Don't Be Fooled into a Cyber Attack Like I Was

Godric on 30/08/2018 - 11:30
Last edited 30/08/2018 - 11:31

Hello All,

I suppose this is just a friendly reminder to be vigilante while surfing through the big wide web and not be the victim of a cyber attack.

I consider my self to be well aware and conscious of the various means of cyber attack methods, how ever this morning i was frankly caught off guard after a cold night constantly sneezing my self awake in attempt to fight off another real life virus, the flu : (

I woke up this morning to a PM from a reputable steam user I've known for a while, they run game giveaways every week and I've won quite a few times, anyway this morning they had asked me to redeem 25 steam keys on their behalf as they were away from home and i figured, sure why not you've given me at least 30+ indie games in the past happy to help, (My morning just woken up brain of intermittent sleep + flu didn't think anything of it).

I entered the steam group, saw there was no one actively online then saw a web-URL, asked me to sign in with my steam account to use this code to redeem the keys, attempted to log-in with my steam ID and authentication key and of course it was not working, meanwhile moments later my steam account of 11 years, 350+ games & extensive inventory had been successfully hijacked and now am waiting for steam to respond to my account recovery ticket.

Never once have I had an account hacked before let alone given in to a phishing attack & it's quite scary!

Just wanted to drop a quick reminder for all to never get to comfortable or at least just be weary of what you are doing before you do it, as i was not :((

-GG

tl;dr
-OP is a noob

Internet Bad Godric Don't Do a Godric

Related Stores

Steam
Steam

Comments

  • trustnoone on 30/08/2018 - 11:44
    +2

    I'm wondering whether your 'friend' got hacked as well, probably high chance if they're getting access to yours that they will try the same thing to all your friends? Maybe good to hit up a few with a warning?

    Did you have 2 factor installed, I wonder if you can get it back if you have the steam app already preinstalled or through your web browser.

    But I do know what you mean, hackers are quite brutal with Steam, I used to get quite a few emails of attempted logins through my Steam, especially from RU IPs.
    I always try to check to make sure the URL is correct when logging in and is secured with a good certificate as well, but I'll be honest, sometimes it can be pretty easy to forget and almost get caught in the trap, a few times I've seen some pretty accurate paypal ones.

    Best of luck mate, hope you get your account back!

    • Diji1 on 30/08/2018 - 11:49
      +1

      Did you have 2 factor installed

      Sounds like no.

      • ATTS on 30/08/2018 - 14:37

        is 2 factor, the one you have to confirm code in email when logging in from new deviceS?

        • Godric on 31/08/2018 - 09:03

          Or by confirming via some authentication application, yes

    • Godric on 30/08/2018 - 12:01

      Thanks mate!

      I did have 2 factor set up, they managed to remove it with in 2 minutes.

      Typically I do those checks aswell but was in a groggy morning wake and cylinders were still firin up : ((

      • sheamas88 on 30/08/2018 - 12:23
        +1

        How could they get around 2FA unless they also had your recovery codes?

        • Godric on 30/08/2018 - 12:30

          Don't really know only thing i can think of is that i entered the auth code once, it then refreshed and entered it again then they used that some how.

        • Hazzard on 31/08/2018 - 18:52

          @Godric: Could it be that they obtained the authentication code the same way they obtained your login details? Maybe someone at the other end of that website was monitoring your input data and as soon as you entered the authentication code, they knew it and immediately verified themselves before it expired?

        • Godric on 31/08/2018 - 19:25

          @Harshad:

          That's what i was getting yet, that's all i could really think of

          Recovery codes aren't required to remove 2FA from steam

    • Godric on 30/08/2018 - 12:32

      You are correct with regards to that user also being hacked; https://steamcommunity.com/id/JohpoJohannes

      They've posted it on their personal twitter aswell, GG

      • payton on 30/08/2018 - 12:36
        +1

        From my pov I'm a funny, crazy and perverted guy with a very dark humour

        From their steam profile
        Just 'friends' eh :p

  • psyren89 on 30/08/2018 - 11:57
    +3

    this is just a friendly reminder to be vigilante

    We have enough of those on the internet…

    • Godric on 30/08/2018 - 12:01

      k

      • hashtagbargain on 30/08/2018 - 12:43
        +3

        I think you meant to say vigilant.

  • Lysander on 30/08/2018 - 12:23
    +3

    More to the point: how do you redeem 25 keys on behalf of someone else? You would need all their info, too, in order to do that. Why then do you log in with your Steam details?
    This story sounds a bit funny to be honest.

    • Godric on 30/08/2018 - 12:31

      I don't know wasn't thinking.
      Actually I thought the 4 digit code they requested me to use was sufficient

      It was a measure of logging in with your steam account when visiting TTP website but this time was a phishing page.

      • AlienC on 01/09/2018 - 12:16

        It's ok mate we have all been there.

        I pray everyday that I don't wake up super groggy and pull something like this off.. I have been very close trust me but luckily it was to a trustworthy friend and I confirmed their validity via discord.. basically I don't do that stuff for people I don't know or cannot verify via voice chat.

        Friends with a few giveaway groups and their members/admins but definitely never done something as stupid as this thankfully..worst one was giving away some assassin's creed black flag keys because I felt generous and bought extra.. but I put that one down to just good karma at the end of the day and made somebody very happy :)

Login or Join to leave a comment
Login Join