Compromised OOer Steam Account Reporting Thread

[Lassr]

Now jaddison80

yep. although I never got a reply to my reply so his account may be locked now.

Nevermind, he just replied, must not be a bot this time. Reported him.

[Alefroth]

Nevermind, he just replied, must not be a bot this time. Reported him.

Ditto

[Carpet_pissr]

You guys sound pretty sure that it's not really Jaddison having a bit of fun with us and pretending to be a tricksy bot!

[Blackhawk]

You guys sound pretty sure that it's not really Jaddison having a bit of fun with us and pretending to be a tricksy bot!

Anything's possible.

But then, given that the advice I gave above is to get the person's account locked, after which Steam's investigation would show what actually happened, likely resulting in a permanently blocked account... that would be rather risky.

[dbt1949]

Just on the odd chance anybody wants to contact me on Steam chat I'm here to say it ain't happening.

[Daehawk]

naughty Steam boys

[Daehawk]

Harkonis is the latest member.

[Teggy]

Harkonis is the latest member.

LOL yup, just came to report this.

[Blackhawk]

Reminder: The first post has steps for responding to the problem. It is not necessary to unfriend him, and it is best if you do not communicate with the scammer (it will result in them unfriending you so you can't report them as compromised.) Seriously - if you get a message, report the account ASAP. The quicker people report it, the quicker it'll be locked, and the less the potential for damage.

[Smoove_B]

I do believe rmcolosimo has been compromised...

[Blackhawk]

rmcolosimo is next up.

[Blackhawk]

Missed it by this much.

Very important, since this is going around again: Don't unfriend or block them, but please report them so that their account can be locked before they do more damage. See the first post, or if you're lazy:

First, report them. It takes less than a minute. After a few people report them, the account is locked by Steam. That reduces the damage done to the rest of the victim's friends. Here is the process, starting from the person's profile page:

Spoiler:

Second, respond that you know it is a scam if you want to (but again, this may result in them unfriending you, forcing you to look them up again later.) There is no need to block them or unfriend them. They rarely waste time messaging you again once they know you're a failed target - they want to move on to as many people as possible before they are locked out.

Third, post in this thread to warn other OOers.

Bonus community service: Send them a PM on OO, or contact them elsewhere to let them know ASAP that their account is compromised. They'll want to act fast. Then link them to this thread.

[Lassr]

RMC is hacked also.

[Daehawk]

rmcolosimo

[Baroquen]

rmcolosimo is next up.

Can confirm.

[Zarathud]

Definitely rmcolosimo's turn. So funny to get these texts from him
"sup
u can help?
Why are you silent?
u here?"
If you've ever met RMC, you know that's not him.

[Blackhawk]

I got in touch with him on Facebook - thankfully the OO FB group has a 'who are you' thread.

FYI, I also sent out messages to him via OO and email, just to ensure he knew ASAP.

[Lassr]

I got in touch with him on Facebook - thankfully the OO FB group has a 'who are you' thread.

FYI, I also sent out messages to him via OO and email, just to ensure he knew ASAP.

Great, I did submit a report to Steam also.

[RMC]

Sorry everyone, I got hacked. But I fixed it, so please ignore any messages coming from me in chat.

[RMC]

Definitely rmcolosimo's turn. So funny to get these texts from him
"sup
u can help?
Why are you silent?
u here?"
If you've ever met RMC, you know that's not him.

Sigh. Thanks, and yeah. Not sure what I did. I had two factor authentication on, but did something I shouldn't have.

[Blackhawk]

Definitely rmcolosimo's turn. So funny to get these texts from him
"sup
u can help?
Why are you silent?
u here?"
If you've ever met RMC, you know that's not him.

Sigh. Thanks, and yeah. Not sure what I did. I had two factor authentication on, but did something I shouldn't have.

The most common cause is that you got a message just like that - or the one in the first post in this thread. It's a carefully designed scheme that makes you think you're logging into Steam, but are actually passing your information on to a third party who uses it to log in. You enter your credentials and hit enter, and they're taking those credentials and trying to log in within milliseconds. If Steam asks for an authenticator, they pass that request to you in an identical popup, and you put in your code, which they pass on to Steam. And the entire process is automated - you hit 'submit' and they've logged into your account, provided your authenticator code, removed the authenticator from your account, and changed the login/password in a matter of seconds.

[Bad Demographic]

I (unthinkingly) responded so if you get a steam chat from me, disregard it.
I've changed my steam password - i hope that suffices. (and I sent an OO pm to RMC)

[RMC]

Yeah, I think I got something like that the other day. Darn, I know better. But I have the app on my phone, and usually scan the QR code, I thought that was pretty good at making it hard to hack. But I guess being an idiot is still being an idiot.

So will my account get suspended by Steam? I opened a ticket with them, explaining what happened. Since I had some money in funds that the person who hacked me used to buy some stuff off marketplace.

I did disconnect all devices connected to my account, and changed my password, but my email address and phone connected to the account were still the same.

And just noticed that they blocked all my online friends, so I wasn't getting any messages from anyone. Sigh.

