Originally posted by Crazy Tiger:

Originally posted by Binne:

I’d be very interested to hear if anyone has ever received a response from support after reporting a scammer — particularly one that resulted in action being taken.

You're not getting info on that, Steam Support does not share that.

Usually accounts involved are hijacked or burner accounts. Support does lock them, but that does not stop the actual scammers since they don't use their own accounts.

You're looking for a false sense of justice here.

After submitting my report, I received a prompt response from Steam Support stating, "We will notify you if action is taken against this user." So I believe your statement might be incorrect, unless support is simply giving false hope.

My hope was that the newly created account where my items ended up would be trade banned during the 7-day trade lock period. Unfortunately, that didn’t happen, and now all of my items have been moved or sold off the account.

Originally posted by Dura_Ace:

I was robbed.....

when i gave away my log in details to some scammer.

That is the case in 9/10 "i was hacked" threads. People are inherently greedy and like free stuff so with the "promise" of free crap they are directed to some thing party site to log in with their Steam details. That is when all rational thought goes out the window since all they see now is "free stuff".

Welcome to the internet where not many are your friends but all want your money or things.

Painful lesson but one that you had to go through, obviously. Good that it was only a few skins. Imagine your entire bank account being drained or all of your life savings. That would really suck. Be glad it is only a few skins.

You might be right that scammers often exploit greed as an entry point, but I believe many scams also target people simply trying to be kind or helpful. In my case, an old friend messaged me saying he wanted to play CS, which made sense since I had just started playing again after years away since the 1.6 era.

Unfortunately, his account had been compromised, and he sent me a phishing link to a fake Faceit page. After I linked my Steam account to the site, he suddenly said he didn’t have time to play. I now recognize this as classic scam behavior. Still, I never approved any login or action through my phone’s 2FA.

However, later that same night, there where a successful login from Moscow—and all my items were gone.

If this kind of phishing led to unauthorized access to someone’s bank account, it would likely make headlines, at least in my country.

Originally posted by Binne:

Originally posted by Crazy Tiger:

You're not getting info on that, Steam Support does not share that.

Usually accounts involved are hijacked or burner accounts. Support does lock them, but that does not stop the actual scammers since they don't use their own accounts.

You're looking for a false sense of justice here.

After submitting my report, I received a prompt response from Steam Support stating, "We will notify you if action is taken against this user." So I believe your statement might be incorrect, unless support is simply giving false hope.

My hope was that the newly created account where my items ended up would be trade banned during the 7-day trade lock period. Unfortunately, that didn’t happen, and now all of my items have been moved or sold off the account.

You might get a generic "An X you reported has been actioned", yes, but that's all. You will not get any details or information on what action was taken and such. I know that, cause that's how Steam Support works for a long time now.

Don't "hope" for things to happen. As said, that's just looking for a false sense of justice.

Originally posted by Binne:

If this kind of phishing led to unauthorized access to someone’s bank account, it would likely make headlines, at least in my country.

Really? A run-of-the mill phishing scam that is ages old and that every bank in existence warns about would make headlines?

Originally posted by Binne:

Originally posted by Dura_Ace:

I was robbed.....

when i gave away my log in details to some scammer.

That is the case in 9/10 "i was hacked" threads. People are inherently greedy and like free stuff so with the "promise" of free crap they are directed to some thing party site to log in with their Steam details. That is when all rational thought goes out the window since all they see now is "free stuff".

Welcome to the internet where not many are your friends but all want your money or things.

Painful lesson but one that you had to go through, obviously. Good that it was only a few skins. Imagine your entire bank account being drained or all of your life savings. That would really suck. Be glad it is only a few skins.

If this kind of phishing led to unauthorized access to someone’s bank account, it would likely make headlines, at least in my country.

Bank account phishing has been prominent since 2008 and is an ancient concept. This existed long before the Steam Market was even a thing and people are warned by their banks and through general emails about phishing targeting their payment providers.

Phishing is everywhere where there is a profit to be had and banks do not compensate incompetence like they used to. It's one thing losing a few items and wallet funds on Steam but people have ended up losing their life savings simply through automated phishing scams.

Originally posted by Crazy Tiger:

Originally posted by Binne:

After submitting my report, I received a prompt response from Steam Support stating, "We will notify you if action is taken against this user." So I believe your statement might be incorrect, unless support is simply giving false hope.

My hope was that the newly created account where my items ended up would be trade banned during the 7-day trade lock period. Unfortunately, that didn’t happen, and now all of my items have been moved or sold off the account.

