Since yesterday new wave of phishing attack spreads through Steam chat.

Works similar to previous attacks:

  • friend sends you message with link and information about free game
  • link leads to fake Steam log in page
  • logging in compromises your account, so that you're unable to log into it again
  • now-zombie account sends the same message you get to all your Steam friends, fishing for more unwary users

Do not click on any links, that are sent with this message:

1 free game for new users!
take the game you want!
....://spindatgamex(dot)com / rolldatgamexx(dot)com / spindatgamexx(dot)com / takedatgamex(dot)com / christmasskin(dot)fun / dagamesrollx(dot)com / takedagame(dot)com

Or this:

Hi, can you spin this roulette <LINKREMOVED-JUSTINCASE> ? If GTA V, PUBG or CSGO falls out, I can buy the key from you. Try it, it will take no more than 30 seconds. You go -> press the ROLL button, a free game falls out -> you take the key and write to me) Well, or you activate the game on your account)

Or this:

Hey, m8!Get a free random game (GTA V, PUBG, CSGO and more) on ...://t(dot)co/xNAKzWQ5ew Only for new users, full legit and no deposit
//
🎁 Go to 👉 ...://t(dot)co/qucKFViqZv 👈 аnd tаkе yоur 50$ Skin Gift !
PRОМ0C0DE: LUCК4Y0U 🎁

1. Can SteamGifts support staff can help me to recover my Steam account?

First of all we're unable to help you, as we're not connected with Steam Support.

All we can do is suspend your SteamGifts account on your request, so it won't be possible to do any harm here - see keys from ended giveaways, change e-mail, spam discussions, make fake giveaways etc.
You can request to be suspended under 1st post of this PSA. We will suspend you for number of days listed in your request, or give permanent suspension, if you prefer. You can write unsuspend request when you recover ownership of your account, to use SG again before suspension runs out.

If you don't want to suspend your account and have active / not claimed giveaways:
It is not possible to see keys from active giveaways. But when giveaway ends keys are available on /created page. That's why you should click on Modify link next to the key, copy it to secure place (such as txt file) and exchange it with gibberish, or already used key. That way no one, except for you, will be able to see them.

2. What to do when I was phished?

  1. Write to Steam Support, explaining situation
  2. Attach proof of purchase(s) that are connected to your account:
    • keys activated on account from bundles
    • keys activated on account from retail shops
    • receipt of buying game on Steam with credit card
    • steam wallet codes
    • photograph of boxed game code activated on Steam
    • more information here
  3. Wait for reply, it should take 2 - 3 days to recover account, if you manage to provide all necessary information

3. How to avoid being phished in the future?

When link redirects you to "Log in with Steam" page (same is true for log in with Facebook, Twitter etc) never write your credentials there.

  1. Open log in site on your own, by writing known address or using google. In case of preventing Steam phishing:
    • steamcommunity.com
    • store.steampowered.com
  2. Log in using your credentials
  3. Go back to site which required you to log in and refresh
    • if you're logged in your Steam account, and see green button "Log in" you're free to access website.
    • if refreshing did not remove request to provide your credentials - it's phishing attempt.

4. Anything I can do to help my phished friend?

To avoid further spam of phishing messages you can block communication with friend. And unlock it, when friends regain access to account. That way you don't need to remove user from friends to stop seeing messages, and don't cut ties with them.

As pointed here it is possible to report compromised Steam accounts.

You can also report sites, which are used in phishing attempt here:
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://app.webinspector.com/
https://submit.symantec.com/antifraud/phish.cgi
https://phishing.eset.com/report

Thanks for notice, Nask


1. Do not create new threads about this issue

We don't need to spread information and updates about this attack in multiple threads. It makes it hard to follow current state of situation.

That's why I will close all other threads about this matter. You can inform other users that you were attacked in this thread. No reason to create separate thread for every case.

Also please, don't create new threads in case of future attacks. Stick to posting all relevant information in thread created already by other user.

