Back to Today's Deal

My Steam account was stolen.


wrestling superhero memes also count, well done.


Yeah, I haven’t had any funky messages in about a whole day now. Yay!


:thinking: Should I send some? just to throw people off?


The element of surprise would be gone for pranking us, but you’d probably still get many others by doing it. :laughing:


So everyone, I hope, learned a valuable lesson. :man_student::woman_student:Watch out for links and COME IN HERE and ASK!!! If you have to wait a bit for an answer, so be it! It’s not worth that “free game”…


I am still humbly ashamed I risked my computer’s life for a free copy of terraria.

I mean PUBG I can understand cause its not worth buying…


I think I got offers for GTA V, PUBG, and something else. It’s funny because a friendly Chronie had gifted me GTA V in the past, and I had no interested in the others…

Now for Terraria, that’s a different story… lol… (I haven’t bought it yet b/c I think it will be a time draine on my already limited schedule)


I was thinking…:thinking: I know, I know…

Might not be a bad idea for everyone here use the Chrono/Discourse PMs instead of Steam for MOST things. I know if you are playing games together…whatever… But for the most part use Chrono instead of steam. It might be a bit safer…

Just a thought!!!


At the end of the day, I think the lesson to be learned is to ALWAYS have some level of caution when talking online. Unless you can physically see someone’s face or recognize their voice, you have no idea whether you’re dealing with the actual person or an imposter until they’ve sent enough messages that you can catch some weird/unusual behavior, and you definitely won’t find out 100% for sure until after the whole thing has boiled over.

If you see a link, read it first. If you’re not sure, don’t click. If it sounds uncharacteristically good, back up-- missing out on an unexpected $20 gift is a lot better than losing out on $200+ of slowly amassed games and a friends-list of vulnerable phishing targets. If you see a message that’s a bit odd, double-take a bit. As a last resort (as @delenn13 said), reach out over Community-Chrono and send a PM to see if there’s something going on. The absolute worst part about this thread is that, by sharing each other as friends, each hijacked account kept passing on the message, so it spread like wildfire throughout this forum.

Security’s a big deal these days, and as demonstrated here, the walls of “safety” are constantly shifting as blackhats get smarter. Stay safe out there.


I don’t want to make it like I was a prophet or something… but I addressed this issue in October. Of course not everyone will check it, but it seems to be the same thing with a bigger radios and strength this time around…

Always check if your browser shows the Valve corp [US] before proceeding to such kind of things in the future


I hope all of you got this thing resolved by now and got your accounts back.


There was an interesting r/Steam thread a few weeks ago about phishing accounts like what seems to have happened here by using a phony popup that appears to load the real Steam login page. It looks like mod purged the original post so it got delisted from the subbreddit but you can still view it using the thread’s permanent url. Don’t put your Steam login info into any urls mentioned in that thread of course.

What happened in that post is that there isn’t actually a browser popup window at all that loads the fake page. It’s a page element that creates a popup object on top of the webpage that looks like the popup window that your browser would create. Since it’s all a simulated browser window that means the url will appear to be Steam’s and even have a nice security certificate because… the scammer that made the phishing page just used a plain old picture of the url bar in their popup page. You won’t notice anything out of the ordinary unless you try clicking and using the url bar. When you try logging in using the phishing form they’ll change your login info and lock you out of it by automating the sequence of changing your account information on Steam. Then they steal your items, spam your friends the same phishing page that got you, and may eventually sell your account though grey market sites if you can’t recover it.

If you’re already logged into Steam in your browser, Steam will never ask you to login again when you reach the authorization page for 3rd-party access. The phishing pages always will. If you’re unsure of the legitimacy of the page you’re on you can open a new tab and go to the Steam website and login and then go back over to the tab with the suspect page. Reload the page or use the back button and click through to the authorization page again. If it’s still asking for you to login instead of asking for you to click the confirm with a button then it’s not a real Steam page.

Using Steam Guard makes phishing this way much more difficult because the confirmation codes have a short lifetime before expiring and a new one appearing. You can still have your account hijacked if you submit a confirmation code to a phishing page but you should still be using Steam Guard because that code only gives the scammer a limited time to hijack the account. They have unlimited time if you send them your Steam account name and password when Steam Guard isn’t enabled.

You really only need to have a mobile device to use Steam Guard. It does require a phone number that gets sent a text message with a code to finalize setting up the app. Once. After that you can use Steam Guard on a device that doesn’t have internet or cellphone service. This means you can have someone like your parent’s cellphone receive the text message. Since the phone number acts as an alternative recovery option you want to have someone you trust and that’s going to keep the phone number in service when you do this. Be aware that VAC bans get applied to each account using the same phone number when the ban is applied so might want to ask your grandma instead of your 13 year old brother that downloads hacks to receive the text message used when enabling Steam Guard in the app on your device. :ok_hand:


Preach it, GiU! You have to be a curmudgeon on the internet or they’ll getcha getcha getcha.

The phone, too. I got a call the other day informing me I’d been selected to receive a “bonus tax rebate”, and how did that sound? I said it sounded like a scam and she just hung up right then and there.

#114 one way or annother they will try to getcha xD


This is how this stuff happens. All they need is to hard sell one sucker to use their link and gain access to said sucker’s account and then they can easily reel in all sucker’s friends.

If the link is not recognizable I would not enter any account/personal information. If it is too good to be true, then it probably is. Remember, steam keys are used by steam, not the other way around.

I would recommend verifying these kinds of situations by using another contact method of said friend and googling the website with scam.


Also, depending on your communications patterns, it can be very easy to recognize spam. If I get a message asking me to do something or go somewhere that doesn’t address me directly by name, it’s not from a friend. Maybe a generational thing, though. But everyone trends towards a certain “voice.” Just know how your friends communicate and recognize if a message doesn’t follow their speech/typing pattern.


:thinking: what if My friends don’t communicate?


Then clearly they’re not going to be sending you any free games or shady links either.


Yes, I highly recommend keeping only a few good friends. Some people have friends lists so long they couldn’t tell you who everyone is. But with a healthy dose of introversion and social anxiety, you too can be free from the risk of imposters. Prune those friends lists like the bonsai trees they were meant to be.


You’re preachin’ to the choir…


Also introvert here. Before adding you Chrono dudes and dudettes, I had like maybe 4 Steam friends, if so much.