Steam is awesome, don’t you think? Praise GabeN. The glorious PC Master Race marches on and the only thing that is crying is my empty, abused wallet. I even traded the moths I’d been keeping for sustenance for a copy of Tropico 4. Because I needed it. Steam is unrivaled in its universal provision for gaming, delivering us titles new and old, insane deals on games we never would have considered, a boat-load of features, with an enormous multiplayer community to boot.
The only downside – aside from the wallet ravaging – is the potential for ne’er-do-wells attempting to scam you, be it for games, items, or cold hard cash. We’ll take a look at the most common scams and how you can stay protected.
Phishing scams probably form the majority of Steam related theft and the scope of the attack can vary depending on scammer sophistication. The massive amount of games bought and sold through Steam can make things interesting – add in the millions of in-game items for global titles CS:GO, Dota 2, TF2, and others, and you quickly understand the potential scope for phishing.
Savvy scammers operate in the common trading posts such as TF2Backpack, csgolounge, dota2lounge, SteamGameSwap, GlobalOffensiveTrade, and plenty of other less frequented key-trading sites are targetted. Luckily, they are largely easy to spot:
Hi [insert username], my friend is a really good lad, but cannot add you as a friend. He receives an error “exceeded limit add friends for one day” – but he’d really love to trade with you. Could you please add him, instead? His user name is staemcommunnity.com/id/imstealinyoshizfool/
Or something along those lines. Note the bold aspects of the user-name: it’s small differences like this that should alert you to a potential phishing scam. Just to be sure, Steam operates on the following sites:
Additionally all official Steam pages are secured with an Extended Personal SSL Certificate – think HTTPS and a big green padlock with Valve Corporation, and you’ll be thinking safe. If the spelling is off, if the grammar is terrible, and if you’re asked to upload a file, you’re likely in the midst of a scam. Back up!
Remember, Steam is just like the real world: if it seems too good to be true, it probably is. If someone is offering you a copy of an awesome AAA game that’s just been released, and you don’t know them, question why they are doing it. I’m all for trusting people – but on the Internet, no-one knows you’re a dog.
Part of the latest phishing scams will see a scammer impersonating a Steam employee. They’ll ask you to locate a specific file, then upload it to them.
The SSFN file helps you avoid having to verify with Steam each time you login – giving it to a scammer allows them to bypass any security restrictions such as Steam Guard. This type of attack works in conjunction with a fake or hijacked profile, and a fake login screen to steal your password. As you can now guess, providing that file to a scammer is essentially gifting the keys to the castle.
This attack is becoming slightly less common as Steam users become aware, but it is still worth reading up about. As mentioned in the previous section, Valve/Steam will never ask you to upload a file. Anyone who does ask should set alarm bells ringing.
Software scams are still a massively profitable source for scammers. These types of attacks usually focus on obtaining your password through use of a keylogger. The comments of popular YouTube gaming channels are full of them, as well as the myriad “check this totally 1337 h4ck for free steam gift duplication lol!!111.” Any links here are spyware, malware, keyloggers, viruses, and everything else in-between.
Is there a way to avoid this type of attack? Of course: don’t be silly. There are no Steam item duplication tricks. Free items are not waiting for you. Be sensible and avoid these like the plague – it could be a lot more than your Steam account and games you end up losing.
Of course, it might not always be through another site. Software scams can appear within Steam using a hijacked account. You’ll be added by a legitimate account, complete with a good Steam score, no VAC bans, a healthy amount of play time and a similarly healthy amount of games. The file you might be sent will be the mask for a virus-laden site, or as an infected .exe, .bat, .dll, or .scr file.
Be wary when added out of the blue by someone you don’t know and they attempt to send you a file early in the chat. That said, be careful when anyone tries to send you a file in general!
Each and every Valve employee in a forward facing community role will feature either a Valve Employee badge, or a Volunteer Steam Community Moderator badge. You can check individuals out through their profiles. If they have a badge, they are legitimate. If not, close the window.
A Steam or Valve employee with never ask you for your password, or any other files for that matter. They certainly won’t threaten you if you don’t provide the information they desire. Individuals impersonating Valve employees will often feature [Valve] or [Steam] or [Verified] or something similar as their user name – clicking it will reveal their actual profile where you can verify their real identity.
Scammers can also research your friends list and impersonate them, replicating the user name with a slight spelling difference. Once your trust is gained, the scammer may ask to “borrow” an item that you’ll never see again once the trade is made.
These work pretty much exactly the same as any normal scam. Someone approaches you through Steam, asking if you want to trade those sweet rare TF2 hats, or similar items. You agree and head to the Steam trading area, only for the person you are trading with to announce that they will pay you outside of Steam, through PayPal, once the trade has complete within Steam.
This should immediately set alarm bells ringing!
If you need to complete a trade outside of Steam for whatever reason, then I would suggest using a middleman – though you still need to be careful here, too.
The middleman should be a verified person, trusted by both parties. Each individual can deliver their article for trading to the middleman and they can in turn pass it forward. However, some scammers are wise to this and will suggest a specific, Steam verified middleman. Once you agree to use said middleman, you’ll be added by someone with an extremely similar user name. Once you pass your portion of the trade to them you’ll be deleted, losing your item/game/cash.
If someone does suggest a middleman, and they have contacted you first, be wary. Community fraud prevention site SteamRep.com provides a verified middleman list – though they are not entirely affiliated with the site itself.
You can also search an individual users account details using the SteamRep search function. It provides details on that persons account status, any bans, their friendship lists, their friend-list bans and more. Worth a little check each time you enter into a trade.
Okay, so maybe not a real long-con, but there is some serious work going into this type of scam. A scammer, or scammers, create a subreddit dedicated to trading for a specific game. They go so far as to curate false accounts, updated comment threads, even using custom CSS to provide an air of authenticity.
Buried within the erroneous subreddit will be several links to the scammer’s phishing sites. Remember the slightly misspelt names from our earlier phishing section? These subreddits will be rife, making dodging a potential attack pretty damn hard.
You can read more about this Steam scam here.
This is another somewhat common Steam scam attempt, utilizing PayPal to rip off the would-be trader. It usually goes down like this:
Watch out for this one. It is relatively common due to its ease of use and minimal technical knowledge.
Get your digital guns and blast anyone that contacts you through Steam.
Or, just be careful out there. If you are approached by a stranger, be somewhat wary. Not everyone is out to steal your items, and many are genuine traders looking to support themselves, or their gaming. As with real-life, don’t sign off on anything, don’t give anything, don’t remove anything, don’t pay for anything until you are completely certain this deal is for real.
Have you been scammed on Steam? Did you get your items back? Did you report the user? Were Valve helpful following the theft? Let us know below!
Image Credits: Bear trap Via Shutterstock