2. Do not accuse others of being "scammers", as they sent you link to phishing site.

They are victims of this situation, not attackers.
Do not write user reports on them

3. Do not create spam / mocking threads about this issue.


You can post any relevant information here, such as changes in phishing message, change of phishing site address, tips how to recover account, and discuss it in general. I will update this post in my free time. I do not like to cut ongoing discussions in other topics, but it is necessary to keep all information in one place.

Previous PSA posts about this attack:
https://www.steamgifts.com/discussion/HWhcX/psa-accounts-being-hackedphished-in-steam
https://www.steamgifts.com/discussion/TioOP/danger-careful-with-1-free-game-for-new-userstake-the-game-you-want-https-spindatgamexc-no
https://www.steamgifts.com/discussion/GCxxD/a-wave-of-steam-scams-beware-to-not-lose-your-account
https://www.steamgifts.com/discussion/xc8jE/i-fell-into-the-hack
https://www.steamgifts.com/discussion/cnNgf/definitely-not-clickbait-easy-steps-to-avoid-the-next-phishing-attempt-on-your-pc#oRnNU7W

5 years ago*

Comment has been collapsed.

Whoever falls for this obvious scam deserves no better.

5 years ago
Permalink

Comment has been collapsed.

yeah....it always makes me wonder how people fall for this :D
all they need to see is free game? sad

5 years ago
Permalink

Comment has been collapsed.

I think it's mainly because most people when they get a message through Steam from a friend they're not processing it with spepticism. Our first thought is probably never, 'is this a bot sending me this message?'

Of course, greed (for a free game) and the subsequent haste doesn't help either.

What surprises me now, is that I thought Steam itself even puts a big warning around any links in chat to try and help prevent these attacks. It's like the phenomenon of stickied threads being the most likely to be ignored. Once people are used to something common they block it out as noise. I do that with certain roadsigns even.

5 years ago
Permalink

Comment has been collapsed.

yeah, it make little sense, that is why i even click on that link
but before i even try to log in, i always search if that page is valid, if not, closing the page, no matter how interesting it might be
btw, that warning i saw too, but only rarely
but still, for someone who is long on steam, he should expect something like this, but for new users it might be problem and steam almost doing nothing against it

5 years ago
Permalink

Comment has been collapsed.

I'm a programmer specialised in Cyber Security. Believe me, you would be wise to not mock the victims of such attacks. You might not fall for this one, but i'm sure you will fall for some other fraud attempt ;).... and now i'm kinda hoping you will. It only takes one small second of not being sharp.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

5 years ago
Permalink

Comment has been collapsed.

You don't need to be sharp as long as you are cynical. I haven't managed to see even one believable fraud attempt yet and I'm very skeptical there ever will be one, but I guess some people believe ads are true as well.

5 years ago
Permalink

Comment has been collapsed.

If you follow a protocol of verifying what you are doing you at least shouldn't fall for these fake sites.

5 years ago
Permalink

Comment has been collapsed.

You should try +1'ing your personality with some compassion. It's free and comes bundled with empathy.

5 years ago
Permalink

Comment has been collapsed.

one of the best Tzaars ever seen

:P

5 years ago
Permalink

Comment has been collapsed.

No one 'deserves' that.

That's like saying someone was 'asking' to get robbed because the neighborhood they live in. You never been mugged? Must be nice....

5 years ago
Permalink

Comment has been collapsed.

An astonishingly high number of people think rape victims deserved it because of their vesture. As long as there's a malicious act, there will be someone blaming the victim and not the perpetrator. It's a sad thing.

5 years ago
Permalink

Comment has been collapsed.

kek, for the first time I almost got hijacked, I was so distracted and trusted the guy who gave me the link that I actually gave all my information, but I was fast enough to click on deauthorize all devices on steam and change my password, so nothing happened.

5 years ago
Permalink

Comment has been collapsed.

lucky you...

5 years ago
Permalink

Comment has been collapsed.

