ᵀᶦᵗᵘˢ eredeti hozzászólása:

He was actually streaming to me when he was doing the Rust voting thing, the Steam Community was the correct link, not a fake one.

Muppet among Puppets eredeti hozzászólása:

ᵀᶦᵗᵘˢ eredeti hozzászólása:

He was actually streaming to me when he was doing the Rust voting thing, the Steam Community was the correct link, not a fake one.

They can create a window with the right "url" in it.

How did he get the link for the voting?

ᵀᶦᵗᵘˢ eredeti hozzászólása:

The website did redirect to the correct link, he checked it to be sure. As I said he hasn't visited any trading or gambling websites. And the issue is, he never accepted any trade on his authentication app.

Slamz eredeti hozzászólása:

ᵀᶦᵗᵘˢ eredeti hozzászólása:

The website did redirect to the correct link, he checked it to be sure. As I said he hasn't visited any trading or gambling websites. And the issue is, he never accepted any trade on his authentication app.

I do email authentication which shows the IP address of the person requesting the login and could see it's not me. Not sure how the phone app works.

Dr.Shadowds 🐉 eredeti hozzászólása:

Here are the most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/

https://youtu.be/9TRR6lHviQc

The type of story scammers say to you.

- "Hey vote for my team", and they link you a phishing site link, and try get you to login.

- "Hey I can't add you, please add me", and they try to start their scam with you.

- If you're friend with someone that got their account hijacked, you get scam message like, "I report you", "you been banned", and whatever to try scare you, and they tell you to trade your items to them, or if you have a login to phishing site may have a API key on account that redirect trades, they ask you to give them money, or etc...

- If you already got your account compromise by them, they change your display name to banned, or whatever, your display picture as well, they may delete your friends, and try to spend your wallet funds if you have any, also trade all your items, but if they see if you have mobile authenticator attached, they play their scam to get you to confirm the trade to get your items off your account to their account quicker if they're able to trick you into confirming the trade.


I show you few examples.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315

https://youtu.be/JuWHCBeZrqI
https://www.youtube.com/watch?v=kook1DlxDAw
https://www.youtube.com/watch?v=0DDnV-MHSaY
https://www.youtube.com/watch?v=WfTXxLraokE

https://steamcommunity.com/discussions/forum/1/4956744526904317093/#c4956744526904653890

TsunamiSwami eredeti hozzászólása:

Your friend should activate Steam's 2 factor authentication feature to help prevent problems like this from happening in the future.

Slamz eredeti hozzászólása:

ᵀᶦᵗᵘˢ eredeti hozzászólása:

The website did redirect to the correct link, he checked it to be sure. As I said he hasn't visited any trading or gambling websites. And the issue is, he never accepted any trade on his authentication app.

Someone tried to get me with this just a little bit ago. The website appears to pop up an authentic link, with the correct address, but it's all fake -- the address bar and the entire "embedded pop-up" is just a form embedded in the website itself, made to look like an authentic pop-up login request.

So he checked the address and saw it was correctly displaying Steam credentials, but the "embedded" address bar itself was a fake. If he had tried to drag it around, he would have noticed it was actually part of the webpage and not a real pop-up.

That's how they got his login. I think the way it works then is that they try to login, they ask him for the two-factor information, which he then provides because after all he is trying to login, which they then forward to Steam for a fully authenticated login. I do email authentication which shows the IP address of the person requesting the login and could see it's not me. Not sure how the phone app works.

J4MESOX4D eredeti hozzászólása:

Slamz eredeti hozzászólása:

I do email authentication which shows the IP address of the person requesting the login and could see it's not me. Not sure how the phone app works.

When it comes to the mobile auth, it is incredibly easy - all the user has to do is entire their entire credentials into a fake window including the live auth code and then these are instantly captured and automatically login-botted into a real client. The user receives an error message because it's not a real login but elsewhere their account has been logged into a real client and is now in the possession of hijackers.

