so you are saying type in a different email, not his actual, and then maybe I can get to that step.. I will try it..?

Messaggio originale di kabonkersRevenge:

No, my son tried to recover his account and end up creating a new account with a 1 after it. Then he logged in and was hoping he could ask the hijacker for his games. But that obviously wouldn't work. But he is still a child and thought he would ask. So now his email is associated with a new account. So the helpless loop, ask if he wants to update the password for this new account and doesn't have a relationship to the old account. So there is no way the automated system can make heads or tails of this problem. It is why people need to get involved.

So, instead of following the directions, you opted to do something totally different and are frustrated because not following directions didn't work. What you need to do now instead getting mad and quitting is either change the email on the account you shouldn't have made, or enter a different email address not associated with any account so you can continue the process when the email address doesn't find a linked steam account.

Messaggio originale di kabonkersRevenge:

so you are saying type in a different email, not his actual, and then maybe I can get to that step.. I will try it..?

Just type in random@gibberish.com to get to the account name step.

Messaggio originale di kabonkersRevenge:

so you are saying type in a different email, not his actual, and then maybe I can get to that step.. I will try it..?

Yes, as the guide tells you to do in step 5:

If, however, you have multiple accounts registered under the same email address, it will present your other account(s) as options. In that case, enter this email address: test5764801@email.com (you can replace the numbers with a string of random numbers)

Ok, It worked, thanks for the encouragement . I went through the same prompts but put in a phone number instead of a fake email. He did not have his cell set up on the account. That got us the prompt for account name. Then once we had that we told our Xmas story of the bad hacker elf who stole his account. I must have put at least 2-300 bucks worth of games into that account this year, and they were really looking forward to more phasmaphobia and among us. Although, I am not too excited about among us... I'll let you know if we get it back in time for Xmas. ;-)

Telling you now it wasn't "hacked", your son gave away the account information to a phishing site. Likely chasing "free stuff" used as bait in most scams.

Thanks, Steam restored the account to us, for Xmas. !!! But the crazy part was that the "reset" password was in Russian. So it was clearly Russian language hack.. Amazing. But they figured it out quickly. The person had renamed the account and spent tons of hours playing Rust. Most likely the hacker sold it to them? Who knows.. But thanks for helping me figure out how to get through the page. It is counter intuitive that we had to put in the wrong information to get to the right part of the dialogue ... but we got through thanks to your help.

Messaggio originale di Fiddle:

Telling you now it wasn't "hacked", your son gave away the account information to a phishing site. Likely chasing "free stuff" used as bait in most scams.

This. Your next step is to talk to your son about account security and how phishing works. Nobody hacks Steam to get your account information, anyone who had the resources and knowledge to do so would be going after something more profitable like payment information. Nobody hacks major email providers to get children's email account login info. Anyone who has the resources and knowledge to pull that off would be going after someone more important with more sensitive information.

Hacking through a major corporations cybersecurity is hard. It's not like in the movies, you can't just throw on a trenchcoat, shades and throw around weird slang and then gain access to anything you like. It generally requires there existing some kind of bug or exploit that is specific to whatever system they are using, which likely won't exist in anyone else's systems. Trying to hack your way into a system, including a personal PC, is doing it the hardest way possible.

So, instead, it's much easier to go after the weakest link in all of cyber-security: People.

Going after people is easy. If you've ever gotten those phone calls from scammers claiming to be from Microsoft Support claiming that they have detected a virus on your Windows system, this is exactly what they are doing. They can't hack into your system, but they can ask you to help them by talking you into opening doors for them to use and literally giving them permission to remote access the computer. What happened with your son, most likely, is another version of this called phishing. Basically, the scammer simply asks for his login information using some kind of bait, and then your son just gives it to them. The scammer then uses this information to steal the account.

One classic example seen on Steam are the so-called CS:GO gambling sites as well as the third party trading websites and pretty much anything related to voting for esports. People go to these sites with one promise or another, and often they will work exactly as advertised for many users and for many months. Now, how do they actually get control of their account?

Well, that's easy. They just ask you to give them your login information. That's it. To access the site they ask you to provide your Steam login info, sometimes providing a fake page owned by them designed to look like Steam. So a lot of people who don't stop and think about what they're doing end up just giving away their login info. And once they have done that and provided someone else with information to get in, well, someone else uses that information to get in.


Think of it this way. Imagine you're going to a local store at the mall, and you go to park your car. Then some guy approaches you and says he works for the mall and that his job is to park your car for you. He asks you to give him your car keys and he'll take care of everything. Well, he's dressed in something that looks official and he says he is official. But should you really give him your car keys?

Teach your boy that these keys are important, and nobody should ever be asking for them ever. Teach him that he should only ever be using them on the official site that he personally went to. If a third party site tries to redirect him there and it asks for login information, he should back out, navigate to the site himself, and log in himself. Then try again, and if it doesn't recognize that he is logged in, it is prolly a phishing site because he's already logged in.

"Nobody hacks Steam to get your account information" First is email was compromised. I went to the devices part in GMAIL and it looks like a device first signed on in October but nothing happened until December. Because there was access to the email, it was easy to reset the steam, he just said he forgot the password, and got the email from steam and reset the password then reset the account to his email and boom. Steam stolen. The trick he did on the email was to auto route all message from steam to Trash. So unless my son looked at the trash he would never know that his steam password was changed or that his email was reset on the account. So it really was a stolen email account that allowed him to take the steam account. He had fun for a few days and racked up a bunch of hours in RUST... thanks for the advice on phishing..

anyway xmas saved.. But my son's heart grew a little because once he found out that the guy was just playing rust, he was like .. awe.. he did really good, I have lots of achievements now.. He wasn't mad at all. But I tell you he was in distress when he found out...

Messaggio originale di kabonkersRevenge:

anyway xmas saved.. But my son's heart grew a little because once he found out that the guy was just playing rust, he was like .. awe.. he did really good, I have lots of achievements now.. He wasn't mad at all. But I tell you he was in distress when he found out...

Don't be surprised when that account gets a VAC ban