Reply here (with number of days, or need for permanent suspension) if you request suspension. You can also write other ticket about this
Comment has been collapsed.
I'd like to request permament suspension. Better safe than sorry.
Comment has been collapsed.
I was fooled like some newbie in internet. Just shame.
Suspend me till 16 February or so, if it's not problem. Hope that will be enough time for steam-support to return my profile, whole work-week.
Comment has been collapsed.
Saw your message, but suspend me until the 16th of Feb just to be sure please. Hopefully I'll hear back from steam soon and also hope those stories about super long wait times for support are no longer a thing.
Comment has been collapsed.
I don't have any active/unclaimed giveaways atm. Would you still recommend a suspension anyway? Or is it unnecessary?
Comment has been collapsed.
No need, if you don't worry someone could tamper with account in "troll" way.
As suspended user you can access:
- your suspension page
- support section
- FAQ
- guidelines
- settings
If you don't want suspension, just make sure that your contact e-mail is not changed when you recover your account. To make sure scammer did not change it, to get key / giftlinks from creators.
Comment has been collapsed.
Haven't thought about what Quisty wrote earlier but it looks like something possible. If scammers know about sg that is.
I would ask for suspension just to be safe :/
EDIT: If I were you xD
Comment has been collapsed.
You did not specify time frame, I will set it till 16th.
Write other ticket, if you'd need more time, or unsuspend ticket, if you'd recover your account earlier.
Comment has been collapsed.
Thanks xD I should work on my English skills in the future xD
Comment has been collapsed.
THANK YOU for taking the time to clean up the forums and get all relevant information in one place.
This is much easier to follow than the dozen other threads.
Comment has been collapsed.
There is one more problem: they could get the email addresses of every winner. For me that's no problem, as I have an own email address for SG but others may not.
Maybe you could talk with cg about the possibility to disable the display of the email as soon as the user has marked the key as received? I don't see any reason to show it after that. :)
Comment has been collapsed.
One way to avoid that is to have your account temporarily suspended. Such information is not available to a suspended user.
Comment has been collapsed.
Yes I know that's what this discussion is about ;)
But I meant that it could be done generally for all users as I don't see any reason why someone should see the email after the giveaway process is completed. It's basically one if condition around the display so no big thing. :)
Comment has been collapsed.
I think I understand your point, but having that email address allows unforeseen problems to be addressed by contacting the winner directly. Setting an arbitrary "cut off" period does not seem worth the trouble to me.
I'm not sure I wrote that in the best way, but I hope you understand what I was trying to express.
Comment has been collapsed.
I have seen many of these lately. Thankfully I stopped at the rright time after clicking the link so I didn't enter any information
Comment has been collapsed.
I usually enter any links I find sketchy in a incognito tab, and search if it's safe first.
Comment has been collapsed.
Yep, I got tagged by this -- so did GediKnight, so don't click any links from us.
BTW...you don't have to remove people from friends list to quiet things down...just block communication from those people for now, and unblock when this whole mess is fixed.
My SG account appears to be unaffected right now. I will alert support immediately if I see any weird activity. In the meantime, this is one of the only places I have to communicate with Steam friends, so I prefer to leave things active until there is an issue. I'll stay very focused to insure I catch things right away if something goes sideways.
Comment has been collapsed.
Cool...you can feel free to block me for the time being, too. I plan to post in here when this gets resolved.
So far, my support request I filed 18 hours ago has not been responded to in any way. Jesus, Steam needs a real support line.
Comment has been collapsed.
Yes, with the amount of money people spent into their Steam account, you think they would have staff to take care of those issues quickly.
Sorry you got caught into this whole mess, I have 3 friends that have been messaging me all day. It seems Steam will have a lot of ticket to take care of, it has been spreading fast:(
Comment has been collapsed.
Yeah, a support line would have saved them so much time and energy. But they like to run with minimum expenses...it's just a really short-sighted business strategy. But then, that's GabeN and his love for anything free/cheap.
Comment has been collapsed.
Understood. That is one of the reasons why Support Staff decided to make suspension an option for those who wanted it.
Comment has been collapsed.
Yeah, I would block me on Steam until this gets fixed. Damned Russian hackers.