Even some of these third party sites which have genuine Steam login's use a re-log technique where they get the user to re-enter their credentials to confirm something or because the site claims they've been 'logged out' inexplicably or something. The fake login box says their login has been successful but they were never logged out in the first place and their credentials have been captured that way.

ᵀᶦᵗᵘˢ eredeti hozzászólása:

J4MESOX4D eredeti hozzászólása:

When it comes to the mobile auth, it is incredibly easy - all the user has to do is entire their entire credentials into a fake window including the live auth code and then these are instantly captured and automatically login-botted into a real client. The user receives an error message because it's not a real login but elsewhere their account has been logged into a real client and is now in the possession of hijackers.

Even some of these third party sites which have genuine Steam login's use a re-log technique where they get the user to re-enter their credentials to confirm something or because the site claims they've been 'logged out' inexplicably or something. The fake login box says their login has been successful but they were never logged out in the first place and their credentials have been captured that way.

He told me he never entered the live authentication code. He said he only put in his username and password. There was a request for his two-factor authentication be removed on the day he was scammed but he denied it, which leads me to believe they never had access to his mobile authentication (it was never disabled).

J4MESOX4D eredeti hozzászólása:

ᵀᶦᵗᵘˢ eredeti hozzászólása:

He told me he never entered the live authentication code. He said he only put in his username and password. There was a request for his two-factor authentication be removed on the day he was scammed but he denied it, which leads me to believe they never had access to his mobile authentication (it was never disabled).

Either he did put in his code or the hijacker was able to guess a lottery jackpot shot. Why would you put in your login name and password but not the auth code into a login box you think is real? If there was also a separate auth removal request then prior then your friend was already compromised.

Either he's lying or he simply doesn't comprehend the mess he's in.

ᵀᶦᵗᵘˢ eredeti hozzászólása:

J4MESOX4D eredeti hozzászólása:

Either he did put in his code or the hijacker was able to guess a lottery jackpot shot. Why would you put in your login name and password but not the auth code into a login box you think is real? If there was also a separate auth removal request then prior then your friend was already compromised.

Either he's lying or he simply doesn't comprehend the mess he's in.

We don't comprehend the mess he's in. What he's confused about is how they were able to accept the trade for him without access to his mobile authentication. Like I said, they never disabled his authentication. If they did, he would have had his items trade locked for 7 days or 14 days or however long it is. And can't you only have one device connected at once anyways?

A lot of people have been telling me he accidentally accepted a false trade, like how a guy tries to trade his knife to a friend and it was a false trade, but he didn't even attempt to trade his skins to anyone.

He's not worried about the items he lost, he's worried about the items still in his inventory that are currently locked (he recently unboxed).

ᵀᶦᵗᵘˢ eredeti hozzászólása:

How can he give out the keys to the authenticator if he only provided username/password to login? Assuming that he logged into a fake website. How can scammers use just the username and password to get authenticator codes?

ᵀᶦᵗᵘˢ eredeti hozzászólása:

It wasn't embedded, when he clicked on the login button it redirected him to steam's page.

Spawn of Totoro eredeti hozzászólása:

ᵀᶦᵗᵘˢ eredeti hozzászólása:

How can he give out the keys to the authenticator if he only provided username/password to login? Assuming that he logged into a fake website. How can scammers use just the username and password to get authenticator codes?

... If he has the authenticator and it is active, you need the log-in, password AND an authenticator code to log into Steam, even over a browser.

ᵀᶦᵗᵘˢ eredeti hozzászólása:

It wasn't embedded, when he clicked on the login button it redirected him to steam's page.

They always do. It isn't hard to copy a website.

Just because it looks like the Steam site, doesn't mean that it is. Then there are many variations of the URL scammer have used as well, that are blocked on Steam, but not on the internet.

Best thing to do is to log into Steampowered.com. Then if you visit a site that requires Steam, you are already logged in. If it asks you to log in again, then it is a phishing site.