the account is compromised
DO NOT TRADE
If you have access to the account

Steps to take NOW to secure the account:
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)


Please review how you are logging into Steam, you somehow gave them your log in information. This could of been due to the computer being compromised and redirecting to a fake login, or you using a 3rd party site to login to steam.

2 factor does nothing if you give away the log in. if your friend has questions, your friend should be posting.

He is very busy and has reached out to steam did everything they said to but none of it worked. He is and unhappy guy rn doesn't really have the drive to fix this when he is trying to fix his marriage. Just trying to be a good friend see if i can help him get some a
quick answer so he doesn't have to dig in. Just trying to get him his happy space back. I miss my friend.

If he reformatted his computer wouldn't that fix any malware issues? Changed his passwords idk if he changed his email. He didn't do any trades but they took all his stuff he had for trades sold it then repurchased some kind of in game items to give beck to themselves.

Same! This happened to me too. They sold my items in the community market then repurchase random thing with higher value than the market price. I suspect they sell an item with higher value then buy it using my account steam wallet that they just get from selling my items lol. They are from different types of currency. Can I somehow find from who did I purchase market items from? I'd like to find them SMH. I thought you need a steam authenticator for market listing? Shame on this poor people hacking accounts.

UPDATE : Found his profile (https://steamcommunity.com/profiles/76561199380415451), do report him please.

@ yur-a-s

Naming and shaming is not allowed.

Secondly accounts used to scam are already compromised accounts which the creator of the account is either not aware it is compromised or they never bothered to recover their account.

Note: A scammer, phisher is not foolish enough to use their own account.

And finally report that account as compromised.

Idk in my opinion name and shame all you want ppl should know who to avoid. Sorry but I will not report because this isn't my experience. I feel like your suck in the same spot as my friend plenty of info but no one that can help cares. I hope you do not suffer from repeat attacked gl yur a s

This is a rootkit malware that lives on a pc with memory as storage it's better then a keylogger it's like a virtual machine of urs they can use and operate take it too a repair shop

Take the pc into fix? My bf is pretty techie he builds his own pc isnt there anything else that can be done at home?

Originally posted by Nx Machina:

@ yur-a-s

Naming and shaming is not allowed.

Secondly accounts used to scam are already compromised accounts which the creator of the account is either not aware it is compromised or they never bothered to recover their account.

Note: A scammer, phisher is not foolish enough to use their own account.

And finally report that account as compromised.

I dont think my actions is wrong by naming them. It is better if everyone knows which or who is a "red flag". Just like you said, they are not foolish to use their own account so well maybe that account is not their true "identity". I do hope to find them which I think sue them is the best way.

zz

Building a PC doesn't make him savvy... this is an easy fix

Originally posted by yur-a-s:

Originally posted by Nx Machina:

@ yur-a-s

Naming and shaming is not allowed.

Secondly accounts used to scam are already compromised accounts which the creator of the account is either not aware it is compromised or they never bothered to recover their account.

Note: A scammer, phisher is not foolish enough to use their own account.

And finally report that account as compromised.

I dont think my actions is wrong by naming them. It is better if everyone knows which or who is a "red flag". Just like you said, they are not foolish to use their own account so well maybe that account is not their true "identity". I do hope to find them which I think sue them is the best way.

Okay but you do understand that if that sort of thing is tolerated then that not only can people who were victims of scamming in the past get harassed but it also means that people can just harass innocent people by making up claims about them as well right? Look at it this way. Your account was obviously compromised. What if instead of simply taking your items they used you account to steal someone else's items. You would be happy if you got your account back and found you were now branded a scammer now would you?

Trying to teach people how to recognize scams and how to keep their accounts secure is how you stop people from getting scammed.

The account they used doesn't even matter. They had to have access to your account in the first place and you didn't even need to have any prior contact with the account that the used to trade the items away. The part that matters is how your account got compromised in the first place and that isn't addressed at all by calling out specific profiles.