Nice! Way to be sharp even if you werent for a moment :).

It happens to the best of us. Just take this as a lesson. And don't blame the trusted guy (not that im saying you were), he's just a victim to ;)

5 years ago
Permalink

Comment has been collapsed.

deauthorize all devices on steam

Taught me something new today.
Haven't been hacked, but good to know 👍

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 1 year ago.

5 years ago
Permalink

Comment has been collapsed.

You have a week to send the key after a giveaway expires. If waiting a few days means the person can get his/her account back, I don't see any harm in this. Checking their steam comments board as well may reveal the current state of the account also.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 1 year ago.

5 years ago
Permalink

Comment has been collapsed.

Technically, the only thing that happens after seven days is that the winner is allowed to mark the game "not received." That can be quickly addressed by sending the game anytime after, so there is no need to worry if you are simply delaying in sending the gift.

5 years ago
Permalink

Comment has been collapsed.

"Checking their steam comments board as well may reveal the current state of the account also."
I noticed on several of these accounts as part of the take-over it hides all this information (leaving just the name and avatar on top), maybe because people were warning each other like this?
One of those Steam privacy functions that handidly benefits people who take over accounts like this :/

5 years ago
Permalink

Comment has been collapsed.

I got a new friend request on steam around the time this started, and they disabled comments so I can't even ask if they know me from somewhere XD Suffice it to say I've gotten quite careful about random invites. Whelp.

5 years ago
Permalink

Comment has been collapsed.

I had a random invite yesterday. Looked to see if it was for a win here, but it wasn't. So I deleted it. No idea who it was. And it was before I saw the first topic here yesterday about the hijacking.

5 years ago
Permalink

Comment has been collapsed.

I had one too, named Eva with a hot girl on profile pic, but previous names were from CSGO free Items and such. Instant block.

5 years ago
Permalink

Comment has been collapsed.

If I remember, that users name was different but had similar CSGO names.

5 years ago
Permalink

Comment has been collapsed.

Same hot girl, but no remember the name

5 years ago
Permalink

Comment has been collapsed.

New link surfaced as old links are getting removed

Staff feel free to remove if you think I shouldn’t post

“https-takedatgamex”
“http-spin....”
“http-Roll.....”

5 years ago
Permalink

Comment has been collapsed.

Apparently these people have nothing better to do. Like hacking into the pentagon.

5 years ago
Permalink

Comment has been collapsed.

How much are steam accounts worth that there are so many scammers?

5 years ago
Permalink

Comment has been collapsed.

They know that most accounts will be recovered, but not all the items in the inventory. That's mostly why they do it.

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

5 years ago
Permalink

Comment has been collapsed.

thanks for the words of wisdom and wish all of us affected have resolutions soon.

5 years ago
Permalink

Comment has been collapsed.

why should all this fall under valve's responsibility?

they give us a 2-step auth and they constantly warn people to check if the site you're entering your info is secure.

what else should they do?
checking if someone is accessing your account from other country sounds good in theory, but what if you're getting hacked by someone in your own country?
should valve send you an email confirming your log in attempt each time?

the only thing i would change is their 2-step auth system and move to something like blizzard-auth. that looks more secure than a random code people can copy-paste into any site.

5 years ago
Permalink

Comment has been collapsed.

"why should all this fall under valve's responsibility?"
cause its allways the responsibility of someone else ;)

5 years ago
Permalink

Comment has been collapsed.

I still find it strange that the mobile authenticator and Phonenumber can be deleted that easily without any extra Securitycode. That is the part where valve should take responsibility and change it to something better.

I do agree that the biggest part lies with us. Somehow we still fall for the free games. it's greed ain't it.

5 years ago
Permalink

Comment has been collapsed.

Exactly. The fact that my account always connected from AU and suddenly removes all that from Russia should be more than enough to trigger an automatic lock.

5 years ago
Permalink

Comment has been collapsed.

