As I mentioned before, there are different types of scams, but to give you an example, they can steal your account or even take money from you.

Having clarified the above, let's move on to what is important.

How do I know I am being scammed?

It's very simple, if Steam wants to communicate something to you, be it a report, a refund, etc, they will do it by email, with your official email (noreply@steampowered.com). Steam employees are NOT GOING TO TALK TO YOU ANYWHERE OTHER THAN MAIL, so forget about the r3t4rds who talk to you on Discord telling you they are Valve employees and want to help you.

Anyway, we are going to see different kind of scams and how they try to make us fall into them.

Well, in this type of scam you simply get a friend request or you just get a random person (probably with a newly created profile) talking to you.



This person will talk to you saying something like this:

⠀⠀⠀⠀⠀
Sending you ''proof?'' that what he is telling you is real

⠀⠀⠀⠀⠀
After that, I played dumb to see how far they would go, and it sends you to talk to the David guy that it says in the screenshot you sent above.

Once you send the request, David accepts you and talks to you quickly, asks you what the problem is and magically without even telling him what your Steam account is, he knows what it is, it's Jesus Christ.

⠀⠀⠀⠀
Now comes what really surprised me and scared me a little, and I understand that novice people see something like what you are about to see and believe it 100%. He sends me a video of my account WITH THE VALVE SYSTEM, as if he was really an employee. So of course, you can't help but be scared when you see this, but honestly having experience with this kind of things and being aware that you can do and replicate a thousand things on the internet, it would be some kind of application or what do I know
⠀⠀⠀⠀⠀
⠀⠀⠀
After this, it will ask you for the purchase history of your account, DO NOT GIVE IT TO THEM, they can remove your account like this, because if you say that you have lost your account to the support, they will ask you for certain things, like last game purchased, where the card you usually buy with ends, etc, then they will send that report since you have given them the history of your purchases.
⠀⠀⠀
⠀⠀⠀
Once I pass him the fake purchase history that I have modified in the inspect tool, he asks me to log out of Steam so he can cancel the request to delete my account.
⠀⠀⠀
⠀⠀⠀
They ask you to pass them a code that has arrived to your cell phone (or email) and obviously I was blocked instantly when I sent the KEKW

Stolen Steam accounts do not fall from trees. Before they can be sold, someone has to steal them, and the most common method is classic phishing. But how does it work?

You receive a link with a tempting Steam-related offer (free game items, an interesting exchange offer or something like that). You may receive the link in a personal message or you may find it in a comment on a game review or in a post on social networks.

This link directs the user to a page similar to the official Steam page, where they are asked to enter their username and password. The user, expecting a good deal, enters his credentials without checking the address in the URL. The official domain is https://steamcommunity.com and the scammers register very similar ones, such as:

steam.stearncommunity. click
steamcammunitty. com
steamcammunity. ml
steamcamrnunitty. com
steamcommmunity. ml

The data entered is passed directly to criminals who gain access to the account, while the legitimate user loses it.

As we have learned, this new scam with free Steam games is based on deceiving all those who visit the site with the intention of getting some of the titles offered for free, although in reality, the website itself indicates that only those who are lucky will be able to get them, since there will be a "supposed" draw.



Coincidentally, the user will be awarded with one of the chosen games and will be shown a promotion code to proceed with the download. That code will not be fully displayed and the site will ask the user to log in to their Steam account to get the code and get the game.




This is when the user's credentials will be sent to the hackers' server and the account will fall into their hands. From that moment on, the hackers change the password and email address associated with the account, even the phone number, and therefore the real owner will no longer be able to use it.

In addition, to ensure that the scam quickly reaches many more Steam users, the hackers have automated the attack so that a message is sent to all Steam friends of that account with an invitation to the fake page to get free games through a sweepstakes. In this way, the whole process will start all over again and repeat itself for each of the victims.

