"Account functionality will be limited. Ban are permanent, non-negotiable and cannot be removed by Steam support.
We allowed you to send valuable skins to a friend or a storage account within 1 hour." This should had hit not 1 but 100 red flags..
In any case.. It happened.. I don't know if Steam will help with this but for anyone in a similar situation I would advise 1 thing only:
In WHATEVER case you are not sure about ANYTHING you stop whatever you do and send to official steam support ASAP. No other actions whatsoever. If you have added the option to lock your account, if you feel a big threat lock it down and send to support.. And add all available options for recovery (mail, phone, codes).
I repeat because it's the only thing that matters. IF YOU DOUBT ABOUT ANYTHING SEND TO OFFICIAL SUPPORT ON YOUR OWN. Don't respond to e-mails coming from anywhere or whatever. Send to support ON YOUR OWN. Through the official steam page and no other link. Don't take any other rushed actions as it will more likely do more bad than good.. Max you can do is request a manual lockdown to account and again SEND TO OFFICIAL SUPPORT ONLY.
As for this case.. I think I covered it.. Good luck with this and hope steam can help you on the traded items (but I have no clue if it will.. I think in cases like those they don't.. But exceptions exist.. who knows?).
Comment has been collapsed.
I had 2FA enabled, phone number, everything. And they still managed to do this.
The only reason I traded the items was because I trusted that friend. Turns out, they just told me on messenger that they hadn't been on Steam for a month.
The thing is, Steam support is painfully slow. I already sent a support request but I have yet to hear from them.
Comment has been collapsed.
Unfortunately, these types of scams are prevalent on Steam. There's a very good guide to spotting them that someone wrote for CSGO that I see circulated now and then, which really should be required reading for anyone who wants to trade items.
Your case sounds exactly like what happens when you log into a phishing site with your Steam account and enter your 2FA credentials. The scammer's bot immediately logs into your Steam account using your authentication code and then hangs around dormant. You likely got tricked into logging into a "vote for my TF / CSGO team" website by a comment from a compromised friend's account, or a random "join our tournament" or "trade skins for free" comment from someone you played a recent game against.
The scammer's bot can only do cosmetic stuff (like change your profile to to spook you), initiate trades, or send chat messages. They still need you to confirm trades from the app, so they trick you into thinking something is the matter with your account so you'll trade your items someplace "safe". Once that happens, their bot cancels your original trade, sets up another one to an account that spoofs the name and icon of your friend, and waits for you to authorize it.
I hate to tell you this, but Steam won't help you with this, because a) you gave away your credentials at a compromised site, and b) you approved the trade without confirming all the credentials of the person you traded to (Steam level, age of the account, etc). You'll need to take immediate steps to secure your account, because the bot is likely still there waiting for you to make more trades or using your account to send chat messages to your friends to lure them to the phishing website.
Comment has been collapsed.
Yep, sadly because of this. This was fake site and they reach to your account but not steal anything. Because of if they did, you can recover your items.
They added fake message on your profile, then you traded items by yourself which cant be recover.
This is well designed scam. But still "You can transfer your valuable items in 1 hour" message should be aware you about this is scam attempt.
Hope support can help.
Comment has been collapsed.
I copy-n-pasted the following steps from a similar topic in a thread from the Steam Discussions forum. There's usually a few people each day who get scammed, and this seems to be an almost default reply from some of the long-time users.
Comment has been collapsed.
The best piece of advice I can give you for the future is to always log into your Steam account at the official Steam website before you go to a third-party website. When that third-party website asks you to login, you should get a one-click login button without having to enter your 2FA credentials again. If it does ask for credentials again, then it's trying to phish your 2FA data.
Comment has been collapsed.
They do not make you link your steam account when redeeming Seven: Enhanced edition on GOG. Think about it for a moment. That doesn't make a lick of sense. Steam and gog are two different storefronts.
I was able to redeem the game having an unlinked steam account, and just linking up my gog account (which I can't remove again unless I contact their support for whatever reason).
