Account Stealing

[Bamarin [IT]]

Today a guy called Nyan wrote me:
Nyan: Hi. My friend have good offer for you. Add him, please. He can't.
steamcommurity.co/id/rainbowdota
(don't log in that site or your accound could be stolen)

i checked the site and i tried to add him, i log in and a pop-up said to instal SteamGuard i installed and launched it but nothing happened. then i wrote him:
Bamarin [IT]: what kind of offert? TF2 trades?
Bamarin [IT]: ah dota trade sure
Bamarin [IT]: well i can't neighter, i need to log in but then it ask me to instal steamguard and then i still can't access
So i checked the URL and i saw that instead of community there was commurity with R. I wrote him again:
Bamarin [IT]: u **** asshole
and i wrote to steam support.
If somone tell you something like this, befor you write any password, remember to check there's this before the URL and write to SteamSupport if you think someone is stealing your account also go to his profile and click on other>signal violation>suspected of phishing or stealing account

 

[Deleted member 5920]

Thanms for the heads up

 

[Minilarro]

Wow, thanks for sharing. Would hate if someone stole my account with games worth 300-450 euros worth 3:

 

[Mannerwaffel]

My brothers account got phished by a method like that but it happened over TF2 Outpost and not over steam directly.

 

[Creepis]

Here's another method phishers use nowadays:

From a /r/Dota2 Reddit thread: (original http://www.reddit.com/r/DotA2/comments/2enzhh/warning_new_scamming_methodvariation/)

Before your proceed to dota2lounge I suggest you do not click any of the said infected ".png" links that are in the comments.You've been warned.

http://dota2lounge.com/trade?t=123190149[1]

You can see it done here. Essentially, the scammer gives a screenshot of his "offer". Once you click it you auto-download the "picture". If you open/run the file, it will likely have some kind of malware to either steal your items/account. If it weren't for the extremely suspicious looking account, my trading experience, and my sheer mistrust of surprise downloads, it's quite likely I would've fallen prey to this. Becareful and spread the word!

Here's how it works

If the name "exe" "sbv" "rcs" "tab" "raj" is anywhere in the name, don't click it. If you can think of any other programs that can execute anything without you knowing, reply here.

Example: http://gyazo.com/c37798010a5e618ae9afb3944593c70a[1]

It opens an invisible web browser that automatically offers your items up to trade to someone else. It uses your currently logged in account or the session ID, and it searches your profile for "regex 7656119[0-9]{10}%7c%7c[A-F0-9]{40}", which is saying 765611910 then digits up to 10 times, or A-F and/or 0-9 up to 40 times. It searches your backpack through the "/inventory/json/GAMEID such as 520 or 730/2/" format (this is safe, so if you want to look it up yourself to see what it looks like, go to your profile and add it to the end of the url).

 

[Bamarin [IT]]

...So i block my account untill it's safe, steam support will advise me and i hope asap, but i don't know how much it can take so for now i can't play PERPheads

 

[Nas]

Lol, I've been hacked like this once like 7 months ago...

 

[John Daymon]

I've never ever been scammed simply because; my friend cant add you. They can add you. Second; i never click on links

 

[Hax]

http://steamcommunity.com/profiles/76561198151710619/ < Scammer. If you got him, delete & report ASAP.

 

[Bamarin [IT]]

http://steamcommunity.com/profiles/76561198151710619/ < Scammer. If you got him, delete & report ASAP.

http://steamcommunity.com/profiles/76561198148516256/ < Him too

 

[Ruby]

Thanks for the heads up. My current main steam account was once hijacked with this phishing method at 2008. That's how old this method is and people still fall for it, it's funny. Even though you can recover your account at any time, it's best to do it as fast as you can, if the hacker uses cheats on it and gets the account vacbanned, the Steam Support won't revert that. Happened to my friend once. Just letting you know.