The author unfortunately this hell is spread.About login on sites using steam for authorization, pay attention.These fakes have their own difference instead of the Valve logo and the lock often hangs the inscription about blank.If there is the slightest doubt the guard code is not entered.These codes are valid for 5 minutes and one such code is enough for unbinding and hijacking your account
Comment has been collapsed.
i'm extremely happy you got everything back, thanks for the thread and celebrate =)
Comment has been collapsed.
What mate?
I posted the name of the website (but not as a link) as a warning, clearly advising NOT to visit the site. All I wanted to do was to make other Steamgifters aware of the danger - if somebody receives a link to the site that hijacked my account, they would know it's a scam. And yes, I also repeat: DO NOT LOG IN. That's the whole point of my thread.
Comment has been collapsed.
I think he's talking about the sgtools link because he said it's copying steamgifts and yeah it's a similar design. I guess he doesn't know it's not a phishing site :D But it would be nice if you don't include links (even unclickable) to the actual phishing site, someone might actually end up falling for it people are sometimes not very bright.
Comment has been collapsed.
i also got a message a while ago with the same site, and i really was wondering... how are they stealing my account by redirecting me to the official secured Steam Community login page? re-checking it now looks like when you click Login with Steam, the login window is not a real browser window, but a fake one that looks like the real one.
either way, no matter who's sending you messages about sites that give you 'free easy steam gifts', you shouldn't even be bothered to open the site.
Comment has been collapsed.
The only thing that Steam Authenticator does is give you a false sense of security and lulls you to keep your guard down for scams. It should be revamped or completely discarded.
I just use the email authentication. Any time I log in to Steam using a browser that has already been authenticated, I enter my password and it logs me in. If it tells me it sent a code to my email when I know I am using an already authenticated browser, I know something is up. Not so with the authenticator. Also, if I am already logged in to Steam, then it just gives me a button to authorize the third party website, no need to enter any passwords.
The problem is that Steam does not let you use certain features unless you use the authenticator, and this needs to change. It is a big security risk to use it.
Comment has been collapsed.
Also, if I am already logged in to Steam, then it just gives me a button to authorize the third party website, no need to enter any passwords.
This feels relatively important - but it's the same with having phone authenticator. I always log in solely on Steam's store page, and then I am able to log in with two clicks on any site requiring the link.
But we're just running circles, the authenticator would work perfectly if people would stop giving their information and security codes on random sites. But this is a PEBCAK problem, still waiting to be resolved.
Comment has been collapsed.
The lesson in this: never ever log into your Steam account from a third party site.
If a site "redirects" you to Steam for login, just close that site, go to Steam on your own (via bookmark or url), check that you're logged in and if you're not, only log in on that trusted Steam page. THEN go back to the other site. If it still asks you to enter your login, it's a scam.
Comment has been collapsed.
OK, I get it. Someone signed in to my Steam account using my nickname, password and the mobile code I entered.
There has to be some measure of accountability from the user, at least enough to know that the only site that should ever ask for your 2FA code is Steam itself, unless they add a 2FA to the 2FA. ;)
Comment has been collapsed.
No, you're absolutely right. I just wish Valve didn't make it that easy to change the phone number for your authenticator because it kinda negates the point of an authenticator.
I think people wouldn't act so stupid if they didn't feel protected by something which is, in its current state, as useless as a barking plastic dog.
And there would probably less people trying to steal accounts if they didn't know that it was that easy once they logged in.
I don't really get the point anyway since it's pretty easy to recover your account and the accounts that benefited from whatever money is stolen from wallets, or gifts transferred are going to get shut down. I mean... it's not as if you're stealing someone's wallet and vanishing into thin air. It's all only usable in Steam so the culprit is easily tracked. What's the point? Oh well.
Comment has been collapsed.
Bump and congrats for recovering your account so quickly!
My father had the same issue half a year ago and he got his account back within 2 days.
Steam support is normally really quick with these issues and from my experience, I can
say, that they are always friendly and try to help as good as possible. ^^
Comment has been collapsed.
I once got a friend request and someone tried to do the same to me. They gave me a link that I never clicked, but from what I searched about it, it would have put me in an unofficial Steam authentication page that could take my information.
Thankfully I knew to check, and while in my case it was some random who added me, you should even check links even if they are from people you trust. Not because you can't trust them, but if they happen to get compromised, then someone can try to use their account and take advantage of your trust to compromise your account as well and then it just becomes a chain reaction!
Glad you got your account back!
Comment has been collapsed.
Glad you recovered your account so quickly. Those scammers are learning to use your weak spots, like using the steam friend route to try and steal more accounts.
You learned the hard way and hopefully there were no major losses.
Thanks for the puzzle and giveaways :)
Comment has been collapsed.
congrats on recovering your account; it's not an issue for me as I'm rather wary of many things.
Comment has been collapsed.
Out of curiosity, did support tell you that this was a one-time thing? A few years ago, I fell into a similar trap and luckily got my account back. However, support also mentioned that they wouldn't help again if a similar issue happened and it was a one-time fix. Just a bit curious if anyone else has experienced this or know if it is true.
Comment has been collapsed.
Thanks for the reply. They've probably changed their policy sometime in the past few years then.
Comment has been collapsed.
I'm glad you manage to get it back without much trouble
Comment has been collapsed.
177 Comments - Last post 2 minutes ago by wigglenose
59 Comments - Last post 48 minutes ago by Chris76de
286 Comments - Last post 2 hours ago by hbouma
642 Comments - Last post 2 hours ago by Oppenh4imer
864 Comments - Last post 3 hours ago by Ashtart
255 Comments - Last post 5 hours ago by XfinityX
30 Comments - Last post 13 hours ago by TinTG
19 Comments - Last post 52 seconds ago by jahas10
170 Comments - Last post 10 minutes ago by PicoMan
31 Comments - Last post 11 minutes ago by PapaSmok
507 Comments - Last post 19 minutes ago by cyan3675
529 Comments - Last post 23 minutes ago by CommissarCiaphasCain
65 Comments - Last post 1 hour ago by reigifts
28,923 Comments - Last post 1 hour ago by Narashi
Despite my long experience with Steamgifts, this is the first thread in the forums I've created.
Just about half an hour ago I got my Steam account hacked. Someone from my friendlist sent me a link. I opened it and it seemed to be just another free giveaway site, like hundreds I had visisted before. The thing is, it requested to sign in through my Steam account, which I carelessly did. Even though I was using mobile authenticator, someone took over all my Steam data. I received a series of emails, informing me that my telephone number associated with Steam got changed, my authenticator removed, my email address connected with Steam changed as well, and my main password reset. I contacted Steam right away and I hope to get my access back - there's over a thousand games I've lost, many of which I haven't even played yet (including the Witcher 3, goddamn it!).
This message is a warning to all of you. The link used by the hacker was keysmagic.fun. Don' enter this link, if anyone sends it to you - remove from the friendlist mercilessly. The IP address of the computer used for the hack is based in Russia. Whoever did this, I hope you can never again get an erection, and your organism evolves taste buds in your anus, you f**k. To all other Steam users - keep safe, this may happen to you as well. Think before you act, just as I didn't.
EDIT: Account recovered, nothing's lost except some of my pride. Have a train to celebrate: http://sgtools.info/giveaways/d13c83b2-68e9-11e9-84e3-fa163e96784d
Comment has been collapsed.