[Blackhawk]

So, for clarity for everyone, I followed the link on the attempted scam link RMC sent me (with all of my shields set to maximum, and knowing what part of the process actually compromises the account) just to show what it all looks like:

1. Receive a message like this asking for a vote:



2. Go to a very legitimate looking website:



3. Click on 'Vote' and get a login prompt:



Everything there looks just like a site legitimately logging you in through Steam to use the Steam API. Even the URL at the top is correct (because it isn't actually a URL field, it's just a text field.) I'm not kidding - I logged out of a legitimate site that I use and logged back in. Here's the real one:



And as soon as you sign in to the fake account, they're using the same information to log in to Steam, and then feed you directly back and response Steam gives (like "Enter authenticator code.")

[RMC]

Yeah, I did follow that the other day, someone asked me too vote for something, and in a moment of weakness I did it. Sigh.. Never again.

[Blackhawk]

Yeah, I think I got something like that the other day. Darn, I know better. But I have the app on my phone, and usually scan the QR code, I thought that was pretty good at making it hard to hack. But I guess being an idiot is still being an idiot.

So will my account get suspended by Steam? I opened a ticket with them, explaining what happened. Since I had some money in funds that the person who hacked me used to buy some stuff off marketplace.

I did disconnect all devices connected to my account, and changed my password, but my email address and phone connected to the account were still the same.

And just noticed that they blocked all my online friends, so I wasn't getting any messages from anyone. Sigh.

Steam may still lock it, but only until they confirm it's you.

If you were able to change the password, then that's good news - this new team may only be using part of the toolbox that the old one was. The old one would have changed it within seconds (or maybe Steam added delays in changing certain combinations of information.)

[Blackhawk]

Also, this is why I say that everyone should bend over backwards to not show that they know it's a scam (I delayed them while I reported the account, and already had the report button up before I sent the very first response), and then do everything to try and contact the victim so they can respond ASAP. Once they know you know they can block you, which makes it much harder to do anything about.

[Daehawk]

Fun days to look back on some day....maybe.

[Lassr]

Now Eel Snave

[noxiousdog]

Now Eel Snave

Yep. Just got it.

[Daehawk]

yep ES has been hounding me in chat. Just ignoring...will report.

[Blackhawk]

Anyone try to send him a message to let him know?

[El-Producto]

Hey All, long time no post!

Eel Snave is all over me, I reported the account.

Cheers

[Blackhawk]

I was able to get him a message, again via the OO Facebook group. That's more useful than most know - it also gives us a way to communicate when OO isn't available.

[Eel Snave]

hooooorayyyyyyyyyy

[Blackhawk]

See what happens when you disappear for a few months?

[Eel Snave]

That'll teach me.

[Blackhawk]

there are surprisingly few red flags.

It's a well-known scam that has been in use for years now. Getting a Steam message from a friend asking you to vote for their Counter-Strike team is the red flag. It's up there with getting an email from a Nigerian prince.

I'm probably more paranoid than most, but any sort of message asking me to click a hyperlink is a red flag for me.

Absolutely true. Anything that involves a hyperlink is red flag enough to at least do a search first. I meant more that, once you follow the link, there is nothing that makes it stand out as wrong - except for one thing, and that's only obvious if you log into other sites through the Steam API often enough to notice it:

I'm hyper-paranoid about this stuff and don't ever (EVER!) use my Steam Login for anything but logging into Steam. I refuse to even do those "Your Year in Review" things, as they need you to do just that.

And that's the difference. If you're already logged into the main Steam site on your browser, using one of those third-party Steam logins doesn't require your credentials. A real sites gives you a popup from Steam asking if you want to allow access to your profile. That's the thing that people miss - you cannot log in to any site with your Steam password other than Steam itself. Where it throws people is that if you're not already logged into Steam when you try to connect, Steam itself asks you to log in - and that's what this is spoofing.

Instead of this:



You should get this:



And when you click 'Sign In', there's no followup - it simply gives the site access to your profile, no extra password required.

The big difference is that you're not giving them your Steam credentials - all you are doing is giving that site access to your public profile. It's the same stuff that a friend would see upon logging in. There is absolutely no mechanism there that allows the other site access to your password - it's literally as safe as having a friend look at your profile, and the site can't do anything with it that your friend couldn't do. The whole point is to give utilities like sites like LaunchBox or GoG Galaxy, and sites like steamcompletionist.net or HowLongToBeat access to the list of games you own, your achievements, your playtime, etc, that you've made public so that they can provide services (like ways of tracking your backlog, or sorting your library more effectively, etc.)

If there's ever a question about a login, just make sure you're logged into the Steam website itself first - go there yourself and log in. If the other site still asks for your login info instead of just giving you the "Sign in?" prompt, there's something wrong. If you really doubt, clear your cookies and try again. If you're logged into Steam and it still asks you for your password, that's a red alert.

There's nothing wrong with choosing not to, that's perfectly legitimate. But I did want to clarify how they work differently for those who are on the fence. Connecting a site/app to Steam is not the same as giving them your credentials.

[Unagi]

hyper paranoid


but, I do appreciate the light you have put on the distinction.

I have found the "I want to put no thought into this, but I also want no risk" to basically result in "Then can you do without the feature being presented?" - If I can, I move on.

I'm like this to a fault. And I need to actually work on it. But then there are times (like this thread exposes) where I sit comfortably in my "I never ate the fish" position on Airplane! and my behavior is reinforced.

[Blackhawk]

That's the thing - it's not obvious how it works until after you've done it.

They really should change the 'Sign In' button to 'Share Profile.' The term 'Sign In' suggests that it's something other than what it really is. In practice, you're just give the site/app limited friend access.