It's not new. . . .

A scam from 4 years ago that was a scam from 6 years ago that was a scam from 8 ...

You can see the pattern.

But yes, if you meet new people on Steam, let them know.

The 10 year anniversary of this 'new' scam method is coming this year practically. The fake Steam login pages were the first example of capture malware targeting Steam users. Even the newest scam on here is a good 5 years old.

This form of scam has been in existence long before Steam.

This form of scam exist for more, than the whole steam does!

https://en.wikipedia.org/wiki/Phishing

"New scam"

Originally posted by IronKnightAquila:

https://en.wikipedia.org/wiki/Phishing

"New scam"

:D scam link!!!!!!

Originally posted by Jduke:

This scam can be easily avoided if you inspect the link, however you could easily get your account hacked when your unsuspecting it or if you click.

No, it can't. Clicking a link and visiting a scam site won't do anything. There's no such thing as your Steam account getting magically hacked as soon as you visit such websites.

The real issue happens when people are dumb enough to try and log into such websites using their real Steam account. See... if a website can use Steam to log on then it will never ask for a username & password as long as you're already logged onto Steam.

A legit website will then only show you your Steam username and ask for a comfirmation about really wanting to log onto the 3rd party website. That's it and that's all.

Just visiting such a website is completely harmless.

Originally posted by Jduke:

If you fell victim to this scam then change your password immediately and do a virus scan as someone here stated on a reddit post i made they had malware and removing the malware stopped the messages from being sent.

Bad advice, because changing your password won't do anything for you.

• First you need to remove the Steam API key that has been put in place, check this link for an overview of your active keys: https://steamcommunity.com/dev/apikey
  
• Second; you need to un-authorize all other devices so that every session which uses your account gets invalidated and thus needs to log on again. You do this on the SteamGuard page here: https://store.steampowered.com/twofactor/manage
  
• And finally, yes, only after those two other steps do you change your password. Though.. it's more to rule out any other issues because attackers can't get your password (nor any other important details like creditcards) through Steam.

The thing is: scam websites use bots, and as soon as they got your data they'll log onto your account, plant an API key and that gives them nearly full access to your account and the things you do. Needless to say but changing your password doesn't help to prevent this, only the removal of the API key does.


The best course of action when something like this happens to you is to report the account that sent you the scam link, then unfriend them. Optionally block 'm as well but that's up to you.

Also... I appreciate your effort trying to warn other users but... it's pointless. I mean, us regular get to see these kinds of messages several times a day and obviously you managed to miss all of those. So what makes you think other Steamers are going to see this? ;)

No offense intended, like I said it definitely does you credit that you're taking the time & effort to try and help people. But you really need to update your knowledge on these issues if you do because like I said: just changing your password is pointless, and basically very bad advice to give out.

Originally posted by ShelLuser:

Originally posted by Jduke:

This scam can be easily avoided if you inspect the link, however you could easily get your account hacked when your unsuspecting it or if you click.

No, it can't. Clicking a link and visiting a scam site won't do anything. There's no such thing as your Steam account getting magically hacked as soon as you visit such websites.

The real issue happens when people are dumb enough to try and log into such websites using their real Steam account. See... if a website can use Steam to log on then it will never ask for a username & password as long as you're already logged onto Steam.

A legit website will then only show you your Steam username and ask for a comfirmation about really wanting to log onto the 3rd party website. That's it and that's all.

Just visiting such a website is completely harmless.

Originally posted by Jduke:

If you fell victim to this scam then change your password immediately and do a virus scan as someone here stated on a reddit post i made they had malware and removing the malware stopped the messages from being sent.

Bad advice, because changing your password won't do anything for you.

• First you need to remove the Steam API key that has been put in place, check this link for an overview of your active keys: https://steamcommunity.com/dev/apikey
  
• Second; you need to un-authorize all other devices so that every session which uses your account gets invalidated and thus needs to log on again. You do this on the SteamGuard page here: https://store.steampowered.com/twofactor/manage
  
• And finally, yes, only after those two other steps do you change your password. Though.. it's more to rule out any other issues because attackers can't get your password (nor any other important details like creditcards) through Steam.

The thing is: scam websites use bots, and as soon as they got your data they'll log onto your account, plant an API key and that gives them nearly full access to your account and the things you do. Needless to say but changing your password doesn't help to prevent this, only the removal of the API key does.


The best course of action when something like this happens to you is to report the account that sent you the scam link, then unfriend them. Optionally block 'm as well but that's up to you.

Also... I appreciate your effort trying to warn other users but... it's pointless. I mean, us regular get to see these kinds of messages several times a day and obviously you managed to miss all of those. So what makes you think other Steamers are going to see this? ;)

No offense intended, like I said it definitely does you credit that you're taking the time & effort to try and help people. But you really need to update your knowledge on these issues if you do because like I said: just changing your password is pointless, and basically very bad advice to give out.

Thanks for the issues you pointed out. Ill be honest i was rushing to make this post because i had to do something so its not up to quality standards
Had done some edits

I didn't want to make this but alot were falling for it soo.

Something i would like to point out the reason why i mentioned to not "click on the link" is because some people didn't even click any suspicious links but there account is still sending phishing links.
Someone even said they had malware on there computer and removing it stopped the messages from being sent