Then again, perhaps your name is Trump and you just happened to have a "normal business meeting" in Moscow, huh? :D

Seriously tho, phishers likely already use VPNs and such, and after an user visited a phisher's website, the phisher perhaps even specifically picks a VPN closest to the location they learned during that visit.

5 years ago
Permalink

Comment has been collapsed.

This is the one point I simply do not understand and keep asking myself: how?

Good luck to everyone recovering their accounts! (Been through this some weeks ago with my father's account.)

5 years ago
Permalink

Comment has been collapsed.

Why should it fall under Valve's responsibility? Because a company is responsible for the security and safety of its users, period. By going off of your question / statement alone, one could then argue, why have two step authentication, why have SSL certificates, why should the company have any checks in place? Why? Because it is good practice, especially if you want to keep a confident client base.

I already stated what else they should do, verify with the user that the changes they are making are authorized. You couldn't put a hole in that, so you didn't argue that point. The other points, yes I can see how there could be ways for events to fall through the security checks, like the scenarios you brought forth.

If a company wants to simply tell a user that their information has been changed and to contact support if it was not authorized, they better well have a much better turn around time than 25 hours (in my case). Within that time frame, there could be quite a bit of damage to the account.

You cannot trust end users to be savvy, smart, or to do anything that does not require explicit interaction. Even myself, who is very computer and internet savvy, can have a "brain-fart" and not do the due-diligence that is required.

By having in an extra step to state to verify your changes, it would have mainly kept this scam from sweeping across the Valve user base. It is a simple extra step, and I doubt any user would complain about having to click a confirmation link in an email rather than lose control of their account. Other companies have this extra step, even some with the inclusion of having a two-factor authentication, and it works quite well.

Edit: Additionally, just so you know I'm not just here here to complain about policies and not take any action. I did bring up everything I stated in this thread with Valve directly within my support ticket. That's really the only place my ideas or suggestions really matter, because it will be up to them to decide to change policies and adjust the quality of security for their customers.

Edit 2: I do agree with you on the auth change!!

5 years ago*
Permalink

Comment has been collapsed.

I received the message from a 80 level friend,but I couldn’t open the webpage with the GFW......

5 years ago
Permalink

Comment has been collapsed.

Bump.

5 years ago
Permalink

Comment has been collapsed.

Thanks for the info. I've had two friends spam me with these messages. I obviously stayed far away from it. Hope everyone can get there account back

5 years ago
Permalink

Comment has been collapsed.

*their account

5 years ago
Permalink

Comment has been collapsed.

I got my account back today. All of my friends except 1 where deleted. All comments where deleted except for a very suspect message from a Russian account. I won't post the Russians account here, but if anyone else who fell for this has a similar message, it could help to point to the perpetrator.

5 years ago
Permalink

Comment has been collapsed.

Did you lose any of your Inventory? Hopefully not!

As for that account, I take it you reported it to Valve?

I'm glad you got your account back. I still have at least 2 friends that are still affected, but it looks like some of them have had theirs restored (I had 7 friends in total affected so far).

5 years ago
Permalink

Comment has been collapsed.

Lost nothing. Luckily the removal of the authenticator initiates a 14 day cool down on trades, etc.

Reported the account to Valve, but I won't be holding my breath that they actually do anything about it.

The thing that makes me shake my head is that the fact that my account has always connected from AU and then a sudden change of password and removal of the authenticator from a Russian connection is not enough to trigger an automatic lock. It's my own stupid fault that it happened and the fact I was hung over and half asleep is no excuse.

5 years ago
Permalink

Comment has been collapsed.

  1. It's a shame we don't have a "sticky post" functionality in SteamGifts.
    It would make announcements like this one more visible.

  2. I would also add a caution for people to be careful of sites offering free games or giveaways - this is the most common way scammers try to lure people.
    Not all giveaway sites are scams, but (almost) all scams are giveaway sites.

5 years ago
Permalink

Comment has been collapsed.

There is one for CG's announcements, at least

5 years ago
Permalink

Comment has been collapsed.

