All Discussions > Steam Forums > Steam Community > Topic Details
Null Apr 28, 2022 @ 1:41pm
Purchase history scam, I almost took the bait.
So a friend's discord was hacked, and gave me the steam report scam.
I was suspicious but the scammer lucked out by hacking an account who's mannerisms they were easily able to emulate accurately.
Now I'm fairly tech literate but rather naïve when it comes to financial things. As such I didn't catch on until after giving them my purchase history.

I don't use credit cards here. I purchase exclusively via steam cards and the steam wallet, so there's zero banking information tied to my account.
That being said, all they have is my account name. How worried should I be? I've yet to change my password as I doubt I need to, but I did validate my mobile authenticator.
< >
Showing 1-6 of 6 comments
my new friend Apr 28, 2022 @ 1:48pm 
Having only the account name is not too much to worry about.
#1
Null Apr 28, 2022 @ 1:58pm 
Understood. appreciated.
#2
vinny May 1, 2022 @ 2:39am 
Although it isn't something you should be too worried about, updating your password is never a bad thing. Might also give you some extra peace of mind.
#3
Dr.Shadowds 🐉 May 1, 2022 @ 4:09pm 
How the phishing attack works is they record your input, and get your logic ticket/cache on their server, they get access to your account, they repeat the scam with your friend list, and either they inject API key on the account, or trade your items off the account if possible as well spend any of your wallet funds if have any.

So if they ever gain access to your account the simple things to go over are easy, change passwords as well for any other services if using same password, if using Steam mobile app 2FA, re-setup your 2FA mobile app so can get refresh so remove, and re-add, and revoke all API keys if any found on account as shouldn't have any, lastly deauthorize all devices so can kick all from account.

For revoking API key.
https://steamcommunity.com/dev/apikey <--- Should be nothing there.

Deauthorize all other devices. https://store.steampowered.com/twofactor/manage


For learning type of tricks, and tips for internet safety can see below to help you out in the future.
Originally posted by Dr.Shadowds 🐉:
Here are the most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/

https://youtu.be/9TRR6lHviQc

The type of story scammers say to you.

- "Hey vote for my team", and they link you a phishing site link, and try get you to login.

- "Hey I can't add you, please add me", and they try to start their scam with you.

- If you're friend with someone that got their account hijacked, you get scam message like, "I report you", "you been banned", and whatever to try scare you, and they tell you to trade your items to them, or if you have a login to phishing site may have a API key on account that redirect trades, they ask you to give them money, or etc...

- If you already got your account compromise by them, they change your display name to banned, or whatever, your display picture as well, they may delete your friends, and try to spend your wallet funds if you have any, also trade all your items, but if they see if you have mobile authenticator attached, they play their scam to get you to confirm the trade to get your items off your account to their account quicker if they're able to trick you into confirming the trade.


I show you few examples.
https://steamcommunity.com/sharedfiles/filedetails/?id=2329645315
https://steamcommunity.com/sharedfiles/filedetails/?id=2570975058

https://youtu.be/JuWHCBeZrqI
https://www.youtube.com/watch?v=kook1DlxDAw
https://www.youtube.com/watch?v=0DDnV-MHSaY
https://www.youtube.com/watch?v=WfTXxLraokE

https://steamcommunity.com/discussions/forum/1/4956744526904317093/#c4956744526904653890
Last edited by Dr.Shadowds 🐉; May 1, 2022 @ 4:16pm
#4
Null May 1, 2022 @ 4:35pm 
Well, that was quite thorough. It's appreciated. Like I said I'd set up my 2A for the first time after this happened, I've also recently decided to change my password anyway, so, I do think I'm well and truly fine

Originally posted by Dr.Shadowds 🐉:
#5
Dr.Shadowds 🐉 May 1, 2022 @ 4:43pm 
Originally posted by Null:
Well, that was quite thorough. It's appreciated. Like I said I'd set up my 2A for the first time after this happened, I've also recently decided to change my password anyway, so, I do think I'm well and truly fine
Good to hear, just ensure you have no API keys, and you have nothing to worry about at all, as you have basically cover all the things.
#6
< >
Showing 1-6 of 6 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Community > Topic Details
Date Posted: Apr 28, 2022 @ 1:41pm
Posts: 6
Start a New Discussion

Discussions Rules and Guidelines