Dear all,
I would like to report an Steam account theft attempt / Steam VOTE MY TEAM SCAM and spell out a warning to you all.

Please under no circumstances give your STEAM Guard Recovery Code to anybody or any website, other than VALVE´s own.
No tournament site, no affiliated site or any related site should be requesting from you the STEAM Guard Recovery Code. Never use your Recovery Code for anything other than what it is intended to. (Switching mobile, lost account etc..)

The facts:

I´ve been approached by an account which I know from AOD to vote for his team on an
CS GO website for a tournament.
Once I got there and tried to vote for the team.
Then I was requested to logon with my Steam Credentials.
(Which most probably has compromised them. - So be aware of your passwords.)
The thing is, instead of requesting my STEAM Guard code to complete my authentication, it is requesting my recovery code to transfer or deactivate my STEAM Guard.
Which I obviously did not.
I received several SMS from the Steam System sending me my Recovery Code which I did not request. Also I got notified by Mail.
It looks like the website with my credentials triggered the recovery function and was going to deactivate my STEAM Guard.

Please NEVER use your Recovery code unless you are recovering your account or changing your Steam guard.

In more Detail:
The page does look legit at first view, and as I was in a hurry I didn't give much thought about it, until it requested the Recovery code which alarmed me. But this might not be for all of you.
Then I came back to have a closer look at this SCAM.

So, if you go to the Site you will notice it is requesting your steam credentials.
(PLEASE DONT GO IF YOU ARE NOT KNOWING WHAT YOUR DOING)
Even to browse the Shop. (Why does a tournament site have a shop?)
Matches played pointed to August which is not very actual.
But the profile of who contacted, says he has not been playing CS:GO for two years.
But in the steam message he says he is actually playing.

Nevertheless it uses a debugger abuse script which will hinder you from using the browser’s website inspection tool,
unless you know how to convert the breakpoint into a conditional breakpoint which never activates and also kill their loading loop.

It looks like they are using the Steam OpenID api to initiate a logon with steam, as I got a steam recovery code.
So definitely communication with steam going on and they have passed your credentials to steam to request from you your recovery code.

If I have more time ill try to dig into the code of the page and see if I can get to its OpenID api key to report them directly by ID to valve.
They hide behind CloudFlare which is a website protection service.
And from what I can see the website went live there 5 days ago.
Didn't they host tournament in August?

I found this reddit post which describes this exact same scam.
https://www.reddit.com/r/Steam/comme...stealing_scam/

And here you have a youtube video pointing out the same scam with another tournament site, probably the same guys.
https://www.youtube.com/watch?v=nKF7dD2Y9Cs

So guys this is all I got.
If I´m bored I will spend some more time on this, which currently i'm not. Perhaps I make myself an small bot which spams their openID logon form till Steam Shuts them down to make sure they stay down.
I have reported them both to Valve/Steam and Cloudflare but I don't expect them to do anything. They probably will go live with another tournament site and start over again.


REMBER: NEVER EVER USE YOUR RECOVERY CODE.


Pictures:
Chat:


Steam Mail:


Fake Steam OpenID Form:


Historical Website data: