Pinterest Stumbleupon Whatsapp
Ads by Google

Steam is awesome, don’t you think? Praise GabeN. The glorious PC Master Race marches on and the only thing that is crying is my empty, abused wallet. I even traded the moths I’d been keeping for sustenance for a copy of Tropico 4. Because I needed it. Steam is unrivaled in its universal provision for gaming 5 Secrets Of The Steam Client That You Should Be Using 5 Secrets Of The Steam Client That You Should Be Using Are you sure that you're getting the most out of your Steam client? If you aren't careful, there are some really useful features and tools that you could be looking over. Read More , delivering us titles new and old, insane deals on games 5 Ways To Make Sure You Get The Best Deals On Steam Games 5 Ways To Make Sure You Get The Best Deals On Steam Games Steam is known for being super convenient for managing one’s video game library, and it’s also useful in a few other ways, but did you know that with a bit of effort you can obtain... Read More we never would have considered, a boat-load of features 8 Steam Features You Didn't Know You Had 8 Steam Features You Didn't Know You Had You probably think you know how to use Steam pretty well. As with any piece of software, there are features you use everyday, and those you don't know you have until you look. Read More , with an enormous multiplayer community to boot.

GabeN

The only downside – aside from the wallet ravaging – is the potential for ne’er-do-wells attempting to scam you, be it for games, items, or cold hard cash. We’ll take a look at the most common scams and how you can stay protected.

Phishing

Phishing scams What Exactly Is Phishing & What Techniques Are Scammers Using? What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More probably form the majority of Steam related theft and the scope of the attack can vary depending on scammer sophistication. The massive amount of games bought and sold through Steam can make things interesting – add in the millions of in-game items for global titles CS:GO, Dota 2, TF2, and others, and you quickly understand the potential scope for phishing.

Savvy scammers operate in the common trading posts such as TF2Backpack, csgolounge, dota2lounge, SteamGameSwap, GlobalOffensiveTrade, and plenty of other less frequented key-trading sites are targetted. Luckily, they are largely easy to spot:

Hi [insert username], my friend is a really good lad, but cannot add you as a friend. He receives an error “exceeded limit add friends for one day” – but he’d really love to trade with you. Could you please add him, instead? His user name is staemcommunnity.com/id/imstealinyoshizfool/

Ads by Google

Or something along those lines. Note the bold aspects of the user-name: it’s small differences like this that should alert you to a potential phishing scam New Phishing Scam Uses Scarily Accurate Google Login Page New Phishing Scam Uses Scarily Accurate Google Login Page You get a Google Doc link. You click it, then sign in to your Google account. Seems safe enough, right? Wrong, apparently. A sophisticated phishing setup is teaching the world another online security lesson. Read More . Just to be sure, Steam operates on the following sites:

Additionally all official Steam pages are secured with an Extended Personal SSL Certificate What Is an SSL Certificate, and Do You Need One? What Is an SSL Certificate, and Do You Need One? Browsing the Internet can be scary when personal information is involved. Read More – think HTTPS and a big green padlock with Valve Corporation, and you’ll be thinking safe. If the spelling is off, if the grammar is terrible, and if you’re asked to upload a file, you’re likely in the midst of a scam. Back up!

Valve Enhanced SSL

Remember, Steam is just like the real world: if it seems too good to be true, it probably is. If someone is offering you a copy of an awesome AAA game that’s just been released, and you don’t know them, question why they are doing it. I’m all for trusting people – but on the Internet, no-one knows you’re a dog.

Upload a File

Part of the latest phishing scams will see a scammer impersonating a Steam employee. They’ll ask you to locate a specific file, then upload it to them.

The SSFN file helps you avoid having to verify with Steam each time you login – giving it to a scammer allows them to bypass any security restrictions such as Steam Guard Steam Family Sharing: How Do You Use It? Steam Family Sharing: How Do You Use It? There’s an important new weapon in Steam’s arsenal: Family Sharing. What is it, and how does it work? Read More . This type of attack works in conjunction with a fake or hijacked profile, and a fake login screen to steal your password. As you can now guess, providing that file to a scammer is essentially gifting the keys to the castle.

Steam SSFN

This attack is becoming slightly less common as Steam users become aware, but it is still worth reading up about. As mentioned in the previous section, Valve/Steam will never ask you to upload a file. Anyone who does ask should set alarm bells ringing.

Software

Software scams are still a massively profitable source for scammers. These types of attacks usually focus on obtaining your password through use of a keylogger. The comments of popular YouTube gaming channels are full of them, as well as the myriad “check this totally 1337 h4ck for free steam gift duplication lol!!111.” Any links here are spyware, malware, keyloggers, viruses, and everything else in-between.

Is there a way to avoid this type of attack? Of course: don’t be silly. There are no Steam item duplication tricks. Free items are not waiting for you. Be sensible and avoid these like the plague – it could be a lot more than your Steam account and games you end up losing.

Of course, it might not always be through another site. Software scams can appear within Steam using a hijacked account. You’ll be added by a legitimate account, complete with a good Steam score, no VAC bans, a healthy amount of play time and a similarly healthy amount of games. The file you might be sent will be the mask for a virus-laden site, or as an infected .exe, .bat, .dll, or .scr file.

