Todas las discusiones > Foros de Steam > Steam Community > Detalles del tema
theonlynova911 28 JUL 2024 a las 3:37 a. m.
Unauthorized Refund Scam - Be Warned, Be Weary
i noticed that every game which qualified for a self-refund (purchased recently with less than 2 hours of gameplay) had been refunded. not only that, but the individual who did it - did it form China. Neither SteamGuard's 2 step verification or anything else alerted me. I just happened to see it while it was happening. Apparently the scam goes like this, they hack your account, refund games into your steam wallet (fastest way to get access to funds), use said funds on trading cards and then sell the trading cards to themselves (selling them from my account to their account) for nothing. From their (likely dummy account) they sell all of the trading cards and use the pure profit for themselves. If this is happening to you it is likely because they have access to your email and can set your SteamPowered alerts to go to SPAM (they did not have time to do this but have attempted to sign back into my email and steam accounts over 100 times in the past 24 hours). hat even though i caught this activity as it was happening and the refunds were still pending, steam was unwilling to halt the refunds and any games i that i got on sale (which are no longer on sale) i now have to pay full price for. Their answer to my request for assistance was "change your password and spend the refunded money before the hacker does because they may still have access. Because of their VPN it appears they are attempting to sign in from everywhere in the world BUT china, however, the emails that they were unable to block me from receiving were all in Chinese as that is how THEIR personal steam software is likely setup (just like mine still reads in English even when i use it non-English speaking countries).

Interestingly, the hacker first attempted to test their access of my account by selling me a bunch of trading cards for nothing (they, using my account, made the purchase). I saw all of the badges appear on my account from one moment to the next, sold them all and cashed out which must have infuriated the hacker which is why, despite their test failing, they are still causing my great headache with the knowledge they will not profit but that at least i'll have to deal with the hassle for accidentally profiting on their partially successful (albeit not financially successful) hack of my account.

How to Resolve (maybe? we'll see)

unauthorizing steam from on all devices, changing my passwords on all logins (steam related and otherwise), running anti-malware/spyware/phishing software (which i always do and i still have found anything in that regard), purchasing games that i am sure not to refund via 3rd party steam-key vendors (they were unaffected) , checking your spam/trash folders for any missed emails from SteamPowered (especially those in Chinese, Russian, and Indian). Understand that despite their infamous monopoly over PC games and vast sums of wealth, STEAM will not help you recover your games, cannot reverse refunds (even if they have been pending for mere minutes), and you will lose out on any discounts from sales that are no longer current.

WHAT TO TAKE AWAY:

the phenomenon has been happening to others since mid-June. Look out for unauthorized refunds directly to your Steam Wallet"...as SteamGuard was entirely unable to identify and prevent over $200 in refunds within an hour as suspicious behavior that i needed to be alerted to, i do not trust them to keep it from happening again. None of my anti-malware software has identified anything amiss and the only other account that was compromised and related was Microsoft (which alerted me to the suspicious activity and once again, their Microsoft Authentication App was unable to prevent this) I am now staying up until, watching the damn pending refund so that i can spend it "before they do"...the only games that were not affected were games purchased by 3rd party vendors (fannaticall etc.). I am deeply disappointed that i lost progress in a few games and annoyed that i will have to re-download others...i am furious that i have entirely lost great games that i got during incredible sales (five out of nine games that were refunded) and will not be able to afford them at full price for some time.

CONCLUSION: there may be no full-proof solution or preventative measures (but i'm definitely open to suggestions)
I was/am as careful as one can be and still this could not be prevented (i haven't found anything yet that showed there was something more i could have done on my end to prevent this other than delete entire accounts and create new ones which will inevitably become compromised as well. rinse. repeat.
~or~
i can run every game i purchase for 2 hours upon purchasing them. just leave them running , two at a time so that they CAN'T be refunded. These are not feasible and reasonable options, respectively.
~or~
purchase all games from 3rd party steam-key vendors as they cannot seem to be affected by the scam (evidenced by what was and was not refunded within my recent purchases)

COMMUNITY:
Has anyone else experienced this? did they find a solution? Was Steam able to assist in any meaningful way? Is there a way to firewall transactions being made outside of one's own country? is there a way to get SteamGaurd to alert me when massive refunds are being authorized in short periods of time? the hacker even received an email (in chinese to my formerly compromised email adderss that they had access to) from Steampowered suggesting that they review the games before requesting refunds because they had refunded so many games so quickly....yet that didn't raise any redflags? especially when one considers i've NEVER requested a refund for a game despite using Steam since the Half-Life 2 episodes were released (its bloody founding).
< >
Mostrando 1-15 de 23 comentarios
Zarineth 28 JUL 2024 a las 3:48 a. m. 
It looks like a common case of compromised account with hijackers trying to milk it as much as they can.
#1
Unn4m3d (♥AUT♥) 28 JUL 2024 a las 3:51 a. m. 
Your account is compromised. You leaked your account information somewhere.
Nobody "hacked" you, and you didn't get any alerts because you gave away your account information including Steam guard Code, thus letting them in.


