Author Topic: Steam Hacker going around (Vote for my CSGO team?)  (Read 365 times)

Accounts have been getting compromised by people asking others to vote for their CSGO team on some stuffty site that steals your info. Wafflecake and I have both been hacked and are trying to do some damage control. Thankfully so far nothing was stolen from me, but they've been using my account to message and block people on my friend list with the same scam site.

Also some people I know have blocked me back, which is the main reason I'm making this.

If you've seen this scam, or heard of it, check your blocklist. Mine had 74 people on it, a good portion was other people from BLF. It used to be 2. Anyone know anything else about this hacker, or anyone that might be compromised? People that are hacked need to be contacted either off steam or through mutual friends.

yeah this is a known scam.

So there is a scam going around saying they'll give you free items if you advertise their raffle

but to get the "free items" you need to put in 10 dollars worth of skins as a deposit.

You won't get the free stuff lol

and if you don't fall for it they'll ask you to vote for their CSGO team instead and steal your stuff that way

had no inventory worth stealing lol, good thing they couldn't spend my money either

its a faked website. always always always check the url of any website you’re logging in on manually - you’re best off via typing in the url in manually if its short enough.

2fa/steam guard only protects you if you dont give the 2fa key away. phishing websites can and will spoof authentication pages (please enter your 2fa key, please confirm login on your 2fa device, etc).

and if you reuse passwords, change the passwords of all of the accounts you reuse your steam password on. the hacker(s) probably will try to use the passwords they phished to get into your email accounts or whatnot, esp if your email is public on your steam profile.
« Last Edit: February 03, 2021, 11:44:12 PM by Conan »

its a faked website. always always always check the url of any website you’re logging in on manually - you’re best off via typing in the url in manually if its short enough.
i got sent one of these too. i checked the link out of curiousity, it has a steam login prompt very cleverly disguised as a popup, when in reality it's just part of the website.


2fa/steam guard only protects you if you dont give the 2fa key away. phishing websites can and will spoof authentication pages (please enter your 2fa key, please confirm login on your 2fa device, etc).
I don't think this triggers 2FA somehow, at least, it didn't for me

if you're logging in with steam I don't believe it ever asks for a password

if you're logging in with steam I don't believe it ever asks for a password
it does, but it uses steam oauth - it should redirect you to steam.com and have your login complete there, then receive your steam oauth token. kind of like how you can log into some services with your google account - the actual google credentials never go into the site you’re logging into: the login is completed on googles page, then sends you back to the original websitr

its a faked website. always always always check the url of any website you’re logging in on manually - you’re best off via typing in the url in manually if its short enough.
as an extension of this, use a password manager. all of them that offer to fill passwords for you will only suggest logins for a website when you're at the correct address. that's literally how I noticed something was up when I got the link from rigel's haxx0r, the 1password menu didn't show me my steam login

i got a message like this and the only way i found out it was a scam was cause i alt tabbed to pause a video and aint see the window