Steam Phishing/Discord Nitro Scam

Összes téma > Steam fórumok > Steam Community > Téma részletei

RedNeckSnailSpit 2022. júl. 26., 17:50

I want to preface this by saying that the account that was stolen in the following story was not one I ever planned on using. I created it years ago, forgot about it, and tried to create a new account just to see what these scammers were up to, only to find out about the pre-existing account. I was 100% expecting the account to be stolen in some way or another, and used it with the sole purpose of seeing how this scam works, and if it was possible to recover the account at all.

So here's how it starts: Some random user posts a few links in a Discord server claiming there's a free Discord Nitro giveaway. These are 1 month or 3 month subscriptions, and all you have to do is sign up with your Steam account.

I was already feeling like this is likely a scam, before I even saw the sketchy looking links. After clicking the links, the site gave me a quick run down of the Discord Nitro perks, the subscription time, etc. and had a button to sign up. Clicking it then either opens a popup window (Which in my case, using Opera GX, did not allow me to see the URL used to log into Steam), while the other takes you to /something/login on the actual site itself.

So I had a look at them and initially decided to see what happens if I enter an non-existent account and random password. So I used some profane words in the username and password, and was told the account does not exist. Curious. So I decided to create a new account and see what happens then.

So I used an old email address on the real Steam site to create a new account, then I logged in with those credentials, expecting to be told my account name does not exist. Turns out it I was wrong.

I was welcomed like any other Steam login, and was then told I needed a code sent to my email address to complete the login process. I got the code, entered it into the login page, and was told the code was incorrect. So I checked my email again, and strangely Steam had sent me a second code. So I entered that one. I was then told my account was successfully logged in, and was good to go.

After this, I went to the real Steam and attempted to log in again (As I was automatically signed out after logging into the scam site), only to find that my password had been changed. I checked my email again, and was told my account's email address was changed. So clicked the recovery link.

Steam then asks me to attempt a login, which of course did not work since both the email and password were changed. I then Clicked the button under the login form stating that I could not log in, and it asks me if I could try using a code sent to the associated email address. Of course I can't, because the email address was changed and I never had access to it in the first place. So I then clicked "I no longer have access to this email address" (and never did) and was greeted with a lovely page essentially stating "You can't do anything, because your account was self-locked. Try again later."

Of course, trying again later will only ever result in the same issue.

I honestly expected more from the recovery system. I clicked the link well within 5 minutes of having the account stolen, and there is literally no way on this platform to recover the account, regardless.

The login process is very similar to that of logging into steam through any other site, or on Steam itself. The page looks identical, the login process is identical, and the only clues are the sketchy URLs and the second verification code. Steam does say never to enter these codes onto untrusted sites within the emails, but the code is so much larger than any other text, and stands out so well, and honestly who cares about what was said before or after the code in that email anyway? I don't know a single person alive who would ever read that email instead of just copying the code and pasting into the login page.

If there was simply some way of recovering the account through the link sent by Steam when the email address is changed, it would have recovered the account in no time. Instead, because the account was instantly locked at the same time that the email address, username, and password were all changed at exactly the same moment, the account will now be lost forever.

On the bright side, I can now use the email address to create new accounts and experiment further with these scammers.

Just wanted to share this story, and my disappointment in the account recovery system.

I highly recommend setting up a free email account with some online service (Gmail, Yahoo, Live, whatever you like) and creating a free secondary Steam account. Use a unique password on the account, and make sure it's an account you'll never miss. If you ever find yourself on a website you don't trust, use the new "throw-away" account to log in, and if the account is stolen, you've lost nothing. Instead, you can now use the same email address to create a new throw-away account and keep your main account for the actual, legitimate websites.

Legutóbb szerkesztette: RedNeckSnailSpit; 2022. júl. 26., 17:54

< >

1–15/21 megjegyzés mutatása

Judgmental Amaterasu 2022. júl. 26., 17:57

Or you know, don't login to sites you don't trust.

RedNeckSnailSpit 2022. júl. 26., 18:07

Big Bridge.mp4 eredeti hozzászólása:
Or you know, don't login to sites you don't trust.

Yes, I agree, but tell that to a 13 year old Roblox player who wants free Discord Nitro.

C²C^Guyver |NZB| 2022. júl. 26., 23:20

You do realize that fake login sites are nothing new and that Steam Support already covered it?

Account Phishing
Attempting to trick other users into providing password information is commonly called "phishing" - unfortunately, some individuals are using deceptive Steam Friends names to request password information from other users. Steam Support does not use the Friends network to contact users, nor will we request CD Key or credit card purchase information unless you have contacted us for assistance by using the Steam Support System.

