[ Staff PSA ] -- Steam Accounts Being Phished, SG Accounts Vulnerable

Since yesterday new wave of phishing attack spreads through Steam chat.

Works similar to previous attacks:

• friend sends you message with link and information about free game
• link leads to fake Steam log in page
• logging in compromises your account, so that you're unable to log into it again
• now-zombie account sends the same message you get to all your Steam friends, fishing for more unwary users

Do not click on any links, that are sent with this message:

1 free game for new users!
take the game you want!
....://spindatgamex(dot)com / rolldatgamexx(dot)com / spindatgamexx(dot)com / takedatgamex(dot)com / christmasskin(dot)fun / dagamesrollx(dot)com / takedagame(dot)com

Or this:

Hi, can you spin this roulette <LINKREMOVED-JUSTINCASE> ? If GTA V, PUBG or CSGO falls out, I can buy the key from you. Try it, it will take no more than 30 seconds. You go -> press the ROLL button, a free game falls out -> you take the key and write to me) Well, or you activate the game on your account)

Or this:

Hey, m8!Get a free random game (GTA V, PUBG, CSGO and more) on ...://t(dot)co/xNAKzWQ5ew Only for new users, full legit and no deposit
//
🎁 Go to 👉 ...://t(dot)co/qucKFViqZv 👈 аnd tаkе yоur 50$ Skin Gift !
PRОМ0C0DE: LUCК4Y0U 🎁

1. Can SteamGifts support staff can help me to recover my Steam account?

First of all we're unable to help you, as we're not connected with Steam Support.

All we can do is suspend your SteamGifts account on your request, so it won't be possible to do any harm here - see keys from ended giveaways, change e-mail, spam discussions, make fake giveaways etc.
You can request to be suspended under 1st post of this PSA. We will suspend you for number of days listed in your request, or give permanent suspension, if you prefer. You can write unsuspend request when you recover ownership of your account, to use SG again before suspension runs out.

If you don't want to suspend your account and have active / not claimed giveaways:
It is not possible to see keys from active giveaways. But when giveaway ends keys are available on /created page. That's why you should click on Modify link next to the key, copy it to secure place (such as txt file) and exchange it with gibberish, or already used key. That way no one, except for you, will be able to see them.

2. What to do when I was phished?

1. Write to Steam Support, explaining situation
2. Attach proof of purchase(s) that are connected to your account:
   • keys activated on account from bundles
   • keys activated on account from retail shops
   • receipt of buying game on Steam with credit card
   • steam wallet codes
   • photograph of boxed game code activated on Steam
   • more information here
3. Wait for reply, it should take 2 - 3 days to recover account, if you manage to provide all necessary information

3. How to avoid being phished in the future?

When link redirects you to "Log in with Steam" page (same is true for log in with Facebook, Twitter etc) never write your credentials there.

1. Open log in site on your own, by writing known address or using google. In case of preventing Steam phishing:
   • steamcommunity.com
   • store.steampowered.com
2. Log in using your credentials
3. Go back to site which required you to log in and refresh
   • if you're logged in your Steam account, and see green button "Log in" you're free to access website.
   • if refreshing did not remove request to provide your credentials - it's phishing attempt.

4. Anything I can do to help my phished friend?

To avoid further spam of phishing messages you can block communication with friend. And unlock it, when friends regain access to account. That way you don't need to remove user from friends to stop seeing messages, and don't cut ties with them.

As pointed here it is possible to report compromised Steam accounts.

You can also report sites, which are used in phishing attempt here:
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://app.webinspector.com/
https://submit.symantec.com/antifraud/phish.cgi
https://phishing.eset.com/report

Thanks for notice, Nask

1. Do not create new threads about this issue

We don't need to spread information and updates about this attack in multiple threads. It makes it hard to follow current state of situation.

That's why I will close all other threads about this matter. You can inform other users that you were attacked in this thread. No reason to create separate thread for every case.

Also please, don't create new threads in case of future attacks. Stick to posting all relevant information in thread created already by other user.

2. Do not accuse others of being "scammers", as they sent you link to phishing site.

They are victims of this situation, not attackers.
Do not write user reports on them

3. Do not create spam / mocking threads about this issue.

You can post any relevant information here, such as changes in phishing message, change of phishing site address, tips how to recover account, and discuss it in general. I will update this post in my free time. I do not like to cut ongoing discussions in other topics, but it is necessary to keep all information in one place.

Previous PSA posts about this attack:
https://www.steamgifts.com/discussion/HWhcX/psa-accounts-being-hackedphished-in-steam
https://www.steamgifts.com/discussion/TioOP/danger-careful-with-1-free-game-for-new-userstake-the-game-you-want-https-spindatgamexc-no
https://www.steamgifts.com/discussion/GCxxD/a-wave-of-steam-scams-beware-to-not-lose-your-account
https://www.steamgifts.com/discussion/xc8jE/i-fell-into-the-hack
https://www.steamgifts.com/discussion/cnNgf/definitely-not-clickbait-easy-steps-to-avoid-the-next-phishing-attempt-on-your-pc#oRnNU7W