Comment has been collapsed.
I did learned something today.. Huh.. I was under the impression this happened more.. manually not so 100% automatic. a bit less.. Huh.. Bots never stop to amaze me
Comment has been collapsed.
The phishing ones are all bot driven. There's no way for a human to always be online at the exact moment you trade your items in order to redirect the trade. Let alone being able to change the account name and icon of the receiving account so quickly.
Manual human actions are behind the social engineering scams, though. The scams where someone claims they accidentally reported you for cheating or duping items and says a "Steam Admin" needs to talk to you. Then they send you to a Discord where someone pretends to be a Steam Admin and tries to trick you into sending your items to be verified.
Comment has been collapsed.
Unfortunately yeah it was a human error..
Steam response times are.. slow at times but when it's about something with real value I think it worths the hustle and the trouble of going through that channel..
I had a similar problem last year, but it was a breach from steams end, making me lose access to my account (you guessed it.. hacking for CSGOOOOOOOO..). It was on a Friday too.. Didn't got a response until 3-4 days later and having to prove 423424 different things but since it's not a free account over a site and it holds real value items I preferred to stay game-less for a few days than lose it all (which reminds me.. do NOT save your payment information on your accounts.. take the time to add them manually at each purchase as if something goes wrong you will need to do eeeeven more actions and stay without money too for days) . But I was lucky.. The allowed me to refund a past transaction and buy what I wanted (since it was not my fault in any way-it was on steams end). Same thing 3 days ago with my PS4 account.. But that was for FIFA and PES........... I demanded answers for how they entered and changed information but all I managed to get as an answer was.. "sometimes things happen we are truly sorry". Anyway that is off topic, moving on
It doesn't matter now but all your situation is a red flag.. You got tricked.. The timing of the friend all of it.. And 1 thing steam screams wherever you look.. Don't give info, don't give items, valve doesn't ask for your passwords, NEVER trade your items because steam asked you to (steam never does that) and 23423 other things.. But it is pointless at this point..
Try explain to them what happened and lets hope they will help with the recovery too (especially if your friend makes a claim for account too). It will be difficult though.. I need to re-read the terms but I think they don't interfere with traded items in such a way as it is the users fault. By still.. good luck with it
Comment has been collapsed.
I had 2FA enabled
People need to stop considering 2FA as a silver bullet. To me, it's nothing more than a silver pain in the butt.
That being said, pretty creative scam indeed... Good luck with support
Comment has been collapsed.
A steam friend of mine messaged me yesterday too and it felt suspicious. He asked if i was busy, we talked a bit, and then he asked if i can help him with some votes for his team so they can get into top 3, and he'll give me some keys as a thanks.
After that text i caught on that it's one of those scams.
So i wrote back to him the following: "if it involves you sending me a link and needing me to log in with my steam account than sorry, but no, i can't help".
After this he didn't text anything back, just unfriended me.
Need to be careful with things like this. :/
Sorry to see that you lost stuff as well, hopefully Steam support can help you out.
Comment has been collapsed.
SG Support also sent such a notification.
PSA: Newly Hijacked Steam Accounts - Several Somewhat Known Steamgifts Members
You had better look at it first.
First, let's report to Steam Support.
Reporting malicious content to Steam is recommended.
Reporting content within the Steam Community - The Steam Community - Knowledge Base - Steam Support
Comment has been collapsed.
Recovering a Stolen or Hijacked Steam Account - Account Recovery - - Steam Support
That's right.
There is a principle that the item is not guaranteed at all.
Steam Support does not restore items that have left accounts for any reason, including trades, market transactions, deletions, or gifting.
It's not about you.This is the story of "what if".
The person who stole your account will notify your friends that you have lost all your items because your account has been stolen.
And may take away "a lot of presents (support in good faith)".
And will report the same after you regain your account.
And things get messed up.
Isn't such a terrible thing happening?
I hope nothing terrible has happened.
Comment has been collapsed.
