News - Scammers using new technique to bypass Valve's Steam Guard
Quote:
Makes use of a Steam directory SSFN file – with this anyone can bypass Steam Guard.
Read more.
Re: News - Scammers using new technique to bypass Valve's Steam Guard
I'm surprised by this! Not that scammers have found a vulnerability, more that it has taken so long for it to happen. I know people have been tricked into giving out account details or some have had accounts hacked because they hadn't used particularly secure passwords, but scams like this one are quite a lot more sophisticated and I can see how many people would be fooled by such methods. I certainly hope Steam do more then warn users to just 'be careful' though.
Re: News - Scammers using new technique to bypass Valve's Steam Guard
Considering how many people get fooled by way simpler methods.. there should be way more awareness about phishing. I see a lot of people who only learn after this has happened to them.
Re: News - Scammers using new technique to bypass Valve's Steam Guard
Bit of a shame that the SSFN file isn't hashed against some system-unique ID.
Re: News - Scammers using new technique to bypass Valve's Steam Guard
TL;DR Don't upload your SSFN file?, I completed agree with Steve ^, this seems like such a sensitive file, Valve need to sort this.
Re: News - Scammers using new technique to bypass Valve's Steam Guard
now im worried coz ive been purchasing games and items under steam.
Re: News - Scammers using new technique to bypass Valve's Steam Guard
Quote:
Originally Posted by
pvee
now im worried coz ive been purchasing games and items under steam.
You would only have to worry if for some reason you were asked to upload your SSFN file whilst logging on as part of your Steamguard verification process. If this has never happened to you then you are not at risk, if it does happen, don't upload the requested details, without them the scammers can't access your account.
Re: News - Scammers using new technique to bypass Valve's Steam Guard
How do the scammers direct you to their phishing site? Have they somehow hijacked the Steam client? Or do they simply send e-mails that are formatted to look like the e-mails sent by Valve?