Like many others, the fraudulent scheme we discovered is based on phishing. Attackers lure users to sites identical to those of legitimate online stores, in our case, related to Steam, dedicated to the sale of gaming items. These fraudulent websites look very high quality and it is quite difficult to arouse suspicion, because in some cases it is almost impossible to distinguish the copy from the original. These are the main characteristics of fraudulent resources:

• Very high level of design or copy
  
• The sites have a security certificate and support HTTPS
  
• There is a warning about the use of cookies
  
• Part of the links point to the original site (but when you click on them, you are not directed to the original site)

Ursprünglich geschrieben von author:

Sometimes the forgery is revealed in small details: for example, the title of the window does not match the URL.

The scammers are not interested in the user spending a lot of time on the site, because sooner or later they may discover that it is fake. Therefore they go very quickly to the point: as soon as the user clicks on any link, a window appears asking him to enter his Steam account username and password. By itself, this detail may not arouse suspicion: the practice of using the account of one service to authorize in another is quite common (for example, registration in web services through social networks, Google authorization, etc.), and Steam also allows using an account for authorization on third-party resources. In addition, the business platform requires access to a user account to obtain data about the items it has in stock.

The fake window for entering the username and password is very similar to the real one: the correct URL for the Steam social portal is present in the address bar, a responsive layout is used, and if the link is opened in another browser with a different interface language, the content of the fake page and its title will change according to the new "locale".

Ursprünglich geschrieben von author:

Fake authorization window uses good quality camouflage

Just right-click on the title of this window (or on the controls) to bring up the standard context menu for web pages. If the "view code" item is selected, it is clear that the window is a fake and has been implemented using HTML and CSS:


In one of the examples, the entered username and password are transmitted using the POST method via an API located on another domain, which also belongs to the scammers.


The fact that the data entered is verified using the original services adds credibility to the fake login form: by entering an incorrect username and password, the user is informed about the error:


After entering the valid username and password, a two-factor authorization code is requested, which is sent by email or generated in the Steam Guard application. Of course, the code entered will also be sent to the fraudsters, who as a result will gain full control over the account:

Most players can easily spot a fake store, so scammers have opted for more classic tactics that, while not entirely fraudulent, cannot be considered honest either. Sites with slogans such as "Try your luck and get a random key" are becoming more and more common.


A random key is like a kind of lottery related to the purchase of an unknown product at a certain price. After spending about three dollars on that key (for example), the user enters a sweepstakes with a top prize of about $50 and other prizes of much less value, like one or two dollars.

It's not a scam per se, is it? It's all down to luck. However, the algorithm behind the giveaways is not revealed, which means that players face any odds and are certainly likely to "win" the key to a game worth less than the original sum paid.

Before taking the plunge, more sensible players might ask themselves why they want a random game. Besides, even if a miracle happens and they win a high-value title, what if they don't like it? There are many types of games and, for example, fans of strategy games I don't think they would get overly excited about the latest installment of a dating simulator.

Part of the latest phishing scams will see a scammer posing as a Steam employee. They will ask you to locate a specific file and then upload it.

The SSFN file helps you avoid having to check with Steam every time you log in; giving it to a scammer allows them to bypass any security restrictions, such as Steam Guard Steam Family Sharing: How do you use it? Steam Family Sharing: How do you use it? There's an important new weapon in Steam's arsenal: Family Sharing. What is it and how does it work? Read more . This type of attack works in conjunction with a fake or hijacked profile, and a fake login screen to steal your password. As you can guess, providing that file to a scammer is essentially giving away the keys to the castle.


This attack is becoming less common as Steam users become more aware of it, but it is still worth reading about. As mentioned in the previous section, Valve / Steam will never ask you to upload a file. Anyone asking should set alarm bells ringing.....

If you have given control of your account to a scammer, you should take immediate action to recover your account through Steam Support. Despite what a scammer may claim, you can always recover your account through Steam Support even if the scammer has changed all of your account information, including your password, email and phone number.

https://help.steampowered.com/en/wizard/HelpWithAccountStolen

You do not need to do anything to protect your account from false or erroneous reports. The Steam team simply ignores them.

Always have Steam Guard enabled on your mobile device.

I hope it has helped you.