My account may be compromised [URGENT]

所有讨论 > Steam 论坛 > Steam Community > 主题详情

Razeworks 2022 年 8 月 13 日上午 9:09

Recently I’ve had an influx of bots messaging me on Steam trying to send me phishing links so that they can scam my items (I have quite a valuable CS:GO inventory).

Yesterday, while in VC with a friend I decided to humor one of them to see what type of scam they would pull. They talked a little at first and eventually sent the expected phishing link. Now here’s where my idiocy comes into play…

I ACCIDENTALLY clicked the embedded image attatched to the link and was immediately redirected to a malicious website without any warning step from steam. Seconds after it happened I hammered CTRL + W and closed the tab however I don’t know if it was too late. Would it have been possible that my steam account is compromised? The hacker tried to get me to click the link by telling me he had all his skins on a trading website and attatched a fake link that read [trading website] with .uk.com afterward instead of [tradingwebsite] with .com afterwards.

The thing is I never entered any credentials which could be their method of trying to get my account as I immediately left the page. However, I have heard of hacks where they download malware to your device and then use it to steal passwords or they take the unique cookies in your browser etc. and make it appear to steam as though they are logging in from the same computer you’re using.

I’ve done the obvious stuff (Changed passwords, cleared cookies and online data, set account to private and blocked the scammer, logged all accounts off remotely) I’ve also had steam guard active for years. However I’m still really paranoid, I’ve even transferred all of my skins to my aforementioned friends account temporarily so he can look after them.

I suppose my question to all you people who know their ♥♥♥♥ is: should I be worried? Is it even possible my account got hacked what with the precautions I’ve taken? They haven’t taken any of the leftover items in my inventory so perhaps I’m in the clear. Could I have messed myself up by simply clicking the link? Please do let me know!

最后由 Razeworks 编辑于; 2022 年 8 月 13 日上午 9:53

该主题的作者已标记一个回帖作为问题的解答。
点击这里跳转至那一条帖子。

引用自 MagicMight:

Not trying to make you any more skittish around the internet OP, but just for the sake of actually giving out correct information: what you are describing is anything but an urban legend. Drive-by malware infection — as in, infection by simply visiting a web page and performing no other action — does exist.

Now, is it something to really worry about? The truth is that it's quite rare nowadays. The reason is that in order to be infected the aggressor must either take advantage of a browser, addon or OS vulnerability. So as long as you have your browser updated, do not use any addons other than Noscript (or its equivalent) and Ublock origin (or its equivalent) you are most likely fine. In addition to that, the scammers have figured out that the social engineering method to exploit people still works, is much easier to use and costs less. So it has become the most prevalent method and other, more esoteric methods are used less. This rings true especially for Steam related scams where they exclusively use the latter.

Go ahead and enter the scammer's link to virustotal.com and see what results you get. Also, if that link contained login fields (I am not suggesting that you open the link again in an environment that is not sandboxed of course) it would be one more confirmation that it is just a phising attempt and not anything else.

In conclusion: if I were you I would not worry, especially if the link did not have time to properly open. However it is good to know the facts. And if you don't have those two addons I mention above I strongly suggest that you download them right away.

< >

正在显示第 1 - 15 条，共 23 条留言

Unn4m3d (♥AUT♥) 2022 年 8 月 13 日上午 9:22

Take those Links out of your post.

最后由 Unn4m3d (♥AUT♥) 编辑于; 2022 年 8 月 13 日上午 9:23

C²C^Guyver |NZB| 2022 年 8 月 13 日上午 9:24

Yeah, saying that you got hijacked by clicking links and then turning around and posting those links here....is not a good idea nor is it allowed.

最后由 C²C^Guyver |NZB| 编辑于; 2022 年 8 月 13 日上午 9:26

Razeworks 2022 年 8 月 13 日上午 9:43

引用自 C²C^Guyver |NZB|：
Yeah, saying that you got hijacked by clicking links and then turning around and posting those links here....is not a good idea nor is it allowed.

