Steam Guard Scam Warning

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Steam users should watch out for this scam. Head on over to Blue's for all the info, links and a screenshot of the scam in action.

Malwarebytes sends along a warning for Steam users they say they will soon publish on the Malwarebytes blog about a way scammers can bypass Steam Guard security in trying to gain unauthorized access to user accounts. This involves falling for a phising scheme along the way, but this is apparently easy to do as the technique uses screens and prompts that mimic the behavior of the actual Valve safeguards being exploited.
 
Okay so like why is that important? If someone else gets a buncha dumb achievements and those silly Steam digital collector cards for me, I'm pretty sure it's not a big deal aside from the annoying thing about unregistering other computers and making a new password. I mean, who even leaves Steam online when they're playing? For like the rare times I play something from Steam, the client thingey is offline so I'd never even notice it happening.
 
Okay so like why is that important? If someone else gets a buncha dumb achievements and those silly Steam digital collector cards for me, I'm pretty sure it's not a big deal aside from the annoying thing about unregistering other computers and making a new password. I mean, who even leaves Steam online when they're playing? For like the rare times I play something from Steam, the client thingey is offline so I'd never even notice it happening.

never go full retard.
 
The key here is falling for the phishing scam.

This is how several MMORPG accounts were hacked and stolen a few years ago. Players falling for phishing scams thinking they need to change their password or update account information.

People need to pay attention more to the website or the place the visit online. Also, having common sense can help here.

Almost always Steam will have SSL on the page you are logging in. If it doesn't, then it's almost always fake.

Code:
steamcommunity.ru
steam.community.com
accouts.l.google.com
blizzard.cn

*.po
*.cn
*.cz
*.ru
If you see anything that looks out of place then it's fake. Some websites will even fake the web address if they're sophisticated enough to do that. However, if you hover over the link in an email client like Thunderbird, it should show the actual URL. Also, disabling HTML and images to be shown in your email will help mitigate some of the phishing attacks.

Blizzard and Paypal used to have an e-mail address that you can forward an e-mail to if you believed it was a phishing e-mail. They would reply and tell you if it is or not. I am unsure if they still have them or if other companies have the same thing.

These are valid:
2014-04-17_10-48-33.png


2014-04-17_10-49-17.png


These are fake: (From http://www.reddit.com/r/Steam/comments/1yw25k/psa_new_phishingscam_technique_on_fake_steam/)
BbNfVFI.png
 
Also Steam does not ask you to upload anything to register the browser with the machine. If you do not receive an email at the same time the prompt is displayed in your browser than it's a scam.
 
Okay so like why is that important? If someone else gets a buncha dumb achievements and those silly Steam digital collector cards for me, I'm pretty sure it's not a big deal aside from the annoying thing about unregistered other computers and making a new password. I mean, who even leaves Steam online when they're playing? For like the rare times I play something from Steam, the client thingy is offline so I'd never even notice it happening.

Derp? It's important because if somebody else gains control of your Steam account they can get your account Permanently VAC banned from ever playing online games without cheaters again. It's happened to me. I had to re-buy all my games again. If it can happen to me then it can happen to you.
 
Easiest solution is to just never use hyperlinks, so if it says you have an alert on your credit card or steam or whatever, just go to the address yourself. Voila.

Told the same thing to family regarding phone calls asking for information. If bank says they have a problem, ask for a reference number and that you'll hang up and call them back at a number you know to be theirs (like the 800 # on the credit card or a previous statement).

*knocks on wood*
 
Derp? It's important because if somebody else gains control of your Steam account they can get your account Permanently VAC banned from ever playing online games without cheaters again. It's happened to me. I had to re-buy all my games again. If it can happen to me then it can happen to you.

It'd be slightly annoying at most. I haven't even used Steam in like 3 months to play anything (I don't even have the client thing installed) and there are 5 games in my library that I really don't care about. I also don't play anything onlinewith other people so being banned from online play...meh, no big deal. I get it that it might matter to other people who like to use their games stuff to make friends and playing games takes up more of their free time, but personally, it's a very unimportant thing to me.
 