Only cg can pin posts. And it's done for Announcement category, when there is some bigger change introduced. Like no-value games or change how levels are calculated.

5 years ago
Permalink

Comment has been collapsed.

thanks again, we all owe you a lot :)

5 years ago
Permalink

Comment has been collapsed.

Steam support just got back to me :)
Info for those, who were compromised

  • my steam wallet is the same
  • everything that I had in Steam trades was added to my inventory
  • nothing from my inventory dissappeared
5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 4 years ago.

5 years ago
Permalink

Comment has been collapsed.

You are third player that got account back.
First is breadman
Second is armpt

Congratulations!

5 years ago
Permalink

Comment has been collapsed.

I got it from the first one :D so I wonder who "gave" that to him

5 years ago
Permalink

Comment has been collapsed.

Good news :-)

5 years ago
Permalink

Comment has been collapsed.

how long did it take for them to respond to you?

5 years ago
Permalink

Comment has been collapsed.

around 42 hours

5 years ago
Permalink

Comment has been collapsed.

hmm so it ranges from about 1-2 full days.

5 years ago
Permalink

Comment has been collapsed.

Just a bump

5 years ago
Permalink

Comment has been collapsed.

I knew there was a reason I kwpt my friends list at only 7 people. I delete everyone after gifting/trading. Soory to hear of all the trouble everyone is having and wanted to bump the thread.

5 years ago
Permalink

Comment has been collapsed.

Hasnt this been around for ages, why is everyone falling for it now?

5 years ago
Permalink

Comment has been collapsed.

I hope everyone who got infected will recover their accounts soon. For those still waiting, have a cute sleeping kitty to look at ;)

View attached image.
5 years ago
Permalink

Comment has been collapsed.

Just got my account back.
Steam support response time = 26 hours
My Steam wallet balance is gone. Hopefully support can help.
Nothing in inventory is gone.

5 years ago
Permalink

Comment has been collapsed.

Glad to see you got your account back. Sorry your wallet balance is gone though.. what was the balanced used on?

5 years ago
Permalink

Comment has been collapsed.

did you just send one ticket and be done with it, or did you have to follow up with them

5 years ago
Permalink

Comment has been collapsed.

Just one ticket got my account back. Still following up on the Steam wallet ballance
Make sure you provide all the information they ask for, otherwise it will take longer, as they will need to ask you questions.

5 years ago
Permalink

Comment has been collapsed.

Soon enough they'll run out of spin iterations and eventually there will be one called helicopter spin and it will look nothing like an average (fake) Steam community page

5 years ago
Permalink

Comment has been collapsed.

UPDATE: I got my account back took about 26-27 hours for steam support with nothing missing in my account :)

5 years ago
Permalink

Comment has been collapsed.

Congrats! :)

5 years ago
Permalink

Comment has been collapsed.

Didn't realize this time around the phishing was this widespread successful. Nobody on my List seems to have been affected (yet, anyway) but hopefully all affected users get their accounts back. bump

5 years ago
Permalink

Comment has been collapsed.

Ok, my account finally got reset, so I'M BACK, PEOPLE!!! 😀 💥 💙 🎶 🎸 🥁 (。◕‿◕。)

5 years ago
Permalink

Comment has been collapsed.

Woohoo! Welcome back!

5 years ago
Permalink

Comment has been collapsed.

Congratulations and welcome back, grez! Everything still where it should be?

5 years ago
Permalink

Comment has been collapsed.

Looks good...no Steambucks gone, cards all still appear to be there, etc. Game count is slightly lower, but I think that they restore from logs, so it probably dropped all of my free games. If that's the worst that happened, all is well.

I've been logging in to check my credit card for weird activity (because they could have charged it for Steambucks and then bought things as gifts), but there was nothing there. Not sure if someone was just trying to prove something or what.