I put it there incase anyone had heard of the scam or encountered the website before

KalGimpa 2022 年 8 月 13 日上午 9:45

sorry it happened, partner. follow these steps

引用自 Wolf Knight：
Steps to take NOW:

if you still ahve access to your acount

make sure to do all of these

DO NOT TRADE

1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a trusted/clean computer.
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

if you do not have access to your account

Account Recovery
Make sure you are completely logged out of Steam before you start the recovery process

ttps:/help.steampowered.com/en/wizard/HelpWithAccountStolen
https://support.steampowered.com/kb_article.php?ref=2347-qdfn-4366

Here is a guide that another Steam user was kind enough to make. It will help you navigate your way thru the recovery process if you are having any problems.
https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560

While waiting for support to return the account, figure out how you gave away the account log in (if you haven't already done so). All 3rd party sites are USE AT OWN RISK.

make sure that you use a secured browser and are not logged into steam when you do it

also

引用自 Razeworks：
引用自 C²C^Guyver |NZB|：
Yeah, saying that you got hijacked by clicking links and then turning around and posting those links here....is not a good idea nor is it allowed.

I put it there incase anyone had heard of the scam or encountered the website before

don't do that. it just promotes the sites and can get you a warning or ban

you should edit them out

最后由 KalGimpa 编辑于; 2022 年 8 月 13 日上午 9:45

Unn4m3d (♥AUT♥) 2022 年 8 月 13 日上午 9:45

引用自 Razeworks：
引用自 C²C^Guyver |NZB|：
Yeah, saying that you got hijacked by clicking links and then turning around and posting those links here....is not a good idea nor is it allowed.

I put it there incase anyone had heard of the scam or encountered the website before

And thus promoting those sites. Take them out please.

ShelLuser 2022 年 8 月 13 日上午 11:13

Just clicking a link is harmless, it doesn't magically overrun your account. Trying to log into your Steam account while on such a website, that is the actual problem.

Razeworks 2022 年 8 月 13 日下午 12:36

引用自 ShelLuser：
Just clicking a link is harmless, it doesn't magically overrun your account. Trying to log into your Steam account while on such a website, that is the actual problem.

Thanks, just wanted clarification on that. Are you sure there's no such thing as stealing cookies etc. from your browser? That was just my fear as that's happened to me on other games. I appreciate you taking the time to comment on my post and help out.

Razeworks 2022 年 8 月 13 日下午 12:41

引用自 ShelLuser：
Just clicking a link is harmless, it doesn't magically overrun your account. Trying to log into your Steam account while on such a website, that is the actual problem.

I only mention the fact that clicking a link may have comprimised my account as others seem to have shared experiences in which it has happened.

See: https://steamcommunity.com/discussions/forum/1/540743757611210400/

Razeworks 2022 年 8 月 13 日下午 12:51

引用自 Razeworks：
引用自 ShelLuser：
Just clicking a link is harmless, it doesn't magically overrun your account. Trying to log into your Steam account while on such a website, that is the actual problem.
I only mention the fact that clicking a link may have comprimised my account as others seem to have shared experiences in which it has happened.

See: https://steamcommunity.com/discussions/forum/1/540743757611210400/

It's very possible they simply aren't telling the whole story however and may have downloaded / opened something without realising it was malicious. Thanks for the help.

ReBoot 2022 年 8 月 13 日下午 1:04

引用自 Razeworks：
引用自 ShelLuser：
Just clicking a link is harmless, it doesn't magically overrun your account. Trying to log into your Steam account while on such a website, that is the actual problem.
I only mention the fact that clicking a link may have comprimised my account as others seem to have shared experiences in which it has happened.

See: https://steamcommunity.com/discussions/forum/1/540743757611210400/

That's an urban legend. Fools love omitting their mistakes. Nobody mentions downloading & installing malware nor "logging into" bad sites. People love simple answers, simple stories. Especially fools. Especially if the story omits their mistakes.