If you receive a link from another user, especially one claiming free access to Steam content, use extreme caution! All official Steam logins are directed to the www.steampowered.com, store.steampowered.com, steamcommunity.com, or help.steampowered.com domains. If you suspect a site asking for your login information is not an official Steam site, do not enter any information on the site and disregard it.

https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

C²C^Guyver |NZB| 2022. júl. 26., 23:25

The account wasn't stolen either, the term is hijacked. You can't steal something when you willingly hand over the keys..

ReBoot 2022. júl. 26., 23:40

RedNeckSnailSpit eredeti hozzászólása:
Yes, I agree, but tell that to a 13 year old Roblox player who wants free Discord Nitro.

With 13, your parents should've taught you a thing or two about life.

Account recovery is very much possible though. Accounts can be recovered when locked. All you need is the account name (or better, phone# but the account name works fine) and proof of ownership. While you are, of course, free to give up, don't spread alternative facts.

Legutóbb szerkesztette: ReBoot; 2022. júl. 26., 23:49

C²C^Guyver |NZB| 2022. júl. 26., 23:44

If that's your account and you're 13 years old, did your parents even give you permission to create that account at 5 years old? Steam is not designed for children under the age of 13 and you would have had to have been 5 when that account was created.

Legutóbb szerkesztette: C²C^Guyver |NZB|; 2022. júl. 26., 23:48

J4MESOX4D 2022. júl. 27., 1:31

RedNeckSnailSpit eredeti hozzászólása:
Big Bridge.mp4 eredeti hozzászólása:
Or you know, don't login to sites you don't trust.

Yes, I agree, but tell that to a 13 year old Roblox player who wants free Discord Nitro.

A great lesson learned.

RedNeckSnailSpit 2022. júl. 27., 3:40

C²C^Guyver |NZB| eredeti hozzászólása:
You do realize that fake login sites are nothing new and that Steam Support already covered it?

Account Phishing
Attempting to trick other users into providing password information is commonly called "phishing" - unfortunately, some individuals are using deceptive Steam Friends names to request password information from other users. Steam Support does not use the Friends network to contact users, nor will we request CD Key or credit card purchase information unless you have contacted us for assistance by using the Steam Support System.

If you receive a link from another user, especially one claiming free access to Steam content, use extreme caution! All official Steam logins are directed to the www.steampowered.com, store.steampowered.com, steamcommunity.com, or help.steampowered.com domains. If you suspect a site asking for your login information is not an official Steam site, do not enter any information on the site and disregard it.

https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

I don't know a single person on this platform who actually bothers to read any of the FAQs unless specifically directed to the FAQ, or after dealing with a related problem. I've already attempted recovering the account several times, and there is no way of recovering it.

C²C^Guyver |NZB| eredeti hozzászólása:
The account wasn't stolen either, the term is hijacked. You can't steal something when you willingly hand over the keys..

If you read as far as the first paragraph, you'll already know that the entire intent of the fake account was for the pure purpose of having it stolen and seeing how the scam works.

ReBoot eredeti hozzászólása:
RedNeckSnailSpit eredeti hozzászólása:
Yes, I agree, but tell that to a 13 year old Roblox player who wants free Discord Nitro.
With 13, your parents should've taught you a thing or two about life.

Account recovery is very much possible though. Accounts can be recovered when locked. All you need is the account name (or better, phone# but the account name works fine) and proof of ownership. While you are, of course, free to give up, don't spread alternative facts.

Again, I've tried. The account is not recoverable.

C²C^Guyver |NZB| eredeti hozzászólása:
If that's your account and you're 13 years old, did your parents even give you permission to create that account at 5 years old? Steam is not designed for children under the age of 13 and you would have had to have been 5 when that account was created.

I never said I was 13. Not once in any of my posts have I ever said I was 13. I simply mentioned concern for younger players who may be more susceptible to these scams.

Judgmental Amaterasu 2022. júl. 27., 7:31

RedNeckSnailSpit eredeti hozzászólása:
C²C^Guyver |NZB| eredeti hozzászólása:
You do realize that fake login sites are nothing new and that Steam Support already covered it?

Account Phishing
Attempting to trick other users into providing password information is commonly called "phishing" - unfortunately, some individuals are using deceptive Steam Friends names to request password information from other users. Steam Support does not use the Friends network to contact users, nor will we request CD Key or credit card purchase information unless you have contacted us for assistance by using the Steam Support System.

If you receive a link from another user, especially one claiming free access to Steam content, use extreme caution! All official Steam logins are directed to the www.steampowered.com, store.steampowered.com, steamcommunity.com, or help.steampowered.com domains. If you suspect a site asking for your login information is not an official Steam site, do not enter any information on the site and disregard it.

https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

I don't know a single person on this platform who actually bothers to read any of the FAQs unless specifically directed to the FAQ, or after dealing with a related problem. I've already attempted recovering the account several times, and there is no way of recovering it.