Comment has been collapsed.
I tried to reason with it first but it didn't work 🙄, don't know why but I've received a lot more messages from yours than from all other stolen accounts. Hope you get help from support soon.
Comment has been collapsed.
All done...account is reset and I've regained control. I'm signing up again for Steamguard, etc...have to do all of that stuff over :(
Comment has been collapsed.
I'm glad you got it back finally, and also happy you didn't get a VAC ban, some people did this time, I read somewhere they were trying new PUBG cheats with stolen accounts. At least the worst part is over, welcome back!
Comment has been collapsed.
Yeah, I don't play PUBG, and it's probably been 3-4 years since last time I played TF2...and I don't cheat. :) I'd rather lose than cheat. 👍🏻
Oh wait, you're saying that the hackers were using the accounts they stole for PUBG...lol...so funny that out of my 4K+ games, I don't have PUBG. Joke's on you, hackers! 😂😂😂😂🖕🏻🤣🤣🤣🤣
Comment has been collapsed.
I don't think PUBG has VAC, does it now? Stopped playing that pos game awhile ago tho so idk.
Comment has been collapsed.
Me too...still embarrassed that I didn't pick up on it being a phishing attack/hack, as much as I lecture everyone else. But it was from Gedi, who is a freaking rock star and trusted source.
Here's where this gets funny...I was IMing with him and basically asked how he fell for it in the first place. He said he was drunk. And you know what? When I clicked on his link in the IM, I wasn't drunk but I was on beer #2 (and I don't drink that sissy, bubbly, massed-produced crap). So we both had alcohol-induced bad judgement that caused this. 😬🤣🤣🤣
Life lessons, people, life lessons. 😉
Comment has been collapsed.
Hey, we got it from the same source, we're twins now :D
Comment has been collapsed.
That's like getting herpes from the same person. 😬😱 🤣🤣🤣🤣
Comment has been collapsed.
They did a study once, to check the valdity of the old adage that you shouldn't go into water after drinking beverages or you'd cramp.
They found that there was no correlation whatsoever between drinking beverages and cramping, but there were increased risks all around for going into water while intoxicated. ..because, well, duh.
Just think about it this way, grez. At least you didn't go into the water with your computer.
...pretty sure I'm tying that analogy in correctly..
:sips a beer:
Comment has been collapsed.
Speaking of which...yep, time for a beer. ( ͡° ͜ʖ ͡°)
Comment has been collapsed.
time to hide threads and block people 🙋
thanks for this thread, better to have everything in the same place instead of people shouting all over sg.
Comment has been collapsed.
Comment has been collapsed.
For those who don't know...my account was hacked last night and I just wanted to post it on here and hope I get it recovered soon. Anyone on my friend’s list receiving messages from me it is NOT me. Please disregard the messages from me until I have recovered my account. Please let anyone else know that has read this message and knows anyone on my friend’s list. Spread the word thanks.
Comment has been collapsed.
Did you have the authenticator thing on your phone?
Comment has been collapsed.
Link leads to fake steam site where you have to log in and enter steamguard code. If you do that - they are logged in and can remove your steamguard, change password and e-mail in couple of seconds :)
These bots are really effective.
Comment has been collapsed.
I wonder why people use "hacked account". Hacked is when they gain access without your action - especially you're not involved in the attack. When you give them your password and username - it's hijack/scam etc. - the best word is "phishing".
Phishing the aim is to gain access to confidential user data.
Comment has been collapsed.
While Phishing may be better off being top-categorized as an alternative form of security exploitation, it does seem to usually fall under the social engineering subset of hacking methods. Given that "security exploitation" doesn't naturally roll off the tongue the way Hacking does, it's also natural that such a term would be more favorable, even if wasn't considered an appropriate association.
I can give you a reasonable accounting as to why broader misterminology occurs, but that'd make for a much lengthier post. Quick summary'd be: Humans can suck (in this case, due to being willing to spread misinformation to individuals new to concepts), societies don't typically value the importance of language highly, people can be naive in their acqusition of new information, people will typically will try to avoid conflict, and bad habits are hard to break.
Comment has been collapsed.
