It’s one of the most effective methods of scamming today. It’s possible to avoid it and how to deal with it once it happens.
Intro – quick sum up
This is a fairly new scam technique that is extremely effective. Users are left wondering how it happened. This scam was first discovered by me when someone accused I of scamming them with a false offer. I dismissed it as one of my impersonators scamming somebody, but I didn’t realize what actually happened. The next one was very similar. We made the deal with a guy on Steam and he sent our offer. That’s when it happened. Instead of confirming the trade, he confirmed another. He made an offer with the exact same items as he had submitted from his side but it was empty on the other. It seemed like he was trying to trade it with me. But it was a bot. It automatically canceled the offer, changed the name and avatar of his bot account to mine, and sent him the offer.
To make this work, someone must have access to your account. All cases I saw involved logging into a scam website. Once they have your login details, they still need to trick your into giving them your items.
Accessing the account
There are several ways this could happen. I will only discuss three of them. This is the most common method of getting users to divulge their login details via phishing sites. These sites are usually designed to look legitimate and copy an existing website’s design. You can see the scammers and other attempted scam descriptions. It usually starts when a user adds to your account and requests one of you items. They ask you log in to the site they link and verify the pattern index of your item. You will need to give them your pa*sword, steam guard code and username when you log in.
Here’s a more sophisticated one I found via a guy who was phished. I an*lyzed it, and put it on Youtube to show you how good they are.
Although the second is more common, it can still happen. The developer of a browser extension goes rogue, and decides to scam its users. They can modify data in the browser depending on what permissions they have. This gives them access and allows them to do all the things a user would do on steam, including cancelling steam trade offers. The third is by infecting a user with malware that can log keystrokes for entering pa*swords and send it to the scammers.
Once the scammers have gained access to the account, they can wait for the user’s attempt to make a legitimate deal with another user or service like bitskins or csmoney. They can offer a trade to the user or buy an item at an absurdly expensive price on bitskins if they don’t want it to take too long. Once a user has sent an offer to anyone, they can cancel it immediately and resend or accept their own without any further action. The user expects to receive a confirmation via mobile, so he or her accepts it blindly. This is effectively giving away their items.
Updated December 2019:
I came across a new way of getting a user to trade. I reached a deal that we would trade knives with a guy. I sent the offer to him, and he replied:
“Something went wrong. Your knife isn’t in the trade.
I need to confirm that your knife doesn’t appear …”.
I knew instantly what was happening, so I told my friend that he was hacking me and sent him this guide. His response was surprising and he was not quite clear at first.
“Ok, I declined the trade, but now it says that my account violated steam TOS?”
I was then removed from his friend list. I asked him if he was the one removing me or hackers. In the interim, his profile name was changed to his steam id.
Later, he read through me and explained everything that had happened.
“I received a random message by “VAC bot” stating that I have 24 hours to trade all items to another steam account. My profile name was a bunch number and my info block read stuff such as this account violated TOS and i cant buy anything. It’s also a perma ban.
Below are some photos he took of his profile.
This is a way to make already hacked people trade. It’s a scarring tactic.
What can you do to avoid this scamming?
You can avoid logging in to any shady websites by doing the best you can. Make sure you check the domain name before you log in. It is important to do some research on the legitimacy of any browser extensions or software downloaded from the internet. I recommend to people who like steam to log into sites that open Steam in their browsers. If they ask you to log-in with your pa*sword, then it’s a scam. Because you are already logged on to Steam, they shouldn’t prompt you to do this again.
What can I do if I am scammed or a victim to a trade scam?
You will immediately want to log out from every device. This can be done by going to
Steam->Settings>Accounts->Manage Steam Guard Account Security…
Click “Deauthorize all devices” and follow the prompts. This will log your account from all devices except the current one.
If you were able to do it, go back to your account settings and change the pa*sword.
Steam API Key – http://steamcommunity.com
You should not generate an API key unless you absolutely need it. If you don’t understand what an API key is, then it is probably not necessary and was generated by scammers to manage your account.
If you were scammed by an phishing site, then you are safe. This is all you need in order to secure your account. It’s harder if you weren’t phished. If you are using Chrome, I recommend checking your browser extensions. Open chrome://extensions/ to find suspicious extensions. If you aren’t sure what their purpose is, Google their names. If malware or virus appears in the first search results, then you know you are looking in the right direction. If you are still unsure about who has access to your account, you can reinstall.
Refresh – http://onmsft.com
Your operating system.
You can now check your sanity with this method
Steam login history – http://steampowered.com
You can also access Steam Login History by going to Help->Steam Support->My Steam Account->Recent Login History.
Here is my healthy login history:
Here is a scammer’s story: The victim lives in Montenegro and the scammer logged into it from Canada.
This is all for Counter-Strike: Global Offensive How to prevent getting scam in CSGO hope you enjoy the post. If you believe we forget or we should update the post please let us know via comment, we will try our best to fix how fast is possible! Have a great day!
- Check All Counter-Strike: Global Offensive Posts List
Leave a Reply