1. Scan for malware. https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage
4. Change passwords from a clean computer.
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

Follow the Steps, one by one.
#2
theonlynova911 28 JUL 2024 a las 4:08 a. m. 
have malware bytes on all computers. all numbers on accounts still mine. already deauthorized devices and do so on regular basis. change passwords on all devices every 15 dayts.

Publicado originalmente por Unn4m3d (♥AUT♥):
Your account is compromised. You leaked your account information somewhere.
Nobody "hacked" you, and you didn't get any alerts because you gave away your account information including Steam guard Code, thus letting them in.
highly doubtful,
'here's why


1. Scan for malware. https://www.malwarebytes.com/ (done a decade ago)
2. Check that the email and phone number on the Steam account are still yours. (done every day for months. im meticulous which is how i caught this happening as it happened)
3. Deauthorize all other devices. https://store.steampowered.com/twofactor/manage (do this every 15 days)
4. Change passwords from a clean computer (own over ten computers. all passwords changed from a different computer on a biweekly cycle).
5. Generate new backup codes for your Mobile App. https://store.steampowered.com/twofactor/manage (i'm not a child. i saw that you gave this response to someone else too)
6. Revoke the API key (there should be no key). https://steamcommunity.com/dev/apikey

(Checked. there is no key)


.

have malware bytes on all computers (working with windows defender) - premium version for decades. all numbers on accounts still mine and have remained mine. no changes. already deauthorized devices and do so on regular basis (once every week since an ebay account was hacked six months ago). change passwords on all devices every 15 days (have a special alarm that goes off in my gaming room and workplace office reminding me to do so).
#3
theonlynova911 28 JUL 2024 a las 4:10 a. m. 
had malwarebytes with regualr scans for OVER a decade (not decades or once a decade ago as my previous wording may have implied). anyone got anything that isn't on that list is everything on that list is performed on a regular basis has been for quite some time.
#4
KalGimpa 28 JUL 2024 a las 4:18 a. m. 
Publicado originalmente por theonlynova911:
had malwarebytes with regualr scans for OVER a decade (not decades or once a decade ago as my previous wording may have implied). anyone got anything that isn't on that list is everything on that list is performed on a regular basis has been for quite some time.

sorry it happened, partner

phishing and free sites are the major way people get their accounts taken

have you used any third party site that asks fro your log in?

talked with anyone on discord that asked for info?

do you reuse passwords?

there have been a couple of major breeches lately, including at&t

i have not seen anything about steam getting hit, though
#5
theonlynova911 28 JUL 2024 a las 4:19 a. m. 
so i suppose the question for UNAMED is, how does one prevent a leak that kind of information with the aforementioned levels of security, constant password changing from fresh computers, 2 step verification, password encryption key software and storage along with a myriad of superfluous biometrics?
#6
theonlynova911 28 JUL 2024 a las 4:23 a. m. 
Publicado originalmente por KalCuey:
Publicado originalmente por theonlynova911:
had malwarebytes with regualr scans for OVER a decade (not decades or once a decade ago as my previous wording may have implied). anyone got anything that isn't on that list is everything on that list is performed on a regular basis has been for quite some time.

sorry it happened, partner

phishing and free sites are the major way people get their accounts taken
free sites like piracy websites?

have you used any third party site that asks fro your log in?
does Epic Games count? (my epic games has not been affected by anything like this)

talked with anyone on discord that asked for info?
(don't speak on discord nor would i ever provide that information to anyone other than a steam login text field)

do you reuse passwords?
i used to until six months ago when i had a major paypal disaster. this left me hyper-vigilant. i change my passwords bi-weekly - using fresh computers. 2-step verification for everything. my passwords are strings of letters of numbers that are difficult if not impossible for me to memorize but i have them written in a notebook in a safe nailed to my wall.

there have been a couple of major breeches lately, including at&t
i use COX as does my place of work.

i have not seen anything about steam getting hit, though
neither have i
#7
theonlynova911 28 JUL 2024 a las 4:26 a. m. 
Publicado originalmente por theonlynova911:
had malwarebytes with regualr scans for OVER a decade (not decades or once a decade ago as my previous wording may have implied). anyone got anything that isn't on that list is everything on that list is performed on a regular basis has been for quite some time.
nameless, my initial response was rather defensive and a tad hostile. i didn't mean it to be, i was just frustrated because your suggestions for prevention are part of my regular bi-weekly routine and although maybe helpful for someone who has no idea what they are doing were profoundly unhelpful for me. regardless, your suggestions (e.g. my already established security protocols) werent enough. i have even abandoned logging into some of my previously compromised accounts on the computers that i was using at those times and now use different ones to (first change the password) and access those accounts that cannot be deleted and replaced - the rest being...deleted and replaced. still it wasn't enough.