I'm thinking it's people who don't have english as native language confusing "hijacked" and "hacked"
Comment has been collapsed.
Semantics. At the end of the day, they reach the same goal, so hijack, hacking, phishing, scripting, it's all the same, just different methods of acquiring something that doesn't belong to them. As a techie, I understand these differences, but to the majority of people, the word "hacking" as a blanket term is sufficient. We all understand what they mean. ;)
Comment has been collapsed.
Is it ok to post 4 links for reporting (google, eset, semantec) the website? I don't know if it still running. I haven't clicked.
Comment has been collapsed.
I am not sure I understand what is being asked, here. P
Comment has been collapsed.
He wants to provide links to sites where you can report the phishing sites.
Comment has been collapsed.
Yeah bro you can post those sites. Hopefully more people will report the phishing links.
Comment has been collapsed.
Those are actually the links you provided :D
You can report phishing and malicious sites here:
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://app.webinspector.com/
https://submit.symantec.com/antifraud/phish.cgi
https://phishing.eset.com/report
Comment has been collapsed.
This person is hjacjjed too an one hour ago https://www.steamgifts.com/user/winni70
He is from my FL on Steam and i'm start getting these spam messages from him aswell.
Comment has been collapsed.
Thank you for this common thread. Yes, it's better to have only one common thread
Comment has been collapsed.
No threads mocking people who got phished? How about threads mocking the unique snowflakes who mock the victims of this round?
And a serious question. If the attackers log in to steamgifts couldn't they use the visible won keys as proof of ownership, assuming there are wins on the compromised accounts? I never had to recover a Steam account, but I've read in many threads that showing some activated bundle keys would be enough for Steam support to give an account back.
Comment has been collapsed.
That's why I asked. In that case, disregard what I just said, I must have misunderstood.
Comment has been collapsed.
I think what they want is the redemption confirmation emails that you get for redeeming keys, so you would have to redeem the key to your account and generate an email for it. But, that said, I'm not entirely sure. If Steam works like some other online services do, they probably log changes to account information like email addresses, so they can probably revert using that information alone, but proof of ownership is always helpful from a verification standpoint and doesn't hurt to speed things up.
Comment has been collapsed.
They want proof of keys associated with the account. The keys you see on someone's account are keys activated on other accounts. If you mean won keys, Valve can also ask for screenshots or PayPal receipts to see the keys were bought by that person. They usually tend to, since they are not complete idiots, they know that key trading exists. After all, they are actively aware of grey market sites.
No, this system is not totally perfect, but uncharacteristically for Valve, it is thought over.
Comment has been collapsed.
How about threads mocking the unique snowflakes who mock the victims of this round?
The significant majority of the users in question are the exact same ones that spread hostility and prejudice in every single other thread that suffers from such. There's nothing surprising about their behavior, or the fact that their behavior was left unchecked.
That said, one'd assume it's more productive to attempt to change site policies than to aggress dedicated villains.
Comment has been collapsed.
I know, Sooth. I tend to block these kind of people on the Steam forums, just felt the need to take a jab at them with that question and that's more attention than they deserve.
Comment has been collapsed.
I wasn't arguing your sentiments, just clarifying that the issue wasn't specific to "this round", but is a persistent behavior of the users involved. Which is to say, as annoying as one may find their behaviors in this particular instance to be, the real issue is that the site has taught them that such behaviors are permissible. It's the same basis from which we're seeing such a notable rise in non-constructive thread necroing, and why other problematic behaviors continue to go unchecked.
(Which isn't to say that strict enforcement is necessary or even beneficial, but that there should be some guards against excessive expressions of such behaviors; In the case of necroing, that issue could be limited by threads automatically closing [as if the OP had done so themselves] after a certain timespan of inactivity.)
All I'm saying is, we should focus on the element that we have a chance to improve. The users in question are, even if not entirely beyond hope, certainly likely to be far more demanding in the necessary amount of effort required to affect a change. Well, in theory- cg does seem rather adamant about dodging those requests to do something about necroing. :P
Comment has been collapsed.
You are my second favourite support member for a reason :)
This discussion should be pinned!
Comment has been collapsed.