You might get a generic "An X you reported has been actioned", yes, but that's all. You will not get any details or information on what action was taken and such. I know that, cause that's how Steam Support works for a long time now.

Don't "hope" for things to happen. As said, that's just looking for a false sense of justice.

Originally posted by Binne:

If this kind of phishing led to unauthorized access to someone’s bank account, it would likely make headlines, at least in my country.

Really? A run-of-the mill phishing scam that is ages old and that every bank in existence warns about would make headlines? :lunar2019deadpanpig:

Of course, I could be wrong, but if there were a phishing scam capable of bypassing my bank's two-factor authentication, I think it would be making headlines.

Originally posted by Binne:

Originally posted by Crazy Tiger:

You might get a generic "An X you reported has been actioned", yes, but that's all. You will not get any details or information on what action was taken and such. I know that, cause that's how Steam Support works for a long time now.

Don't "hope" for things to happen. As said, that's just looking for a false sense of justice.


Really? A run-of-the mill phishing scam that is ages old and that every bank in existence warns about would make headlines? :lunar2019deadpanpig:

Of course, I could be wrong, but if there were a phishing scam capable of bypassing my bank's two-factor authentication, I think it would be making headlines.

That'd be hacking/cracking. Phishing scams bypass you, not the security measures.
You're the one unlocking the doors for the scammers.
When you login to a phishing site with your Steam credentials, you're giving them what they need to access your account.
When they take your stuff, no alerts are triggered because their connection to your account was already established by you.

Originally posted by JohnMars78:

Originally posted by Binne:

Of course, I could be wrong, but if there were a phishing scam capable of bypassing my bank's two-factor authentication, I think it would be making headlines.

That'd be hacking/cracking. Phishing scams bypass you, not the security measures.
You're the one unlocking the doors for the scammers.
When you login to a phishing site with your Steam credentials, you're giving them what they need to access your account.
When they take your stuff, no alerts are triggered because their connection to your account was already established by you.

I'm fairly certain there was no 2FA check when I got scammed. I've always believed that this was the case for all item-related scams.

Originally posted by Binne:

Originally posted by JohnMars78:

That'd be hacking/cracking. Phishing scams bypass you, not the security measures.
You're the one unlocking the doors for the scammers.
When you login to a phishing site with your Steam credentials, you're giving them what they need to access your account.
When they take your stuff, no alerts are triggered because their connection to your account was already established by you.

I'm fairly certain there was no 2FA check when I got scammed. I've always believed that this was the case for all item-related scams.

There was but you likely missed it. When items get stolen, the scammers have access to the account which means they can intercept trade offers and record destinations. They then cancel the offer, impersonate the intended target and then send a contaminated offer to themselves which requires the victim to accept. The victim then thinks they are confirming the original offer they created but instead are accepting the fraudulent one the scammers generated. So the 2FA element is there but the scammers using their account access were able to exploit the situation after they likely baited a trade to be initiated.

Originally posted by J4MESOX4D:

Originally posted by Binne:

I'm fairly certain there was no 2FA check when I got scammed. I've always believed that this was the case for all item-related scams.

There was but you likely missed it. When items get stolen, the scammers have access to the account which means they can intercept trade offers and record destinations. They then cancel the offer, impersonate the intended target and then send a contaminated offer to themselves which requires the victim to accept. The victim then thinks they are confirming the original offer they created but instead are accepting the fraudulent one the scammers generated. So the 2FA element is there but the scammers using their account access were able to exploit the situation after they likely baited a trade to be initiated.

I don't recall anything like that happening. Accepting a login request from a third-party site via 2FA seems incredibly irresponsible, especially since that kind of action was never required before. That said, you're probably right — I don't believe my 2FA was actually breached.

Thanks for clarifying that 2FA is still required for a successful login. I had started to question the security, as I was led to believe — based on reports from others on this forum — that it wasn’t required. Now, I might finally be able to put this to rest.

Originally posted by Binne:

I'm fairly certain there was no 2FA check when I got scammed. I've always believed that this was the case for all item-related scams.

Originally posted by Binne:

I don't recall anything like that happening. Accepting a login request from a third-party site via 2FA seems incredibly irresponsible, especially since that kind of action was never required before.

There's a delay between the phishing and the theft. There could be months between you authorizing access and your items being taken.
Makes it harder for users to identify the culprits, especially when multiple suspicious sites are involved.

The 2FA request comes from Steam and is legit.
They're saying "login to our site using your Steam account".
What's actually happening is: you are logging them into your Steam account, right then and there.

Your login credentials should only be used on the sites/services for which they were made, on a secure page.