Regardless, if this had been someone trying to steal things, they would have had 1.5 days to clear things out of my account before Steam did anything about it. Their support is just not acceptable for a company of their size and income. If you're going to be the market leader, you need to act like it.

I will say that the support person that I got (via message in the ticket only) was nice and knew what they were doing, so that's good. But it's just terrible that I can't jump on the phone and alert someone right away to stop the problem before it gets worse. This could have been completely solved in an hour or two, and instead it's still going on as they slog through this one email-based ticket at a time.

Happy to be back, in any case. :)

5 years ago
Permalink

Comment has been collapsed.

Glad to hear you got your account back :)
When you disable the authenticator you have a "cooldown" period of 14 days anyways, so I'm going to assume that they are hoping some people who use their account less often won't noticed or for someone who doesn't have the authenticator. Otherwise what could they really do to gain anything in a day, I wonder, unless there's something I just don't see... You're right thought a day in a half is quite long for any response, if they can't get to it before that they should at least block the account to minimized the damage. Imagine if you lost your credit card and they made you wait a couples day before responding. A lot of people have some kind of payment method linked to their account.
In any case happy to hear that you are back!

5 years ago
Permalink

Comment has been collapsed.

Yep, two weeks before I can trade again or anything, but least of my worries, right?

Glad to be back. :)

5 years ago
Permalink

Comment has been collapsed.

grats

5 years ago
Permalink

Comment has been collapsed.

Nice to hear. Welcome back! :)

5 years ago*
Permalink

Comment has been collapsed.

how long did it take for you?

5 years ago
Permalink

Comment has been collapsed.

About 36 hours :(

And that was after hitting them on Twitter and Facebook to pressure them about 10 times

5 years ago
Permalink

Comment has been collapsed.

Glad to hear that! ^^

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 4 years ago.

5 years ago
Permalink

Comment has been collapsed.

Yey, just got my account back! :D

Sorry to everybody who got a scam message from my hacked account! :(

For people wondering, it took support around 24 hours to respond to my ticket, nothing is lost from my account, I did get a permanent ban from PUBG tho.... so now all that's left is waiting for a response from their customer support......

5 years ago
Permalink

Comment has been collapsed.

They are scamming people just to get them banned in PUBG?
Don't they have any other hobbies? -.-

Congrats for getting your account back! ^^

5 years ago
Permalink

Comment has been collapsed.

they probably wanted to sell my inventory stuff, but because they had to remove steam guard, there is a 14 day trade/market restriction :)

5 years ago
Permalink

Comment has been collapsed.

They probably intended that, but getting someone banned is just pathetic.
And even they must know about the 14 days restriction. I don't think any support will need 14 days. ^^

5 years ago
Permalink

Comment has been collapsed.

Maybe they are also selling accounts and cheaters are buying them?

5 years ago
Permalink

Comment has been collapsed.

Could be. But why are they perma-banning the account then (in some games)? I really don't get it - in what world are we living?

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 4 years ago.

5 years ago
Permalink

Comment has been collapsed.

Ow, and apparently I was added to a blacklist yesterday x)

Damn those scammers xD

5 years ago
Permalink

Comment has been collapsed.

Here on SG?

5 years ago
Permalink

Comment has been collapsed.

yup x)

I guess one of the people who received their scam message through steam thought it was me haha

5 years ago
Permalink

Comment has been collapsed.

Well, then have a whitelist as compensation! ^^

5 years ago
Permalink

Comment has been collapsed.

haha, thank you very much, you've been whitelisted back of course :3

(was eating dinner, sorry for the long response time xD)

5 years ago
Permalink

Comment has been collapsed.

Nevermind, I was eating dinner, too! XD

5 years ago
Permalink

Comment has been collapsed.

yeah I was added to a blacklist as well. oh well...

5 years ago
Permalink

Comment has been collapsed.

Congrats! Sorry to hear about the ban and a blacklist though... hugs

5 years ago
Permalink

Comment has been collapsed.

I can't even access the site all I get is some russian site saying its blocked.

5 years ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.