Be wary when added out of the blue by someone you don’t know and they attempt to send you a file early in the chat. That said, be careful when anyone tries to send you a file in general!

Impersonation

Each and every Valve employee in a forward facing community role will feature either a Valve Employee badge, or a Volunteer Steam Community Moderator badge. You can check individuals out through their profiles. If they have a badge, they are legitimate. If not, close the window.

Steam Verified Account

A Steam or Valve employee with never ask you for your password, or any other files for that matter. They certainly won’t threaten you if you don’t provide the information they desire. Individuals impersonating Valve employees will often feature [Valve] or [Steam] or [Verified] or something similar as their user name – clicking it will reveal their actual profile where you can verify their real identity.

Scammers can also research your friends list and impersonate them, replicating the user name with a slight spelling difference. Once your trust is gained, the scammer may ask to “borrow” an item that you’ll never see again once the trade is made.

Money

These work pretty much exactly the same as any normal scam. Someone approaches you through Steam, asking if you want to trade those sweet rare TF2 hats, or similar items. You agree and head to the Steam trading area, only for the person you are trading with to announce that they will pay you outside of Steam, through PayPal, once the trade has complete within Steam.

SteamRep Affiliates

This should immediately set alarm bells ringing!

If you need to complete a trade outside of Steam for whatever reason, then I would suggest using a middleman – though you still need to be careful here, too.

The middleman should be a verified person, trusted by both parties. Each individual can deliver their article for trading to the middleman and they can in turn pass it forward. However, some scammers are wise to this and will suggest a specific, Steam verified middleman. Once you agree to use said middleman, you’ll be added by someone with an extremely similar user name. Once you pass your portion of the trade to them you’ll be deleted, losing your item/game/cash.

If someone does suggest a middleman, and they have contacted you first, be wary. Community fraud prevention site SteamRep.com provides a verified middleman list – though they are not entirely affiliated with the site itself.

SteamRep Search

You can also search an individual users account details using the SteamRep search function. It provides details on that persons account status, any bans, their friendship lists, their friend-list bans and more. Worth a little check each time you enter into a trade.

Reddit Long-Con

Okay, so maybe not a real long-con, but there is some serious work going into this type of scam. A scammer, or scammers, create a subreddit 6 Awesome Subreddits That Deserve More Than 20,000 Subscribers 6 Awesome Subreddits That Deserve More Than 20,000 Subscribers There's a subreddit for just about anything, but the hard part is finding them. Here are six awesome subreddits that lie under the radar, but deserve the bragging rights to 20,000 subscribers. Read More dedicated to trading for a specific game. They go so far as to curate false accounts, updated comment threads, even using custom CSS to provide an air of authenticity.

Buried within the erroneous subreddit will be several links to the scammer’s phishing sites. Remember the slightly misspelt names from our earlier phishing section? These subreddits will be rife, making dodging a potential attack pretty damn hard.

You can read more about this Steam scam here.

Chargeback

This is another somewhat common Steam scam attempt, utilizing PayPal to rip off the would-be trader. It usually goes down like this:

  1. The scammer adds the trader on Steam.
  2. The scammer initiates conversation, asking the trader for an item whilst insisting on using PayPal to process the transaction.
  3. The scammer actually pays through PayPal. The trader sees this, acknowledges and releases the item to the scammer.
  4. The scammer uses PayPal’s chargeback function to wrest the money back, claiming to PayPal the item was never received.
  5. The scammer deletes and blocks the trader. The trader loses.

Watch out for this one. It is relatively common due to its ease of use and minimal technical knowledge.

Roundup

Get your digital guns and blast anyone that contacts you through Steam.

Or, just be careful out there. If you are approached by a stranger, be somewhat wary. Not everyone is out to steal your items, and many are genuine traders looking to support themselves, or their gaming. As with real-life, don’t sign off on anything, don’t give anything, don’t remove anything, don’t pay for anything until you are completely certain this deal is for real.

Have you been scammed on Steam? Did you get your items back? Did you report the user? Were Valve helpful following the theft? Let us know below!

Image Credits: Bear trap Via Shutterstock

  1. mark
    January 17, 2016 at 1:11 pm

    They ought to get RID of this gaming platform nothing but trouble! I did forget my password and managed to remember it...only to find that it no longer accepted it! I wanted to put my games on a secondary computer but no it is far more inconvenient than its worth.
    The people running this service should be shot, as well as the companies whom put their games for sale on there.

  2. Gavin
    April 24, 2015 at 2:10 pm

    You're right, Epiquestions. Readers should be careful of this, too.

  3. epiquestions
    April 23, 2015 at 10:24 pm

    You forgot to mention the bots (not hijacked) that add you as a friend and messages you they want to trade posting links to "screenshots of their items" (tiny url and the like) that lead to websites that prompt you to download an executable file.

  4. kt
    April 23, 2015 at 7:15 pm

    I used to love Steam, but not so much any more. I still can't get it to run correctly on a non-ubuntu Linux machine.

    • Slashee the Cow
      April 24, 2015 at 11:29 am

      I've managed to get Steam running fine under Fedora and Arch (as well as Ubuntu and Debian). It's in the repos of many distros, so it shouldn't be too hard.

Leave a Reply

Your email address will not be published. Required fields are marked *