Originally posted by Binne:

Originally posted by J4MESOX4D:

There was but you likely missed it. When items get stolen, the scammers have access to the account which means they can intercept trade offers and record destinations. They then cancel the offer, impersonate the intended target and then send a contaminated offer to themselves which requires the victim to accept. The victim then thinks they are confirming the original offer they created but instead are accepting the fraudulent one the scammers generated. So the 2FA element is there but the scammers using their account access were able to exploit the situation after they likely baited a trade to be initiated.

I don't recall anything like that happening. Accepting a login request from a third-party site via 2FA seems incredibly irresponsible, especially since that kind of action was never required before. That said, you're probably right — I don't believe my 2FA was actually breached.

Thanks for clarifying that 2FA is still required for a successful login. I had started to question the security, as I was led to believe — based on reports from others on this forum — that it wasn’t required. Now, I might finally be able to put this to rest.

anyway its off topic, if you ever wanna play any game, CS2 or TF2 or other ones, feel free to tell me, it would feel good ot play with ppl who went through a similar thing... honestly i was hoping to find friends from casual dm et clike from other games, but these scammers play the game actively

Originally posted by JohnMars78:

Originally posted by Binne:

I'm fairly certain there was no 2FA check when I got scammed. I've always believed that this was the case for all item-related scams.

Originally posted by Binne:

I don't recall anything like that happening. Accepting a login request from a third-party site via 2FA seems incredibly irresponsible, especially since that kind of action was never required before.

There's a delay between the phishing and the theft. There could be months between you authorizing access and your items being taken.
Makes it harder for users to identify the culprits, especially when multiple suspicious sites are involved.

The 2FA request comes from Steam and is legit.
They're saying "login to our site using your Steam account".
What's actually happening is: you are logging them into your Steam account, right then and there.

Your login credentials should only be used on the sites/services for which they were made, on a secure page.

You're probably right. I recall many times being in the Steam settings and getting redirected to the 2FA prompt repeatedly. Out of frustration, I’d just accept it without thinking much. That kind of mindless approval could easily give a scammer access to my account, I suppose.

But there’s good news! Steam has actually addressed these types of scams with the new 7-day trade reversal system. Hopefully, this will reduce the number of scams significantly — and maybe even free up Support to help the users who still end up getting hit.

Originally posted by HUN Lich King:

Originally posted by Binne:

I don't recall anything like that happening. Accepting a login request from a third-party site via 2FA seems incredibly irresponsible, especially since that kind of action was never required before. That said, you're probably right — I don't believe my 2FA was actually breached.

Thanks for clarifying that 2FA is still required for a successful login. I had started to question the security, as I was led to believe — based on reports from others on this forum — that it wasn’t required. Now, I might finally be able to put this to rest.

anyway its off topic, if you ever wanna play any game, CS2 or TF2 or other ones, feel free to tell me, it would feel good ot play with ppl who went through a similar thing... honestly i was hoping to find friends from casual dm et clike from other games, but these scammers play the game actively

I think I’m done with CS for a while — at least until there’s a solid anti-cheat system in place.

Also, you really shouldn’t feel bad or ashamed about getting scammed. It can happen to anyone.

With the new 7-day trade reversal system introduced today, I actually feel a lot more confident about using the marketplace again. It’s a clear sign that Steam recognized the security issues and finally took meaningful steps to address them.

Unfortunately, it came too late for those of us who got scammed earlier. But hey, you win some, you lose some. I guess it all balances out in the end. :)

wait for steam

Originally posted by Binne:

Originally posted by HUN Lich King:

anyway its off topic, if you ever wanna play any game, CS2 or TF2 or other ones, feel free to tell me, it would feel good ot play with ppl who went through a similar thing... honestly i was hoping to find friends from casual dm et clike from other games, but these scammers play the game actively

I think I’m done with CS for a while — at least until there’s a solid anti-cheat system in place.

Also, you really shouldn’t feel bad or ashamed about getting scammed. It can happen to anyone.

With the new 7-day trade reversal system introduced today, I actually feel a lot more confident about using the marketplace again. It’s a clear sign that Steam recognized the security issues and finally took meaningful steps to address them.

Unfortunately, it came too late for those of us who got scammed earlier. But hey, you win some, you lose some. I guess it all balances out in the end. :)

Great Im gonna rebuild my case investment too , and some statrak skins , but well , I feel EXTREMELY BURNED OUT due to this :)) everything is down the drain for me , I didn't lose lot of money, but , it grew to be worth a lot omg... And 3 weeks earlier than the change 🤣😂 im burned out