C²C^Guyver |NZB| eredeti hozzászólása:
The account wasn't stolen either, the term is hijacked. You can't steal something when you willingly hand over the keys..
If you read as far as the first paragraph, you'll already know that the entire intent of the fake account was for the pure purpose of having it stolen and seeing how the scam works.

ReBoot eredeti hozzászólása:
With 13, your parents should've taught you a thing or two about life.

Account recovery is very much possible though. Accounts can be recovered when locked. All you need is the account name (or better, phone# but the account name works fine) and proof of ownership. While you are, of course, free to give up, don't spread alternative facts.
Again, I've tried. The account is not recoverable.

C²C^Guyver |NZB| eredeti hozzászólása:
If that's your account and you're 13 years old, did your parents even give you permission to create that account at 5 years old? Steam is not designed for children under the age of 13 and you would have had to have been 5 when that account was created.
I never said I was 13. Not once in any of my posts have I ever said I was 13. I simply mentioned concern for younger players who may be more susceptible to these scams.

So why would they bother to read your PSA in the sea of PSAs?

Phoenix 2022. júl. 27., 7:36

This scam has literally been around four years. You posting about this isn't going to help anybody either, because - as you pointed out - people wo get scammed don't tend to read, let alone comprehend, this type of info.

#10

nullable 2022. júl. 27., 7:53

RedNeckSnailSpit eredeti hozzászólása:
Big Bridge.mp4 eredeti hozzászólása:
Or you know, don't login to sites you don't trust.

Yes, I agree, but tell that to a 13 year old Roblox player who wants free Discord Nitro.

Well sounds like you're on the hook for some painful lessons if that's your position.

#11

C²C^Guyver |NZB| 2022. júl. 27., 8:06

RedNeckSnailSpit eredeti hozzászólása:
C²C^Guyver |NZB| eredeti hozzászólása:
You do realize that fake login sites are nothing new and that Steam Support already covered it?

Account Phishing
Attempting to trick other users into providing password information is commonly called "phishing" - unfortunately, some individuals are using deceptive Steam Friends names to request password information from other users. Steam Support does not use the Friends network to contact users, nor will we request CD Key or credit card purchase information unless you have contacted us for assistance by using the Steam Support System.

If you receive a link from another user, especially one claiming free access to Steam content, use extreme caution! All official Steam logins are directed to the www.steampowered.com, store.steampowered.com, steamcommunity.com, or help.steampowered.com domains. If you suspect a site asking for your login information is not an official Steam site, do not enter any information on the site and disregard it.

https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60

I don't know a single person on this platform who actually bothers to read any of the FAQs unless specifically directed to the FAQ, or after dealing with a related problem. I've already attempted recovering the account several times, and there is no way of recovering it.

C²C^Guyver |NZB| eredeti hozzászólása:
The account wasn't stolen either, the term is hijacked. You can't steal something when you willingly hand over the keys..
If you read as far as the first paragraph, you'll already know that the entire intent of the fake account was for the pure purpose of having it stolen and seeing how the scam works.

ReBoot eredeti hozzászólása:
With 13, your parents should've taught you a thing or two about life.

Account recovery is very much possible though. Accounts can be recovered when locked. All you need is the account name (or better, phone# but the account name works fine) and proof of ownership. While you are, of course, free to give up, don't spread alternative facts.
Again, I've tried. The account is not recoverable.

C²C^Guyver |NZB| eredeti hozzászólása:
If that's your account and you're 13 years old, did your parents even give you permission to create that account at 5 years old? Steam is not designed for children under the age of 13 and you would have had to have been 5 when that account was created.
I never said I was 13. Not once in any of my posts have I ever said I was 13. I simply mentioned concern for younger players who may be more susceptible to these scams.

If you can't be asked to read anything, then you shouldn't be surprised that you got yourself in this situation. You didn't bother to read anything that Valve says, but you want others to read what you say? Again, your account was hijacked, not stolen.

Legutóbb szerkesztette: C²C^Guyver |NZB|; 2022. júl. 27., 8:08

#12

RedNeckSnailSpit 2022. júl. 27., 8:32

C²C^Guyver |NZB| eredeti hozzászólása:
RedNeckSnailSpit eredeti hozzászólása:

I don't know a single person on this platform who actually bothers to read any of the FAQs unless specifically directed to the FAQ, or after dealing with a related problem. I've already attempted recovering the account several times, and there is no way of recovering it.

If you read as far as the first paragraph, you'll already know that the entire intent of the fake account was for the pure purpose of having it stolen and seeing how the scam works.

Again, I've tried. The account is not recoverable.

