Late on Thursday evening I received an email from an ex-Automattic friend who asked if my Steam account was compromised because he received a message from me saying,
DOC: What’s up mate
DOC: may i ask u favor?sorry for disturbing u btw
I don’t call anyone “mate”, I don’t use “u”, I use punctuation. It didn’t sound like me so it raised red flags immediately for him.
In a panic I checked my Steam account and I still had access to it. Steam Guard was still active and I hadn’t received any emails about changes to my account. Nevertheless I went through the process of changing my password.
A series of emails followed. I thought someone was impersonating my account but a screenshot showed the age of my account and account XP which is impossible (I presume) to fake.
Eventually I found out through a Reddit post that my account had been compromised.
There is a new scam going around where a friend will ask you to vote for a team to get the team into a competition for me it was Intel Extreme Masters they may use different names, but that is all I have encountered.Posted by u/Accurate_Heart
That rung a bell for me. About two weeks ago someone messaged me on Steam and asked me to vote in a team logo competition on a website called roplautstar .com. I’m not hyperlinking that website because it has since changed how it works and simply shows a “Sign in through Steam” dialogue box.
Clicking on that button shows a fake “Login through Steam” popup.
At the time I was first asked I didn’t fill in the form. I was tired after a long day at work. I worried about linking my Steam account to this random website just to vote in some silly competition. So I forgot about it. Unfortunately they got back to me a few days later and asked again. I reasoned that if my Steam friend’s account had been compromised they would have noticed in that time and it must be legit so off I went and happily entered my login details and Steam Guard code and thought nothing more about it.
Until Thursday night.
Those emails and the revelation my Steam account was hacked is very upsetting. I pride myself on being very paranoid about logins. Especially on Steam where there are all sorts of scams to steal tradable goods, buy giftable games or launder money and more. I’ve been online for more than twenty years. How the hell could I have been hacked?
You should be asking yourself that too. You couldn’t possibly be hacked.
This fake login was very good, but there were signs I ignored because I saw the familiar “Valve Corp” in the address bar. Turns out it’s just an image you can download.
I should have been wary of a popup asking me for my Steam login, but half the time I use Steam in my browser I’m logged out due to inactivity so that didn’t raise alarm bells. I should have opened Steam in a new window to check if I was logged in.
If I had clicked on any of the links in that popup I would have been alerted to the scam. Firefox wouldn’t load the page in an iframe and gave an error.
But I didn’t. Why would I?
The popup is very believable. It features the window decoration of Windows 10 (close/minimize/maximize button) which should have tipped me off as I’m using a Mac. If I had tried moving the popup I would have discovered that it can only move in the bounds of the “parent” window. Hovering over the drag bar at the top changes the mouse pointer or an icon showing horizontal bars I’m not familiar with.
They had access to my account for about two weeks. They messaged four Steam friends with the same message. Luckily nobody clicked the link and two people ignored the initial “What’s up mate” greeting. I wish they had warned me via other means. One person was messaged on October 2nd and she could have contacted me on Facebook.
I went through the messages of all my friends checking who it was sent me the original message but I couldn’t find it. Maybe I’m blocked from seeing their messages.
What do you do if this happens to you?
- Change your password immediately.
- Check this Steam API key page and make sure it’s blank.
- Check your Steam Friend Chat Log. You’ll see who you talked to recently but it only goes back 7 days from what I can see.
- Go through your friend list in the chat and see who is blocked.
- Unblock any you find and check that they did not get a suspicious link and tell them you were hacked. Tell them to change their password if they had entered their Steam credentials in that site.
- Check your Steam Login History. All my most recent logins are in Ireland except for about six that are all in Russia. Why doesn’t Steam alert me when I login from a different country?
- The Steam Account Data page is very useful. Thanks GDPR.
If you receive an unusual message from a friend try to contact them through some other means. Do you know them on Facebook or Twitter? There’s no harm, and they will be very relieved to find out there was a problem.
Be careful online. You will be hacked eventually.