adflgdafjl Posted February 9, 2014 Share Posted February 9, 2014 I mean, ok, congrats, you have their account information, but you can't get into their account because of SteamGuard... Is just that people are gullible/stupid enough to give their email accounts as well? Link to comment Share on other sites More sharing options...
Bakgrund Posted February 9, 2014 Share Posted February 9, 2014 The steamguard code is valid for 15 minutes, if they enter it on a phishing-site it's possible to log it and the phisher has 15 minutes on them to sign in. Link to comment Share on other sites More sharing options...
AwesomeMcCoolName Posted February 9, 2014 Share Posted February 9, 2014 The steamguard code is valid for 15 minutes, if they enter it on a phishing-site it's possible to log it and the phisher has 15 minutes on them to sign in.That still doesn't explain how they bypass the seven day trade lock on all new devices. Link to comment Share on other sites More sharing options...
puddingkip Posted February 9, 2014 Share Posted February 9, 2014 No actually SteamGuard disabling has been cancelled due to idiots complaining. So they take your info and then your stuff Link to comment Share on other sites More sharing options...
jorisk322 Posted February 9, 2014 Share Posted February 9, 2014 The steamguard code is valid for 15 minutes, if they enter it on a phishing-site it's possible to log it and the phisher has 15 minutes on them to sign in. But a new device locks you out of trading for 7 days right? Link to comment Share on other sites More sharing options...
AwesomeMcCoolName Posted February 9, 2014 Share Posted February 9, 2014 No actually SteamGuard disabling has been cancelled due to idiots complaining. So they take your info and then your stufferm, i logged into a new browser, and couldn't trade for 7 days (from that browser). Link to comment Share on other sites More sharing options...
Bakgrund Posted February 9, 2014 Share Posted February 9, 2014 But a new device locks you out of trading for 7 days right? I think valve removed that shit because they got so many complaints. Link to comment Share on other sites More sharing options...
jorisk322 Posted February 9, 2014 Share Posted February 9, 2014 erm, i logged into a new browser, and couldn't trade for 7 days (from that browser). In Alex' case they actually got into his computer, but that shouldn't work for the simple phishing-links. I think valve removed that shit because they got so many complaints. I'm currently locked outof trading through Chrome on my other computer because of it, so no. Link to comment Share on other sites More sharing options...
AwesomeMcCoolName Posted February 9, 2014 Share Posted February 9, 2014 In Alex' case they actually got into his computer, but that shouldn't work for the simple phishing-links. Yea, i wasn't referring to Alex since he wasn't phished. Link to comment Share on other sites More sharing options...
jorisk322 Posted February 9, 2014 Share Posted February 9, 2014 Yea, i wasn't referring to Alex since he wasn't phished. Maybe they redirect you to the real site with an error and cache the SG hash. Then when the lock is lifted they take the items. Link to comment Share on other sites More sharing options...
Bakgrund Posted February 9, 2014 Share Posted February 9, 2014 maybe the website steal the session too? we'll have to wait for some russian hijacker to reply. Link to comment Share on other sites More sharing options...
jorisk322 Posted February 9, 2014 Share Posted February 9, 2014 maybe the website steal the session too? we'll have to wait for some russian to reply. Pretty sure that wouldn't work. Different IP etc. Link to comment Share on other sites More sharing options...
Bakgrund Posted February 9, 2014 Share Posted February 9, 2014 Pretty sure that wouldn't work. Different IP etc. if they steal the cookies from the real steamcommunity.com i'm pretty sure it would work Link to comment Share on other sites More sharing options...
jorisk322 Posted February 9, 2014 Share Posted February 9, 2014 if they steal the cookies from the real steamcommunity.com i'm pretty sure it would work That would be a serious flaw in Steam's security. Link to comment Share on other sites More sharing options...
Bakgrund Posted February 9, 2014 Share Posted February 9, 2014 That would be a serious flaw in Steam's security. I'm just speculating, we'll have to wait and see if some phisher wants to share their information. Link to comment Share on other sites More sharing options...
Slocumruls Posted February 9, 2014 Share Posted February 9, 2014 Using a session cookie from a different computer would be extremely difficult and yes if it is possible then it is a serious flaw in steam/browser security. However, if they were stealing session cookies they wouldn't need you to enter a password/steamguard code. They would just take the cookie as you opened their site. Link to comment Share on other sites More sharing options...
There Posted February 9, 2014 Share Posted February 9, 2014 Has anyone ever thought that they do wait 7 days? Link to comment Share on other sites More sharing options...
jorisk322 Posted February 9, 2014 Share Posted February 9, 2014 Has anyone ever thought that they do wait 7 days? Maybe they redirect you to the real site with an error and cache the SG hash. Then when the lock is lifted they take the items. Link to comment Share on other sites More sharing options...
AwesomeMcCoolName Posted February 9, 2014 Share Posted February 9, 2014 Has anyone ever thought that they do wait 7 days? If that was the case phishers wouldn't be nearly as successful as people would realize the link is bullshit within a 7 day period (at least some would). Link to comment Share on other sites More sharing options...
There Posted February 9, 2014 Share Posted February 9, 2014 If that was the case phishers wouldn't be nearly as successful as people would realize the link is bullshit within a 7 day period (at least some would). In that case, wouldn't we see more people clicking phishing links, realizing what they did, and changing their password before their items are stolen? Not really. I have personally never seen one person say "I clicked a phishing link, but I still have my items, help me!" They often don't realize that they have clicked a phishing link, so I think it is entirely possible that phishers do have to wait 7 days. Link to comment Share on other sites More sharing options...
NotPeng Posted February 9, 2014 Share Posted February 9, 2014 In that case, wouldn't we see more people clicking phishing links, realizing what they did, and changing their password before their items are stolen? Not really. I have personally never seen one person say "I clicked a phishing link, but I still have my items, help me!" They often don't realize that they have clicked a phishing link, so I think it is entirely possible that phishers do have to wait 7 days. You're right. I left trading 2-3 years back where there was nearly no phishing at all but when I came back I was selling my unusual and some phisher commented. Some dude quickly commented calling me a dumbass and only then I realised. The phisher already tried logging in, email was being spammed the fuck out of. Till this day, I'm still scared of my account being hacked. Steam is always buggy and I think my items are gone. I wanna quickly cash out before something happens. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.