I never said I was 13. Not once in any of my posts have I ever said I was 13. I simply mentioned concern for younger players who may be more susceptible to these scams.
If you can't be asked to read anything, then you shouldn't be surprised that you got yourself in this situation. You didn't bother to read anything that Valve says, but you want others to read what you say? Again, your account was hijacked, not stolen.

I never said I never read any of it. Clearly you didn't get passed the first paragraph.

#13

RedNeckSnailSpit 2022. júl. 27., 9:25

Let's get some things straight here:

I created the account and used it solely to see exactly how the process works. I had absolutely no intent of ever using the account or ever logging in ever again. If it was lost, it was lost, and I couldn't care less.

For those of you who believe yourselves to be "smart" adults who would never fall for this, good on you, but keep in mind that this platform is available to anyone over the age of 13, and last I checked a simple checkbox saying "I agree that I'm at least 13 years of age" never stopped a 10 year old from making an account.

This post was never about recovering the account. I couldn't care less about that. This post was about expressing disappointment in the account recovery system, when children who are much more susceptible to these scams may end up losing accounts worth a fair amount after their parents bought several items for them, especially over the holiday periods.

The simple fact that these scams have been around for years is a clear indication that they work. If they did not work, the scammers would have moved on to another method or another platform. If you're not a 13 year old child getting caught in these scams, good for you, keep doing what you're doing. This post is not here for you. This post is purely my own expression of pure disappointment in the account recovery system.

If a younger user does ever end up falling for this, which would not be surprising in the least, that account will be lost, and the scammers would have won however much the account may have been worth, either through resale of the account, or through transfer and sale of items to another account.

Stating "just don't log into dodgy sites" is not protecting anyone. Stating "This has been around for ages" is not protecting anyone. Without a viable account recovery system, any other form of attempting to protect user data and ownership is completely lost to the wind.

I'm not concerned about the preventative measures already in place. Those are already about as good as they can get. I'm concerned about the recovery measures. Without adequate recovery measures put into place, any account taken over by a scammer or hacker of any kind, is as good as gone.

#14

KalGimpa 2022. júl. 27., 9:30

RedNeckSnailSpit eredeti hozzászólása:
Let's get some things straight here:

I created the account and used it solely to see exactly how the process works. I had absolutely no intent of ever using the account or ever logging in ever again. If it was lost, it was lost, and I couldn't care less.

For those of you who believe yourselves to be "smart" adults who would never fall for this, good on you, but keep in mind that this platform is available to anyone over the age of 13, and last I checked a simple checkbox saying "I agree that I'm at least 13 years of age" never stopped a 10 year old from making an account.

This post was never about recovering the account. I couldn't care less about that. This post was about expressing disappointment in the account recovery system, when children who are much more susceptible to these scams may end up losing accounts worth a fair amount after their parents bought several items for them, especially over the holiday periods.

The simple fact that these scams have been around for years is a clear indication that they work. If they did not work, the scammers would have moved on to another method or another platform. If you're not a 13 year old child getting caught in these scams, good for you, keep doing what you're doing. This post is not here for you. This post is purely my own expression of pure disappointment in the account recovery system.

If a younger user does ever end up falling for this, which would not be surprising in the least, that account will be lost, and the scammers would have won however much the account may have been worth, either through resale of the account, or through transfer and sale of items to another account.

Stating "just don't log into dodgy sites" is not protecting anyone. Stating "This has been around for ages" is not protecting anyone. Without a viable account recovery system, any other form of attempting to protect user data and ownership is completely lost to the wind.

I'm not concerned about the preventative measures already in place. Those are already about as good as they can get. I'm concerned about the recovery measures. Without adequate recovery measures put into place, any account taken over by a scammer or hacker of any kind, is as good as gone.

so, now that i see that this is about saving the kid, what is it that you suggest?

the only answer to this problem is

"do not log into dodgy sites!!!"

these all work by luring/scaring the gullible into giving over their info.

if a 13 year old kid is too "stupid" to know this, you, as the parent, should know that. do not let that kid on the computer alone.

so, what exactly is it that you suggest be done to stop "stupid" kids from doing stupid things?

edit:the "you" is the royal you, not you specifically

edit2:before it goes too far, i had 3 "stupid" kids. at one point, almost all of them are. i put blocks and made sure the one that just could not get it past his thick skull that he could not click any link he saw (amazing enough, i am going through this same flippin problem with my mom right now), had no access without me until he learned

Legutóbb szerkesztette: KalGimpa; 2022. júl. 27., 9:35

#15

< >

1–15/21 megjegyzés mutatása

Laponként: 1530 50

Összes téma > Steam fórumok > Steam Community > Téma részletei

Közzétéve: 2022. júl. 26., 17:50

Hozzászólások: 21

Új téma nyitása

Hozzászólási szabályok és irányelvek

Hozzászólás jelentése