If ever in doubt ask your friend something you and him/her only know. Will be harder for the scammer hijacking your friend's account to figure that out. That's what I'm doing and so far it never failed.
The best I could do now is to say good luck to you and I bloody hope that Valve's support will help you out...
Comment has been collapsed.
That's one of the key ingredients in the most common scams. Create a sense of urgency so the victim doesn't have time to rationally process what's being asked of them, because more than likely if they think it through they'll realise something isn't right.
Comment has been collapsed.
So someone had access to your account, they changed your display name and posted that message on your account. Then had a "friend" tell you trade items to your alt account? So you traded items to your alt account... which happened to get spoofed?
Not one thing here makes any sense at all in the slightest.
Comment has been collapsed.
My Steam account was hijacked just an hour ago. They changed my display name to my Steam ID, and wrote the following on my profile:
ACCOUNT ALERT - 12 December, 2020
This account has violated the Steam Terms of Service Agreement.
This account has been flagged by Steam Support for violations of the Terms of Service Agreement. Purchasing, gifting, trading, buying and selling items on the Community Market, and cd-key activation will be disabled.
Account functionality will be limited. Ban are permanent, non-negotiable and cannot be removed by Steam support.
We allowed you to send valuable skins to a friend or a storage account within 1 hour.
The person on your account changed the name of your account.. then they posted that message on your account. If they have access to your account why ask you trade the items when they could have just done it themselves?
Exactly then, I had a friend of mine message me urging me to trade my items. I trust that friend, so I made the stupid decision of trading all my gifts to an alt account. Turns out, they spoofed my alt account and the trade offer was redirected to that spoofed account. When I confronted my friend to message me on Facebook, they said they would, but then unfriended me on Steam, which is enough proof to me that their account was compromised as well.
So then a friend that you not only know on Steam but also on Facebook messages you and urges to trade the items to one of your alt Steam accounts. And you trade the items to your alt Steam account which is compromised as well. So now all of your items are on your alt Steam account.
So not only did this person have your Steam account and also your alt, they also controlled your friend's Steam account as well?
This is a very sophisticated scam, be very careful of this sort of thing. I contacted Steam support about it just now, but I have no hope of them recovering my items, as their FAQ says exactly that they won't.
Attached is a screenshot of all the items I lost.
Like I said none of this makes any sense in the slightest. The scam sounds like it was created by someone of minimal intelligence to be honest, so far from sophisticated.
And yes unfortunately Valve won't give back any items involved in trading scam
Comment has been collapsed.
Even though you can understand the gaps in logic now, you're not putting yourself in the shoes of someone who ends up panicking.
Also, the alt account wasn't compromised, it was spoofed, as in, the hijacker made an account that looks the same as my alt, and tricked me into sending the items there.
Comment has been collapsed.
How did the person know what alt is yours?
Are you not friends with your alt account?
I just really can't wrap my head around the fact that your own account posted what looks to be "warning message" from something valve would post and you know your account compromised and wants you to trade you items... Nothing makes sense.
Comment has been collapsed.
I am friends with my alt account, yes. I have no idea how they created the spoofed account. But what I do know is the trade was intercepted somehow, maybe through a bot? I have the trade shown as "cancelled" on the alt I supposedly sent the items to, but none of the items are available in either account.
You can see in my screencaps that the accounts are similar but clearly different, which was not apparent in my state of panic. Also, the spoofed account already changed to another identity, presumably to engage in the same behaviour.
You can see none of the items listed are in my inventory any more.
Comment has been collapsed.
From what I gather reading these posts, the hijacker messed with the original account, then unfriended the alt and friended a fake alt.
This definitely looks like a case of social engineering. If you have 2FA enabled on your account, you can't send a whole slew of items across to another account without confirming with a code. So, even if they had access to the account, they needed the owner to send over the items.
What doesn't add up for me is how they knew which account was his/her alt. That would suggest that the scammer is friends with ayuinaba on Steam, and possibly the other friend who's account was also hijacked. They chose their moment to hijack both accounts. The scammer is probably a random add from some time ago that they have chatted with, giving them an opportunity to find out the right info.