最后由 ReBoot 编辑于; 2022 年 8 月 13 日下午 1:06

#10

Razeworks 2022 年 8 月 13 日下午 1:09

引用自 ReBoot：
引用自 Razeworks：
I only mention the fact that clicking a link may have comprimised my account as others seem to have shared experiences in which it has happened.

See: https://steamcommunity.com/discussions/forum/1/540743757611210400/
That's an urban legend. Fools love omitting their mistakes. Nobody mentions downloading & installing malware nor "logging into" bad sites. People love simple answers, simple stories. Especially fools. Especially if the story omits their mistakes.

Haha, there's probably a lot of truth in that.

#11

该讨论串的作者已表示此帖子解答了原先的主题。

MagicMight 2022 年 8 月 14 日上午 12:46

#12

Muppet among Puppets 2022 年 8 月 14 日上午 8:51

If someone is able to infect or steal something on your computer by you clicking a link,
why would they send you to a login page and telling you things that make you realize it?

If someone can do it, you would not know it.

#13

Razeworks 2022 年 8 月 14 日下午 1:31

引用自 MagicMight：
Not trying to make you any more skittish around the internet OP, but just for the sake of actually giving out correct information: what you are describing is anything but an urban legend. Drive-by malware infection — as in, infection by simply visiting a web page and performing no other action — does exist.

Now, is it something to really worry about? The truth is that it's quite rare nowadays. The reason is that in order to be infected the aggressor must either take advantage of a browser, addon or OS vulnerability. So as long as you have your browser updated, do not use any addons other than Noscript (or its equivalent) and Ublock origin (or its equivalent) you are most likely fine. In addition to that, the scammers have figured out that the social engineering method to exploit people still works, is much easier to use and costs less. So it has become the most prevalent method and other, more esoteric methods are used less. This rings true especially for Steam related scams where they exclusively use the latter.

Go ahead and enter the scammer's link to virustotal.com and see what results you get. Also, if that link contained login fields (I am not suggesting that you open the link again in an environment that is not sandboxed of course) it would be one more confirmation that it is just a phising attempt and not anything else.

In conclusion: if I were you I would not worry, especially if the link did not have time to properly open. However it is good to know the facts. And if you don't have those two addons I mention above I strongly suggest that you download them right away.

Thanks so much for your detailed and helpful message. After doing more digging and taking your advice I've reached quite a satisfying conclusion. After running the website in virus total it came up with a several reports of phishing. However, that wasn't enough for me and I went even further. I decided to persue your advice further and test the website in a sandboxed environment. I learned how to make a virtual machine, created one, fired it up and went to the website. It instantly prompted me to log in to steam so that I could "authenticate" myself or some ♥♥♥♥♥♥♥♥, clearly you were correct and in the end they were simply trying to get me through social engineering so that I would type in my credentials and they would have my account. I'm also very happy to say that I haven't been locked out of my account / lost any items so I think it's safe to say my account is safe.

I've definitely learned a lot here about securtiy and now I know what to do anytime something like this happens. I've also picked up all of the helpful extensions you reccomended and a good anti-virus as well as VM system. If I'm honest, I was probably due to do all of these things anyway considering how much is at stake!

You have truly put my mind at ease, and for that, I can't thank you enough.

#14

Muppet among Puppets 2022 年 8 月 14 日下午 1:40

If you look at tests, nearly all antivirus are now top picks.
I hope you did not pay much for the good antivirus and the virtual system.

You can have it for free, and if you look back you realize, you did not need it.
If your mindset was right.

#15

< >

正在显示第 1 - 15 条，共 23 条留言

每页显示数： 1530 50

所有讨论 > Steam 论坛 > Steam Community > 主题详情

发帖日期： 2022 年 8 月 13 日上午 9:09

回复数： 23

发起新讨论

讨论规则及指引

举报此帖