Common sense, people. Most hacking of personal information nowadays is still done the old-fashioned way of social engineering.
 
It'd be slightly annoying at most. I haven't even used Steam in like 3 months to play anything (I don't even have the client thing installed) and there are 5 games in my library that I really don't care about. I also don't play anything onlinewith other people so being banned from online play...meh, no big deal. I get it that it might matter to other people who like to use their games stuff to make friends and playing games takes up more of their free time, but personally, it's a very unimportant thing to me.
clearly if you don't care about your account and barely use it then keeping it secure is not a priority for you. It *should* go without saying that this information is for those of us who care about safeguarding our accounts :rolleyes:
 
Hey id be careful,i got reported for calling him mentally handicap.

well that's not nice. I actually agree with the quoted post's points almost entirely; I just wanted to be sure the poster had sound advice going forward. for example, I often inform local race car drivers to watch out for snakes camouflaged on the ground and also not to drive too close to texting soccer moms because it gives me peace of mind knowing they'll stay alert while on the track and improve their survive-ability while in the sport.
 
clearly if you don't care about your account and barely use it then keeping it secure is not a priority for you. It *should* go without saying that this information is for those of us who care about safeguarding our accounts :rolleyes:

Why did you just repeat what I said in my post? :confused:
 
clearly if you don't care about your account and barely use it then keeping it secure is not a priority for you. It *should* go without saying that this information is for those of us who care about safeguarding our accounts :rolleyes:

Those of us meaning, ALL OF US. There shouldn't really be anyone out there that doesn't give a shit about their stuff online. I mean, the games you bought are paid for with your own money, would be a shame to lose them.
 
Thanks for the heads up. seems like nothing is sacred these days.

Should never have to browse for file(s) with steam activation.

I almost always try to just use the steam application to do everything. I know it sucks trying to always activate the smartphone to use the steam webpage though. It's really nice for those flash deals though.
 
This is hardly unique to me but definitely different. I probably receive an email at least 3 times a year claiming that I requested a password reset when I know I did not. However, I usually will then change the password the proper way just in case. I just wish there was a way to change my username to help prevent those things from happening.
 
It'd be slightly annoying at most. I haven't even used Steam in like 3 months to play anything (I don't even have the client thing installed) and there are 5 games in my library that I really don't care about. I also don't play anything onlinewith other people so being banned from online play...meh, no big deal. I get it that it might matter to other people who like to use their games stuff to make friends and playing games takes up more of their free time, but personally, it's a very unimportant thing to me.

Good for you, i have 72 games and i play soley online games so i need steam running while i play, if my steam account was comprimised i am out about $800 in games i have bought over the years.

Sorry, but for me that is a pain in the butt and there are many others like me.

If this is so un-important to you why did you bother posting in here.

Different people choose to spend their "free time" in different ways, sure there are thing you do in your free time that people would think are unimportant to them.
 
Good for you, i have 72 games and i play soley online games so i need steam running while i play, if my steam account was comprimised i am out about $800 in games i have bought over the years.

Sorry, but for me that is a pain in the butt and there are many others like me.

If this is so un-important to you why did you bother posting in here.

Different people choose to spend their "free time" in different ways, sure there are thing you do in your free time that people would think are unimportant to them.

I think I kinda covered that in the post you quoted. It was this part: "I get it that it might matter to other people who like to use their games stuff to make friends and playing games takes up more of their free time..."
 
Do like me. Don't even use that steam guard crap, then you will already know it is a scam. Damn every time you log in from some where new, or delete cookies, you have to go threw that steam guard crap all over.
 
Do like me. Don't even use that steam guard crap, then you will already know it is a scam. Damn every time you log in from some where new, or delete cookies, you have to go threw that steam guard crap all over.
It's there for your protection, and last time I checked Steam Guard was an opt-out feature if you so choose. Besides, it only nags you the first time you log in to a new computer/device.
 
Do like me. Don't even use that steam guard crap, then you will already know it is a scam. Damn every time you log in from some where new, or delete cookies, you have to go threw that steam guard crap all over.

tfa is pretty awesome in general, i use it on every site that has my real info.
 
Back
Top