I dunno, I could be wrong. Just trying to make a little sense of it.
Comment has been collapsed.
They didn't know which account was my alt. They impersonated a random friend (they picked one I trusted, coincidentally), and then hijacked the trade into a spoofed account.
The scammer hijacked my account yesterday, through the phishing site (just noticed I didn't mention this on the OP - but I was sent to a phishing site by a friend to vote for a CSGO team, and it looked very professional so I didn't even think twice about logging into Steam there). So they didn't really take much time to think about this, I don't think.
Comment has been collapsed.
If they have access to your account why ask you trade the items when they could have just done it themselves?
My money is on: that's a pretty creative way to bypass 2FA.
It's not particularly smart as in "it would fool someone careful" or sophisticated as in "this took some hacker skills", but still I find this artistic. "Social engineering" much 👀👀
Comment has been collapsed.
The reason why they did this was, as someone else pointed out in this thread, to stop Valve from having a reason to retrieve the items back. If they had done it themselves, Valve would have to pin down the culprit. Otherwise, they'll just assume it was me who gladly traded the items.
Also ShannonA81 made an even more compelling point; they'd need confirmation from 2FA to send the items.
Comment has been collapsed.
Also ShannonA81 made an even more compelling point; they'd need confirmation from 2FA to send the items.
That's literally what I said in my first sentence 😇
Comment has been collapsed.
This is a very common scam that has been tried on me countless times. Foolproof way to avoid phishing scams like these is to open up a new tab, go to the steamcommunity homepage yourself and login there. If you still aren't logged in on the site your "friend" sent you, it's a scam. You can also go here https://steamcommunity.com/dev/apikey if you think your account is compromised to see if there are any api keys for your acc that need to be revoked.
Comment has been collapsed.
And people laughed at me whenever I said that I don't have firends. Well who's laughing now ahhaahhaaha
soft sob
Comment has been collapsed.
OMG! The bastards. This would never happen on any legit website. Steam would never give you an option like "you have an hour to trade everything." If they were going to permaban you, they'd just do it, your account would be frozen basically, and you'd have to appeal the decision to get your stuff back.
Sorry this happened to you and I'm not blaming you at all. It could happen to anyone. But whether it's Steam or any other platform, bank or anything else, think about it rationally and don't panic. Scammers rely on that panic in order to get you to slip up. If in doubt reach out to support via their official support channels. You're never going to be given an ultimatum that requires fast action. Always a scam.
EDIT: Haha! Someone actually blacklisted me for this post. <3
Comment has been collapsed.
Ah, thanks. <3
Don't worry, I didn't feel bad. You know, with everything going on in the world right now, you have to find reason to laugh at all the silly things that don't matter... like blacklists. ;)
I hope you get your account sorted soon. ^^
Comment has been collapsed.
https://www.steamgifts.com/stats/personal/community
These are all of your stats. =)
I wouldn't read too much into it though. It's okay to check every now and then out of curiosity. The hilarious thing about it is that I rarely check it. I was looking at my luck graph, scrolled down and saw a new BL. That was the only post I made today, so was like... Haha! Some people are very sensitive and blacklist if they think your comment slightly rubs them the wrong way. =)
Comment has been collapsed.
It's an old scam constantly being brought up as "new" by victims or near victims on the steam forums.
But that's just a side-note.
One thing I feel is important though:
The people in your friends list are not your friends in the traditional sense. They are acquaintances. People you just happen to have contact with that you do not really know personally, either through meeting or talking to in real-life like telephone etc. They can be impersonated by anybody. If you don't have their telephone number and can call them any time then they're not a friend.
Btw, even companies fall for impersonation scams too and transfer thousands and never get them back.
Comment has been collapsed.
He does have a point.
I have some friends that I know only online, but I've known for probably 15 years. A couple of them, I do have their phone number, am friends on Facebook, that kind of thing. They don't live in my country, but they ARE real friends. No one could impersonate them without me finding out somehow.
