Fabian23lol eredeti hozzászólása:

I dont know if theres any way of getting back the items :(

there isn't

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey

Had the same sh*t a couple off days ago , steam isnt going to help!
and you lost your items sadly.

Steam is going to point the vinger 2 you , that you had to verifing before you accept.
while there leaving the scammer go they even don't lock up your lost items. the scammer wins

The message Steam is giving now is : keep on scamming thats the real way to make money

Im very disapointed in Steam service.

I think we better go and play COD instead.

Fabian23lol eredeti hozzászólása:

Yesterday on the 15th October some guy scammed me for a lot of CsGo items. He scammed me by naming his profile and changing his profile-picture(impersonate) to that, of one of my close friends. Yet somehow Steam send the offer to the scammer(even tough hes not on my friendslist) instead to my friend because i wanted to send my friend these items.
I dont know if theres any way of getting back the items :(
Greetings Fabian23l

You gave away your credentials to a phishing site, your account was hijacked along with the API key which controls trade offers and destinations. You then made an attempted trade which was cancelled by the scammers and then resubmitted whilst they were impersonating your intended target. You then confirmed the bogus trade to the scammers. I suggest you do the steps in #2 urgently.

No items lost this way are returned as incompetence is not compensated.

Streep eredeti hozzászólása:

Had the same sh*t a couple off days ago , steam isnt going to help!
and you lost your items sadly.

Steam is going to point the vinger 2 you , that you had to verifing before you accept.
while there leaving the scammer go they even don't lock up your lost items. the scammer wins

The message Steam is giving now is : keep on scamming thats the real way to make money

Im very disapointed in Steam service.

I think we better go and play COD instead.

the message is that YOU the User should take responsibility. Steam states everyhwere not to log in to other Sites, share your Infos on Discord and so on. So how exactly is Valve the bad Guy here when you are the one ignoring all the safety Announcements?

https://support.steampowered.com/kb_article.php?ref=1266-OAFV-8478 for example, hell steam even says it when you click a Link..

Streep eredeti hozzászólása:

Had the same sh*t a couple off days ago , steam isnt going to help!
and you lost your items sadly.

Steam is going to point the vinger 2 you , that you had to verifing before you accept.
while there leaving the scammer go they even don't lock up your lost items. the scammer wins

The message Steam is giving now is : keep on scamming thats the real way to make money

Im very disapointed in Steam service.

I think we better go and play COD instead.

its literally your fault for falling for such a simple scam.

Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.


Do each of the steps.



What happened is your account became compromised, most likely through a third party site. This well known scam then requires you to authorize the trade giving your items away after you allow them access to your account through either malware, or giving away your details through a phishing fake login page or other trick used by those shady third party sites.

The way it does this is after it gains access to your account, a bot waits until you send out a trade offer, and then using the access you gave to them, their bot cancels the trade, changes a bot account to match the name and profile picture of the person you wanted to trade with, and then sends a trade giving your stuff away for free.

The scam depends on you ignoring all the warnings, such as "this user is not on your friends list", "this user has a similar name to someone on your friends list", their items missing from the offer, the big "you will receive nothing" text, the fact that they have the wrong level, wrong "has been on Steam since" date (usually obviously too recent to make sense), and a few other obvious warnings. It only works if you're not even looking at what you're doing. Sadly, an awful lot of people don't care enough to verify the trade is what they are expecting, so this scam continues to work.

Valve will not return items you gifted away to the scammer as a result of ignoring all the warnings. https://support.steampowered.com/kb_article.php?ref=9958-MJDG-3003

Yea to all the big boys that think they never going to be scamed ,think again boys, do you realy think i didnt check te trade, ? I cheked it it disepaired and popt up on my phone again. So keep believing it is the victems fault i was some off you too. There are simple tings for valve too fix tis scam but they refuse , they just have to hold the items for 7 days so you have 7 days to withdraw you're items in case of something like this happens,it are just bytes and bites and there stupid explanation that they dont want to copy the items didnt stand they can delete it from the scammer and put it back to the victem if they did this, the scammig wouldt stop beacuse it has no point at the moment it looks like they want the scammers on there platform.

