Reddit user Phantasma told the story of how scammers hacked into his Steam account and stole several thousand dollars worth of cosmetic items for Dota 2. According to the victim, the Steam Guard mobile authenticator did not protect against theft, and Steam technical support refused to return the skins.
->
->
“In early June, I got caught in a phishing scam. My Steam account was protected by the Steam Guard Mobile Authenticator, however it was unable to stop the scammers. Somehow they added their Steam Guard interceptor and after just a two-day lockout period, they took all my items. “
According to Phantasma, he carefully checked his phone, but found no extraneous programs there.
“I contacted Steam and it was explained to me that an SMS with an authorization code was actually sent to my phone. The tech support representative thinks the device may have been infected with message interception malware, but I carefully checked my phone and computer and found no suspicious programs there. In the end, I was told that my things would not be returned to my account. “
The user believes that it is too easy for scammers to bypass the protective measures of Steam, therefore it is impossible to guarantee the complete security of the account.
“The most frustrating part of all of this is my security concerns. Login via Steam is a very common thing that is used on many sites. It is all the more surprising that the same username and password are used to exchange items worth thousands of dollars! The only additional layer of security offered is the Steam Guard Mobile Authenticator, but it turns out that it doesn’t always help. I would like Steam to do some kind of additional verification when all my items were being sold to another account. For example, so that in such suspicious transactions they ask for an additional password or some bank information of the client <…>…
I love the cool cosmetic items in the game, but right now I’m afraid to buy anything because I’m not sure if they are safe. There is no insurance or guarantee that the stolen things will be returned to you. “
Reddit visitors were sympathetic to the Phantasma situation, but many of them expressed confidence that the user himself is to blame for the loss of things. They advised him to update his password and not enter his details on suspicious sites. Another tip was to disable SMS authentication. One of the forum visitors noted that this method has long been outdated and does not ensure account security, since scammers have learned to deceive the mobile network and intercept messages. In particular, it is because of this that many banks have stopped using SMS confirmation for Internet banking.