But, if you only know a username, have never talked to that person on the phone, you don't know what they look like, then they are more of an acquaintance than a friend. You would have no way of knowing if someone hijacked their account, or at least no way of confirming it. (Unless you get a second point of contact with them, like Discord, or other chat client). I have some friends like that, but they're not close friends, just people I chat to now and then, or play games with. =)
Comment has been collapsed.
I know what they look like, though; their real name, etc. And I did have an alternative way of contacting them (facebook). But the sense that I had to get rid of my items in 1 hour made me completely overlook the possibility that I could contact them there.
Comment has been collapsed.
I didn't say anywhere you have to be in the same country.
Comment has been collapsed.
Roaming charges are when you are using your mobile phone in a foreign country. And if you're in the EU you aren't charged extra on your allowances from your provider.
Plus, back in the dial up days calling people in other countries was certainly more expensive but not impossibly so.
That's why your comment confused me.
Comment has been collapsed.
Yesterday was my friend scamed through discord. Someone wrote him as Steam support and ask him for credentials, because he was banned. If I dont had experience with with stolen FB account, maybe I would be scamed too. It looks so legit. People, be careful... dont be scamed with someone who start communication first. No one give you helping hand for free. Always go with official route. Internet is not house on fire. Dont want to save anything by sending it to other place.
Comment has been collapsed.
All my friends are also on Discord and I hate messages on Steam. If any of them ever message me on Steam, I would know their Steam account got hacked. (Or I yell at them in Discord to stop it)
Either way, sucks this happened to you :/
Hackers and scammers needs to die.
Comment has been collapsed.
Because they needed the real owner to authorize trades away from the account, which requires 2FA. Editing the profile, which doesn't require as much security as trading, was done to trick the owner into thinking trading items away to an alt or friend was necessary.
Comment has been collapsed.
I feel sorry, this was nearly happening to me yesterday. Someone on my friendlist asked me to vote for a CS:GO team, I said yes because why not?, but then when this guy sent me the link I immediatly sniffed smelly scam.
It took me a while to take action, since I was a little busy and after a while He wrote me back with a "????" and after some time again He removed me as friend. Weird, I mean, I didn't know him at all but We were friends on Steam since years for sure. Also his account doesn't seem to be affected by anything, so I guess He may be the scammer himself.
Well, beside that I wanted to see what could happen (yes, a lot risky I know) and I voted but with a fake account, and apparently They didn't care about It since nothing happened/changed on this account.
Comment has been collapsed.
This is very common scam nowedays, I have been messaged to vote for teams about 3-4 times.
I open this fake ass csgo site and if I click on anything it will open a giant notification saying "Login with steam please", and then open a page that looks like steam site but ask for my login and password again, I mean i'm already logged in on steam lol.
Comment has been collapsed.
Wait, what? The 2FA is supposed to prevent it. If the OP had 2FA I don't see how this is possible unless their 2FA is going to their e-mail. Every time I ever login to SG, ST, SD, Les Trades, etc I am presented with entering a 5 digit code on my phone. At least once a day I have to enter the code.
Comment has been collapsed.
2fa is not a panacea, especially if that's crappy steam implementation.
It's a case of phishing. Scam site pretends to be steam and requests login and password, user enter it. Site requests 2fa, and since steam always requests 2fa, user does not suspect anything, and enters 2fa code. PWNED.
If user had email steam guard instead, they would suspect something when site requests 2fa instead. And even if site is smart enough and request mail code instead - user will (I really hope) suspect something, since usually you don't need to enter mail code again on the same PC, so if it's requested - it's not normal.
So yes, 2fa increases chances of being scammed. Of course, it increases chance of scam only for gullible users who fall for this kind of scam, since cautious user would never enter password on third-party site to begin with. Can it be improved? Of course it can - if steam did with 2fa the same they did with mail guard codes - request it only once per device. This way even if user gave password to scammers - they won't be able to login, and user would suspect something if asked for 2fa code on authorized device. I actually send this suggestion to valve security team, but it seems they don't read emails (maybe just illiterate).
