Results 1 to 5 of 5
  1. #1
    Looks like I picked the wrong week to quit sniffing glue Chus's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Jun 2019
    Location
    Spain / Madrid
    Posts
    29

    Icon4 Steam scam / account theft

    Dear all,
    I would like to report an Steam account theft attempt / Steam VOTE MY TEAM SCAM and spell out a warning to you all.

    Please under no circumstances give your STEAM Guard Recovery Code to anybody or any website, other than VALVE´s own.
    No tournament site, no affiliated site or any related site should be requesting from you the STEAM Guard Recovery Code. Never use your Recovery Code for anything other than what it is intended to. (Switching mobile, lost account etc..)

    The facts:

    I´ve been approached by an account which I know from AOD to vote for his team on an
    CS GO website for a tournament.
    Once I got there and tried to vote for the team.
    Then I was requested to logon with my Steam Credentials.
    (Which most probably has compromised them. - So be aware of your passwords.)
    The thing is, instead of requesting my STEAM Guard code to complete my authentication, it is requesting my recovery code to transfer or deactivate my STEAM Guard.
    Which I obviously did not.
    I received several SMS from the Steam System sending me my Recovery Code which I did not request. Also I got notified by Mail.
    It looks like the website with my credentials triggered the recovery function and was going to deactivate my STEAM Guard.

    Please NEVER use your Recovery code unless you are recovering your account or changing your Steam guard.

    In more Detail:
    The page does look legit at first view, and as I was in a hurry I didn't give much thought about it, until it requested the Recovery code which alarmed me. But this might not be for all of you.
    Then I came back to have a closer look at this SCAM.

    So, if you go to the Site you will notice it is requesting your steam credentials.
    (PLEASE DONT GO IF YOU ARE NOT KNOWING WHAT YOUR DOING)
    Even to browse the Shop. (Why does a tournament site have a shop?)
    Matches played pointed to August which is not very actual.
    But the profile of who contacted, says he has not been playing CS:GO for two years.
    But in the steam message he says he is actually playing.

    Nevertheless it uses a debugger abuse script which will hinder you from using the browser’s website inspection tool,
    unless you know how to convert the breakpoint into a conditional breakpoint which never activates and also kill their loading loop.

    It looks like they are using the Steam OpenID api to initiate a logon with steam, as I got a steam recovery code.
    So definitely communication with steam going on and they have passed your credentials to steam to request from you your recovery code.

    If I have more time ill try to dig into the code of the page and see if I can get to its OpenID api key to report them directly by ID to valve.
    They hide behind CloudFlare which is a website protection service.
    And from what I can see the website went live there 5 days ago.
    Didn't they host tournament in August?

    I found this reddit post which describes this exact same scam.
    https://www.reddit.com/r/Steam/comme...stealing_scam/

    And here you have a youtube video pointing out the same scam with another tournament site, probably the same guys.
    https://www.youtube.com/watch?v=nKF7dD2Y9Cs

    So guys this is all I got.
    If I´m bored I will spend some more time on this, which currently i'm not. Perhaps I make myself an small bot which spams their openID logon form till Steam Shuts them down to make sure they stay down.
    I have reported them both to Valve/Steam and Cloudflare but I don't expect them to do anything. They probably will go live with another tournament site and start over again.


    REMBER: NEVER EVER USE YOUR RECOVERY CODE.


    Pictures:
    Chat:


    Steam Mail:


    Fake Steam OpenID Form:


    Historical Website data:

  2. #2
    Can I have your Tots Flow_Tactical's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Dec 2021
    Location
    Here
    Age
    31
    Posts
    18

    Default

    Don't forget Microsoft auth update with priority. People with ticket info are copying and falsifying certificates in order to bypass the auth. then identifying your accessories; charges, docks, everything like a guy did who was just in his early 20's, but left a trail unfortunately for him. I did not seek vengeance, but instead i kept the info on a usb that had a message in code bragging on what he did on an exe file in my resources. Easy fix and thanks to all the pioneers and cybersecurity buddies out there who have better things to do!

  3. #3
    Very funny Scotty, now beam down my clothes AOD Member AOD_BritishBob's Avatar
    Rank
    Specialist
    Division
    Lost Ark
    Status
    Active
    Join Date
    Oct 2014
    Posts
    693

    Default

    Please under no circumstances give your STEAM Guard Recovery Code to anybody or any website, other than VALVE´s own.


    This is the biggest thing in the thread. We all make mistakes and we've seen on discord peoples account being compromised fairly often.

    Never give out passwords/recovery keys and/or log into a site you aren't 100% sure is legit. Be mindful of the links you click.

    Even if a friend messages you, there's nothing to say that account also isn't compromised.



  4. #4
    Looks like I picked the wrong week to quit sniffing glue Ozzy0's Avatar
    Rank
    Forum Member
    Division
    None
    Status
    Active
    Join Date
    Dec 2021
    Location
    Lexington, KY
    Age
    32
    Posts
    35

    Default

    This happened to me just yesterday, a friend on my steam friends list sent me the same thing. The website for the e-sports team tourneys looks amazingly legit. Def be aware of this

  5. #5
    Knee High to a Worms Ass AOD Member AOD_Rin_Bexa's Avatar
    Rank
    Private
    Division
    Battlefield
    Status
    Active
    Join Date
    Mar 2021
    Location
    Saskatchewan, Canada
    Age
    46
    Posts
    10

    Default

    I really wish that our leaders (gov) would take hacking seriously. I learned the other day that people can hack tesla cars. Some guy in China showed how it's done on a tv show. It's THE crime of the future and nobody will do what they should about it. :(


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
vBulletin Skin By: ForumThemes.com
Top