Scammers using new technique to bypass Valve's Steam Guard

[rhodestech]

I hope Valve fixes this as soon as possible. 

 

"Valve has in place a protection mechanism for stopping strangers using your account but this new phishing method bypasses its so-called 'Steam Guard'. You will see Steam Guard employed when you log into a PC you haven't used before with your Steam account. If you haven't seen it before all it does it pop up a window to input a verification code which it has sent your registered email address. No code – no logging to Steam from your new computer." 

 

 

 

 

Source - hexus.net - http://hexus.net/gaming/news/pc/68841-scammers-using-new-technique-bypass-valves-steam-guard/

[flibberdipper]

Nooooo My $7.00 account is at risk!

[MrYuriy]

I hope Valve fixes this as soon as possible. 

 

"Valve has in place a protection mechanism for stopping strangers using your account but this new phishing method bypasses its so-called 'Steam Guard'. You will see Steam Guard employed when you log into a PC you haven't used before with your Steam account. If you haven't seen it before all it does it pop up a window to input a verification code which it has sent your registered email address. No code – no logging to Steam from your new computer." 

 

 

 

 

Source - hexus.net - http://hexus.net/gaming/news/pc/68841-scammers-using-new-technique-bypass-valves-steam-guard/

I don't see the importance level of this being high.. But I guess some are more inept than others.

This confirms my two theories:

• If there's a will, there's a way

• There's a bypass for everything.

 

..Interesting read, though. Thanks for the post sir.

[consoleconvergence2pc]

This happened to me a few months ago, i just verified myself by sending email and confirming it.

But i think someone got into my account because steam showed their ip address and location where they accessed my account 

[rhodestech]

I don't see the importance level of this being high.. But I guess some are more inept than others.

This confirms my two theories:

• If there's a will, there's a way

• There's a bypass for everything.

 

..Interesting read, though. Thanks for the post sir.

 

I think any vulnerabilities should be publicized, so that the company in question are even more inclined to fix it as soon as possible. 

 

No problem!

[MrYuriy]

I think any vulnerabilities should be publicized, so that the company in question are even more inclined to fix it as soon as possible. 

 

No problem!

Oh yes, you are totally right. People should always be totally aware of what they are dealing with.

[ShiverMePenguins]

So.... Don't click obvious bait links?

[geogga]

This happened to me a few months ago, i just verified myself by sending email and confirming it.

But i think someone got into my account because steam showed their ip address and location where they accessed my account 

what happens when you do get their ip address and location? Does steam do something to them after you tell them it wasn't you (with some logical reasoning to the support agent)?

[Bonsai99]

Geez they are just making articles about this now? Pretty sure this has been out in the wild for a month or more.

[consoleconvergence2pc]

what happens when you do get their ip address and location? Does steam do something to them after you tell them it wasn't you (with some logical reasoning to the support agent)?

Nothing really happened.

I just confirmed it was my account via email and was back to using my steam, though i did have to change my password  :wacko:

[mgsstar]

This is out for a while now and I always get misspelled links from random people who add me telling to add the person as he cannot trade. Just have to be careful of the links that you go to.

[BalloonZaptor]

This is out for a while now and I always get misspelled links from random people who add me telling to add the person as he cannot trade. Just have to be careful of the links that you go to.

Same here I have been getting them messages since January of this year by now I've probably got close to 50 of them messages.

[Ryou-kun]

http://www.ign.com/articles/2014/06/27/phishing-scam-targets-steam-logins-ssfn-files

 

http://www.kitguru.net/gaming/security-software/matthew-wilson/steam-phishing-scheme-can-bypass-two-factor-authentication/

 

Hmm, I am surprise no one has made a thread about this.

 

What do you guys think about it?

[Legion]

I can't believe people fall for this crap..

[Ryou-kun]

I can't believe people fall for this crap..

You mean the article or this stupid phishing?

[StingBull]

This same scam has been done multiple times before. It's all the same, manually upload a file from your PC. Like any company would ever ask you to do that!

 

I think it shows how well secured Steam is if user stupidity is the only real weakness.

[Hans Christian | Teri]

The reason no one has made a thread about this is because no one here is stupid enough to fall for it. (Alright that might be somewhat optimistic)

[Ryou-kun]

The reason no one has made a thread about this is because no one here is stupid enough to fall for it. (Alright that might be somewhat optimistic)

That may be true.

I guess only the people who is new to Steam?

[Almercenary]

hmmm, hmmm. You'd have to be an idiot.

[XTankSlayerX]

Top comment on IGN

 

I guess you could say the victims would be...
(•_•)
( •_•)>⌐■-■
(⌐■_■)
steaming mad.

[xAcid9]

i remember someone posted this exploit many months ago.

[BernardoSLR]

Anybody who falls into a blatant trap like this should have their account taken from them. I mean, you don't fall for things like this where you could get your bank account credentials stolen do you? The same thing applies for Steam. If you are silly enough to upload a file like this just to get some "free games" or something like that, you are truly stupid.

[MrCthuntoo]

I'm surprised the article makes no mention that you can deauthorize all machines trying to log in with your account.

 

Would be a good idea for those who are not so knowledgeable of these thing to be aware of this.

[mr moose]

I can't believe people fall for this crap..

 

 

The reason no one has made a thread about this is because no one here is stupid enough to fall for it. (Alright that might be somewhat optimistic)

 

 

hmmm, hmmm. You'd have to be an idiot.

 

 

So you guys just haven't considered there are more diverse people who use steam than just self-centered teens.  My son who suffers a language delay would fall for this easy, but his innate intelligence would leave most of you for dead.   You don't have to be stupid or simple or and idiot to fall for this.

[mr moose]

Anybody who falls into a blatant trap like this should have their account taken from them. I mean, you don't fall for things like this where you could get your bank account credentials stolen do you? The same thing applies for Steam. If you are silly enough to upload a file like this just to get some "free games" or something like that, you are truly stupid.

please see the above post and stop being ignorant.