Comment has been collapsed.
True. Thanks for the info. I'm not familiar with the scams. I don't play CS:GO or anything or maybe people are afraid to message Pinhead. lol
Comment has been collapsed.
Well, I never was a target of such scam myself... or maybe once? But I'm always curious when people get scammed, so I've seen the scam sites they use. New types of scam rarely appear, it's usually all the same shit. But it's always user giving away their credentials to scammer...
Comment has been collapsed.
Sorry to hear about your account. I was a victim of phishing myself about a year ago and I know how much it sucks.
One of my steam friends also asked me to vote for a CS:GO team a few months ago similar to you, but I had learned from my mistakes and reported their account instead. As you might expect their account was indeed compromised. Fortunately their account was returned to them not long after.
This scam in particular has been going on for some time. I'm sorry about your items and hope others notice your warning before they make a mistake.
Comment has been collapsed.
We allowed you to send valuable skins to a friend or a storage account within 1 hour.
lmao
Comment has been collapsed.
Pro-tip: always open a new tab, log on Steam and refresh the other site. If you must login again, you just avoided a scam.
I'm sorry to hear that, sound like a lot of work for... Well, how do they make money out of it? Shouldn't they keep on scamming people to sell items or the whole account?
Comment has been collapsed.
9 Comments - Last post 19 minutes ago by yush88
721 Comments - Last post 27 minutes ago by Bum8ara5h
12 Comments - Last post 1 hour ago by steveywonder75
5 Comments - Last post 3 hours ago by yush88
30 Comments - Last post 4 hours ago by cpyd
4 Comments - Last post 5 hours ago by Lugum
25 Comments - Last post 5 hours ago by JHartmann
2,085 Comments - Last post 4 seconds ago by sobbiebox
123 Comments - Last post 27 seconds ago by Zero224
28 Comments - Last post 3 minutes ago by s4k1s
30 Comments - Last post 4 minutes ago by SirSage
41 Comments - Last post 9 minutes ago by SirSage
141 Comments - Last post 15 minutes ago by grez1
117 Comments - Last post 17 minutes ago by Momo1991
Just as a word of warning to everyone.
My Steam account was hijacked just an hour ago. They changed my display name to my Steam ID, and wrote the following on my profile:
ACCOUNT ALERT - 12 December, 2020
This account has violated the Steam Terms of Service Agreement.
This account has been flagged by Steam Support for violations of the Terms of Service Agreement. Purchasing, gifting, trading, buying and selling items on the Community Market, and cd-key activation will be disabled.
Account functionality will be limited. Ban are permanent, non-negotiable and cannot be removed by Steam support.
We allowed you to send valuable skins to a friend or a storage account within 1 hour.
Exactly then, I had a friend of mine message me urging me to trade my items. I trust that friend, so I made the stupid decision of trading all my gifts to an alt account. Turns out, they spoofed my alt account and the trade offer was redirected to that spoofed account. When I confronted my friend to message me on Facebook, they said they would, but then unfriended me on Steam, which is enough proof to me that their account was compromised as well.
This is a very sophisticated scam, be very careful of this sort of thing. I contacted Steam support about it just now, but I have no hope of them recovering my items, as their FAQ says exactly that they won't.
EDIT: Clarification for those who didn't read the comments on the thread.
Someone suggested my account had been hijacked through a phishing site, and I realised that was true. Yesterday, a friend of mine (coincidentally, a well-known SteamGifts user), messaged me asking to vote for a CSGO team. The site itself looked very polished and professional, so I didn't think twice about logging into Steam there. That's when they gained access to my account.
Afterwards, the hijacker friended me on their account, removed that user who sent me the phishing link from my friends list, and started impersonating another friend who I trusted well enough to believe them. That's when all of this started.
Attached is a screenshot of all the items I lost.
Comment has been collapsed.