Streep eredeti hozzászólása:

Yea to all the big boys that think they never going to be scamed ,think again boys, do you realy think i didnt check te trade, ? I cheked it it disepaired and popt up on my phone again. So keep believing it is the victems fault i was some off you too. There are simple tings for valve too fix tis scam but they refuse , they just have to hold the items for 7 days so you have 7 days to withdraw you're items in case of something like this happens,it are just bytes and bites and there stupid explanation that they dont want to copy the items didnt stand they can delete it from the scammer and put it back to the victem if they did this, the scammig wouldt stop beacuse it has no point at the moment it looks like they want the scammers on there platform.

At a certain point Valve can't stop users from compromising their accounts or their being some consequences for that. I'm not against your suggestion per se, but there's a balance to be struck between security and utility and holding every transaction for 7 days and withdrawing at the last second would cause no shortage of wailing, even more than the issue of scamming. So we'd need penalties for people who amuse themselves by canceling transactions at the last second.

Ultimately that's the problem people don't want to come to grips. No matter what we do, systems we put into place can always be used against us in some way and so while it might look like it solves one problem the unintended consequences can be just as bad. So no, it's not a simple thing to fix. But it's simple to make an argument of convenience.

Streep eredeti hozzászólása:

Yea to all the big boys that think they never going to be scamed ,think again boys, do you realy think i didnt check te trade, ? I cheked it it disepaired and popt up on my phone again. So keep believing it is the victems fault i was some off you too. There are simple tings for valve too fix tis scam but they refuse , they just have to hold the items for 7 days so you have 7 days to withdraw you're items in case of something like this happens,it are just bytes and bites and there stupid explanation that they dont want to copy the items didnt stand they can delete it from the scammer and put it back to the victem if they did this, the scammig wouldt stop beacuse it has no point at the moment it looks like they want the scammers on there platform.

Your fault for giving away your credentials to a phishing site and then confirming a bogus resubmitted trade. Two absolute clangers there.

Streep eredeti hozzászólása:

Yea to all the big boys that think they never going to be scamed ,think again boys, do you realy think i didnt check te trade, ? I cheked it it disepaired and popt up on my phone again. So keep believing it is the victems fault.

It is. Only the victim can grant access to their account to the hijacker. And there are, in fact, plenty of big showy warnings described in my previous post that the victim has to ignore when going through the "review and confirm" part of the trade.

I understand you'd rather shift the blame elsewhere and act like there was nothing you could have done to prevent it, but that is absolutely the wrong thing to do. It is far more productive to take notice of what you did, and how you allowed this to happen so you can be more proactive about preventing it from happening in the future.

Streep eredeti hozzászólása:

There are simple tings for valve too fix tis scam but they refuse , they just have to hold the items for 7 days so you have 7 days to withdraw you're items in case of something like this happen

Feature exists. You just chose to not use this, instead opting for the mobile authenticator so you don't have to wait for trade holds. Or are you saying that trade holds should be mandatory so people like you can't make the choice bypass them? That, again, sounds like a you problem, not a design problem.

The api key should not be created without owner verification.
That is a fact though

Muppet among Puppets eredeti hozzászólása:

The api key should not be created without owner verification.
That is a fact though

That's how it works but people give it away by logging into their steam account on fake sites and that's outside of steams control.

Chompman eredeti hozzászólása:

Muppet among Puppets eredeti hozzászólása:

The api key should not be created without owner verification.
That is a fact though

That's how it works but people give it away by logging into their steam account on fake sites and that's outside of steams control.

I still wait for someone talking about how they use that api.

All i read is from people who dont even know it exists, and how a scammer uses it on their behalf.

That makes one think, doesnt it?