Steamをインストール
ログイン
|
言語
简体中文(簡体字中国語)
繁體中文(繁体字中国語)
한국어 (韓国語)
ไทย (タイ語)
български (ブルガリア語)
Čeština(チェコ語)
Dansk (デンマーク語)
Deutsch (ドイツ語)
English (英語)
Español - España (スペイン語 - スペイン)
Español - Latinoamérica (スペイン語 - ラテンアメリカ)
Ελληνικά (ギリシャ語)
Français (フランス語)
Italiano (イタリア語)
Bahasa Indonesia(インドネシア語)
Magyar(ハンガリー語)
Nederlands (オランダ語)
Norsk (ノルウェー語)
Polski (ポーランド語)
Português(ポルトガル語-ポルトガル)
Português - Brasil (ポルトガル語 - ブラジル)
Română(ルーマニア語)
Русский (ロシア語)
Suomi (フィンランド語)
Svenska (スウェーデン語)
Türkçe (トルコ語)
Tiếng Việt (ベトナム語)
Українська (ウクライナ語)
翻訳の問題を報告
ルールとガイドライン
この投稿を報告する
Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.
Do each of the steps.
To answer your question; yes. When you give a site known for scamming and hijacking accounts access to your account- they have access to your account. When a shady site known for scamming and hijacking asks you to scan the QR code and the steam mobile app tells you they are now trying to log in from some remote are you're not in, yes you're about to give someone else access to your account.
There is never any reason to give any website other than steam itself any login info. The option to login should take you to steam, and if you're not already logged in there, leave. Navigate to Steam your own damn self, and make sure you're logged in and when the scam website presents you with a phony steam login page that still insists you're not logged in, you can stop falling for these scams.
- Scammers will make any story up to trick victim to logging into scam site.
- How QR code works is passwordless, the scammer wouldn't be able to get your password because you didn't type it out to them.
- API key used to redirect your trades to their alt accounts.
- Scammers often use people accounts they steal from to run their scams, that why they don't bother making their own account.
- Any info you share on scammer site, or with someone that has access to chat logs they record that info, and sell it to other scammers. So if you use same password to login anywhere you should change password for those accounts that using same password, as scammers will try to use it against you.
Just wondering, is there any other risk with the QR code sign in? My steam app recognized it and allowed me to confirm the sign in so it must have been "legit" to some capacity.
For instance, that QR log in could be a screenshot of the QR code from their own log in attempt, and when I scan it and accept on the app itll log them in to my account on their PC? Right? So instead of having access to just my API they have full account access.
However, when I scanned the code my city came up as the location (FYI when I try making legit sign in attempts to my own account the location will sometimes come up as another city - not sure if this is important to this case though).
I should also note that the scammer said he was in my city but im guessing he somehow got my IP address and just said that as a social engineering tool.
I've dealt with scam attempts and API scams in the past but nothing like this, so I'm just trying to cover all my bases.
Thanks for your help
The way the scammers work is they try and initiate a login, then show you the QR code and basically go "Hey can you authorize our login attempt with this please? And then you say "Yes I will authorize your login attempt"
So you scan their code, and tell Steam "Yes, the scammers trying to log in who were given this code are me, and allowed into my account. I authorize their access to my account". And then they have access to your account.
Yes they can display their QR code from their device on their scam site, and yes they would use proxy/VPN to try mask their location to yours to try trick you into logging in, what will be different is the IP address. If you have a fixed IP address you should see the difference of the IP address they're trying to use that something people overlook as well.
If you want to see example, enable VPN on your system, open a web browser, visit Steam, and login, and you see up address is different, and if change it to another country it show you as if you're trying login from another country.