I think 8 people on my friends list have sent me these messages today. This must be a really widespread and successful scam. I imagine Steam Support will take some time to get through all of these cases. I can't believe the links are still not blocked in steam chat.
edit: seems they are blocked as of just now
Comment has been collapsed.
Has anyone compromised already got his / her account back? Or atleast an email back from steam?
Comment has been collapsed.
Yes, I know of at least one person on my friends list who got their account back in a matter of hours.
Comment has been collapsed.
Do not accuse others of being "scammers", as they sent you link to phishing site.
They are victims of this situation, not attackers.
they might be victimis
nobody knows
Comment has been collapsed.
Well, at least the first one (or first few) were not victims ... then it just went down like domino
Comment has been collapsed.
apparently this is not first or last attack, but it's good that SG take it's reasonable
Comment has been collapsed.
I know :D
But seeing how wide spread this attack it, it would not be reasonable to accuse random users of starting it.
Comment has been collapsed.
Entirely true.
..On the other hand, that avatar does kinda beg for accusations.
Comment has been collapsed.
Since yesterday new wave of phishing attack spreads through Steam chat.
Works similar to previous attacks:
Do not click on any links, that are sent with this message:
Or this:
Or this:
1. Can SteamGifts support staff can help me to recover my Steam account?
First of all we're unable to help you, as we're not connected with Steam Support.
All we can do is suspend your SteamGifts account on your request, so it won't be possible to do any harm here - see keys from ended giveaways, change e-mail, spam discussions, make fake giveaways etc.
You can request to be suspended under 1st post of this PSA. We will suspend you for number of days listed in your request, or give permanent suspension, if you prefer. You can write unsuspend request when you recover ownership of your account, to use SG again before suspension runs out.
If you don't want to suspend your account and have active / not claimed giveaways:
It is not possible to see keys from active giveaways. But when giveaway ends keys are available on /created page. That's why you should click on Modify link next to the key, copy it to secure place (such as txt file) and exchange it with gibberish, or already used key. That way no one, except for you, will be able to see them.
2. What to do when I was phished?
3. How to avoid being phished in the future?
When link redirects you to "Log in with Steam" page (same is true for log in with Facebook, Twitter etc) never write your credentials there.
4. Anything I can do to help my phished friend?
To avoid further spam of phishing messages you can block communication with friend. And unlock it, when friends regain access to account. That way you don't need to remove user from friends to stop seeing messages, and don't cut ties with them.
As pointed here it is possible to report compromised Steam accounts.
You can also report sites, which are used in phishing attempt here:
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://app.webinspector.com/
https://submit.symantec.com/antifraud/phish.cgi
https://phishing.eset.com/report
Thanks for notice, Nask
1. Do not create new threads about this issue
We don't need to spread information and updates about this attack in multiple threads. It makes it hard to follow current state of situation.
That's why I will close all other threads about this matter. You can inform other users that you were attacked in this thread. No reason to create separate thread for every case.
Also please, don't create new threads in case of future attacks. Stick to posting all relevant information in thread created already by other user.
2. Do not accuse others of being "scammers", as they sent you link to phishing site.
They are victims of this situation, not attackers.
Do not write user reports on them
3. Do not create spam / mocking threads about this issue.
You can post any relevant information here, such as changes in phishing message, change of phishing site address, tips how to recover account, and discuss it in general. I will update this post in my free time. I do not like to cut ongoing discussions in other topics, but it is necessary to keep all information in one place.
Previous PSA posts about this attack:
https://www.steamgifts.com/discussion/HWhcX/psa-accounts-being-hackedphished-in-steam
https://www.steamgifts.com/discussion/TioOP/danger-careful-with-1-free-game-for-new-userstake-the-game-you-want-https-spindatgamexc-no
https://www.steamgifts.com/discussion/GCxxD/a-wave-of-steam-scams-beware-to-not-lose-your-account
https://www.steamgifts.com/discussion/xc8jE/i-fell-into-the-hack
https://www.steamgifts.com/discussion/cnNgf/definitely-not-clickbait-easy-steps-to-avoid-the-next-phishing-attempt-on-your-pc#oRnNU7W
Comment has been collapsed.