B) It's a phishing email.

You'd be surprised how often A is the case (a lot of people out there have Steam accounts they forgot they created).

Yeah, i just found out i had an other account attached to my e-mail which had 0 games and no content at all, thanks!

I updated the password for that account it might solve the problem!

I've been getting these emails religiously for years. I think the phishing link is the valve logo at the bottom and the rest of the links are legit. Don't click any of the links in the email. Just log in to steam directly through the app or their official website.

I start getting same fake emails recently. First I was in panic and changed the password. Still getting the mails. Then I have changed the password second time. Still getting the emails. Then I moved the second stage from mail to phone app, still getting the mails. Finally I changed the account email aaaand, I`m still getting these mails to old one. And finally now I noticed that my nickname in the email has a mistype).

Much to my own shame it took me years to figure out I had a second account that was virtually identically set up to my 'actual' account. I had completely forgotten about that other account; in fact, I don't understand why I may have created it in the first place as its library was completely empty. It also had a super-guessable password.
Anyway, I thus deleted that 'alt' account and lo and behold the emails stopped. Finally.

So yes, I was 100% sure it wasn't 'another account' as so many forum-posts were trying to tell me... heck off course it wasn't... until it was =)

Originally posted by deroby:

Much to my own shame it took me years to figure out I had a second account that was virtually identically set up to my 'actual' account. I had completely forgotten about that other account; in fact, I don't understand why I may have created it in the first place as its library was completely empty. It also had a super-guessable password.
Anyway, I thus deleted that 'alt' account and lo and behold the emails stopped. Finally.

So yes, I was 100% sure it wasn't 'another account' as so many forum-posts were trying to tell me... heck off course it wasn't... until it was =)

i've done this. went so far as to get mad (meaning rant and rave) at a support rep until they found the other account i had. i certainly felt like an idiot