I just bumped into this video on YouTube, today. It actually has some useful information, so I thought I would pass it on. It does contain some gratuitous self-promotion, but you can simply discard that and just take the benefit of protecting yourself from scammers. Hopefully, this will help those of us who are unfamiliar with these types of scams.

How to Not Get Scammed

4 years ago

Comment has been collapsed.

4 years ago
Permalink

Comment has been collapsed.

Nice of you to bump. )

4 years ago
Permalink

Comment has been collapsed.

Thank you for the info, it is really helpful!

4 years ago
Permalink

Comment has been collapsed.

Good advice. Most worthy of a bump!

4 years ago
Permalink

Comment has been collapsed.

The burp at the beginning of the video made me close it right away. I don't really like disgusting people. Sorry! I'll keep using common sense :)
But maybe this help people, so I will bump.

4 years ago
Permalink

Comment has been collapsed.

That is just typical Anomaly, Believe me you just saw tip of the iceberg

4 years ago
Permalink

Comment has been collapsed.

Yeah, I had the same reaction, but I waved it aside so as to see what advice he actually had to give. I cannot blame you for not wanting to deal with it, though.

4 years ago
Permalink

Comment has been collapsed.

I actually watched it now just to see if he says anything not "internet common sense". But all he says it's stuff anyone that uses the internet knows or should know.
Not trying to say that I'm above all people and people that fall for scams are idiots. I just don't find any of that information useful for MYSELF. BUT it Is probably useful for someone, like young people starting on the internets ou people staring on the trading items bussiness.
But as a begginer point of view... I thought the video could use some more polishing and a little less confusion on some explanations.
He does a good job, not a great one! And those burbs make me close the video... But are probably funny for the kids, and that's his target, so... Can't blame him for doing that.

4 years ago
Permalink

Comment has been collapsed.

For me, the info about how to tell whether or not a website is "reputable" or not was new, as was the info about the iCloud hack.

4 years ago
Permalink

Comment has been collapsed.

#1 Never log in after following a link. Always go directly to the site and log in, then follow the link.
#2 Use a password manager with a strong main password and generated passwords for each individual site.
#3 Never install/run anything from a unreputable source. Do not follow links go directly to the source.

Didn't watch the video as it's 16 minutes and annoying but following the above 2 rules should prevent all of these kinds of scams.

4 years ago
Permalink

Comment has been collapsed.

Well, it seems most users can't read, so maybe at least they can watch a video.Worth a try.

4 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

4 years ago*
Permalink

Comment has been collapsed.

The API key just allows it to log in without another 2FA code.

This part is not true. You can't log in with api key. API key is.. well, as name suggest, it's a key that allows to use steam web API. It allows to send/receive trades for example, perform some other actions, obtain some data about account. That's actually why ASF uses it, to perform some of it's tasks.

4 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

4 years ago
Permalink

Comment has been collapsed.

ASF activates it automatically, but I don't know if it does it on first demand or just everytime. Anyway, there is nothing wrong in having API key, if it was a vulnerability by itself - it would not be there in the first place. As long as nobody but you has access to it - you are safe (and if it's used by ASF - it's still used by you, ASF is just a tool you use.)

4 years ago
Permalink

Comment has been collapsed.

That's old screenshot. Current versions of ASF actually generate keys as generated.by.archisteamfarm.localhost, exactly for this reason.

This still doesn't mean that a code generated by ASF can't be hijacked by a scammer and used for malicious purposes. If there was a way to generate API key and save it for ASF usage only WITHOUT outright giving it on the website for everybody to see, I'd be the first one to make use of such functionality. There is no such thing sadly.

Having API key generated is not anything to worry about. Giving other people access to it, is. If somebody suspects that his account has been hijacked, he should change his password, deauthorize all other devices from his account, and then revoke his previously generated API key, in this order. Any properly written tool (such as ASF) will just generate a new one for usage in this case, which is like I initially said, entirely normal and not a security risk. It's just yet another way to access Steam account - if hijacker has access to view your API key, then by definition he has access to generate new one and keep using it, and if he has no access to your account, then there is no way how he can use API key after you revoke it, provided that he saw it before, because if he didn't have access to your account at all, then there is no way how he could write it down.

Revoking API key is one of the 3 things you should do after getting hijacked. You can revoke it anytime you wish, but unless nothing really needs it, a new key will pop up soon enough generated by a tool that will require it (such as ASF). Being paranoid about API keys doesn't help, it's enough to treat it as yet another password to access limited, yet powerful things to do with your account. If your password is compromised, you change it, same for API key.

4 years ago*
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.