my identity was stolen over a year ago and this led to hyper-vigilance on all fronts.

i was slightly offended when you stated that i had given my information away but i misread what you meant...my information was leaked by microsoft and SG was bypassed using that account by having codes sent to the primary email (which i already stated was the compromised source of the issue. no microsoft email no issue with steam. no microsoft data leak, no issue with steam...so no sir, it is highly unlikely that i 'gave my information' away.) and one can see various sign in attempts and approvals given (whether one made them or not) and thus i can easily see that ever single sign in approved in steam gaurd was approved by me.
Última edición por theonlynova911; 28 JUL 2024 a las 5:45 a. m.
#8
theonlynova911 28 JUL 2024 a las 4:28 a. m. 
Publicado originalmente por Zarineth:
It looks like a common case of compromised account with hijackers trying to milk it as much as they can.
it would seem so. i'm repurchasing the games (that i can) as we speak and am literally running as many as i can simultaneously on their menu screens for the next few hours so that they can't be refunded.
#9
KalGimpa 28 JUL 2024 a las 4:51 a. m. 
Publicado originalmente por theonlynova911:
Publicado originalmente por theonlynova911:
had malwarebytes with regualr scans for OVER a decade (not decades or once a decade ago as my previous wording may have implied). anyone got anything that isn't on that list is everything on that list is performed on a regular basis has been for quite some time.
nameless, my initial response was rather defensive and a tad hostile. i didn't mean it to be, i was just frustrated because your suggestions for preventions are part of my regular bi-weekly routine. it still wasn't enough. i have even abandoned logging into some of my previously compormised accounts on the computers that i was using at those times and now use different ones to access those accounts. still it wasn't enough.

i was slightly offended when you stated that i had given my information away but i misread what you meant...i unintentionally gave the information away by leaving myself vulnreable in some dark cyberspace? possibly...but i did not willingly give me information to some false actor preventing to be Steam support or anything of that nature.


how were the other accounts compromised?

just using a different machine to access them is no guarantee

if the bad actor is sitting on the account, you can infect your new pc

i do so much less than you and have not had multiple compromises

do you trade?

use trading sites?

you say it was done from china

have you bought any gold for a game that wanted access to it to give it to you?

there has to be a reason you were picked

either that or someone was lucky enough to guess your

log in name

password

and two factor

something that is just an astronomically slim chance

i say that because i do not really like to say something is impossible

so very improbable, though
#10
theonlynova911 28 JUL 2024 a las 5:03 a. m. 
I thought steam guard would prevent massive purchases from being made. Unlike the suggestions of nameless, my steam guard was never compromised. Instead they used alternative login methods "send me a code instead" And the email address from which they had control. English is not my first language so I apologize if some of the things I'm saying are not clear or if I have misspoken.
#11
theonlynova911 28 JUL 2024 a las 5:03 a. m. 
By massive purchases, i mean massive refunds*
#12
theonlynova911 28 JUL 2024 a las 5:05 a. m. 
The reason I was able to locate the individual in China is because of the analytical IP information collected by Microsoft. My input in all of the IP addresses that they utilized from around the world with their VPN into __&&&&&& I was able to identify the IP address being hidden by the VPN. That IP address was located in China..
#13
theonlynova911 28 JUL 2024 a las 5:08 a. m. 
Furthermore, every time they received an email (to my Microsoft account ehich they were regularly monitoring) for an action that they had completed on their steam software (whilst logged into my profile) their language preference was visible. Chinese (despite the vpn listing them as being somewhere in South America or Eastern Europe)
#14
KalGimpa 28 JUL 2024 a las 5:09 a. m. 
Publicado originalmente por theonlynova911:
The Microsoft account was compromised and it was from there that they were able to get the steam information and use codes sent to the Microsoft account to bypass the steam guard.. I don't just use different PCS. I use different PCS with new fresh accounts.



how was it compromised, though?

phishing?

brute force (very unlikely as most programs have safeguards for this)

leak from another site that was phished?

something had to happen to give them initial access

you said it was more than once

that is just not the norm

do you use your phone for 2fa or just email?
#15
< >
Mostrando 1-15 de 23 comentarios
Por página: 1530 50

Todas las discusiones > Foros de Steam > Steam Community > Detalles del tema
Publicado el: 28 JUL 2024 a las 3:37 a. m.
Mensajes: 23
Comenzar una nueva discusión

Normas y directrices sobre discusión