Ray Proudfoot

Warning emails about my Steam account being compromised

Recommended Posts

A couple of months ago when I was using GPS-Z to monitor graphics card performance in P3D I decided to register with GPS-Z so I could supply the data collected and compare my data to others. I completed a registration form and submitted it.

I've now received for the fourth time an advisory email from Steam saying someone using my correct username and password but from another country (KR) is trying to access my account. I have to click a link and supply a Steam Guard code to confirm my authenticity.

This is becoming a pain and quite worrying. How do these low lifes get hold of login info? Is this common-place? I now feel I want to close this account. Is this an easy process?

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Wow, Ray, real tale of caution. KR sounds like Korea. I may be wrong. Seems like somebody at GPS-Z or elsewhere,compromised your account. Hope you get it sorted.

Share this post


Link to post
Share on other sites

Are they just trying to access your account, or succeeding in accessing your account? If they're just trying, then they're probably not getting past your password, but you might be happier about things if you change to a more secure password. If they are succeeding, again, change your Steam password to a more secure one and if you have been changing your password, and they are succeeding in gaining access, then change your e-mail account password for a more secure one (it may have been compromised) and also run a full anti-malware scan on your PC. Someone may have slipped a keylogger in under your radar.

Share this post


Link to post
Share on other sites

I'm getting these too. I'm just deleting them. Perhaps a password change would be a good idea.

Share this post


Link to post
Share on other sites

I never click on ANY link from an e-mail. It could be a phishing trap to get your information. I delete these kinds of e-mails

Bill Davis

  • Upvote 1

Share this post


Link to post
Share on other sites
9 minutes ago, wwdavis said:

I never click on ANY link from an e-mail. It could be a phishing trap to get your information. I delete these kinds of e-mails

Bill Davis

Same here.  I don't click the link provided in any email.  I delete the email, then go directly to the website where the alleged problem occurred and reset my password.

  • Upvote 1

Share this post


Link to post
Share on other sites

Thank you all for your replies. Doesn't sound like any of you have a Steam account. If I'd known this was mandatory when supplying and receiving GPU-Z data I wouldn't have bothered.

These are genuine emails as they include data which allows me to gain access to my account. I have changed my password but should this happen again I will post on the Steam forums and complain very loudly.

Yes, I also came to the conclusion that KR is Korea. I've also had emails saying the source was Ukraine. All very dodgy.

@Holdit, no they didn't access my account because presumably Steam checks the IP address and a different country to mine would not permit access.

I've chosen a totally random set of letters and numbers now for the password. If I receive any more emails from Steam it suggests they have a culprit providing this data to undesirables.

Share this post


Link to post
Share on other sites
12 minutes ago, Ray Proudfoot said:

Doesn't sound like any of you have a Steam account.

I do have a Steam account, using FSX-SE and I have not had any account flags each time I start FSX-SE, other than that Steam was updating itself, Ray.

  • Upvote 1

Share this post


Link to post
Share on other sites

I do have a Steam account, but I can't remember any hacking attempts. I have had them on my GMail account, though, but they are just attempts. It happens.

Wwdavis' advice about e-mail links is spot on. Likewise, if you receive an invitation to log into your <whatever> account via a form in an e-mail you should always decline to do so, and instead log in via your usual route. Such e-mails are often just a credential-harvesting phishing expedition.

 

Share this post


Link to post
Share on other sites
1 minute ago, Holdit said:

GMail account

In fact, Gmail are superlative at letting account-holders know when a Gmail account has been accessed, even if it is the very same account-holder via non-default IP address, e.g. somebody else's wi-fi network.They are to applauded on this score. However, all is not that rosy in their garden as I get sent so much Spam mail, and not from any sites I have ever visited. So, do wonder if Google farms out email addresses to garner advertising revenues?

Share this post


Link to post
Share on other sites
2 minutes ago, Holdit said:

I do have a Steam account, but I can't remember any hacking attempts. I have had them on my GMail account, though, but they are just attempts. It happens.

Wwdavis' advice about e-mail links is spot on. Likewise, if you receive an invitation to log into your <whatever> account via a form in an e-mail you should always decline to do so, and instead log in via your usual route. Such e-mails are often just a credential-harvesting phishing expedition.

 

Looks like I'm in a minority here then. I don't have FSX:Steam. I'm now with P3D moving from FSX:SP2.

I understand your advice about not clicking on the link in an email but given it does include a validation code which then gives me access to my login page on the genuine Steam platform it appears genuine. I don't click on any unsolicited emails. Mailwasher Pro is excellent for guarding against spam and dangerous mail.

Share this post


Link to post
Share on other sites
3 minutes ago, vc10man said:

In fact, Gmail are superlative at letting account-holders know when a Gmail account has been accessed, even if it is the very same account-holder via non-default IP address, e.g. somebody else's wi-fi network.They are to applauded on this score. However, all is not that rosy in their garden as I get sent so much Spam mail, and not from any sites I have ever visited. So, do wonder if Google farms out email addresses to garner advertising revenues?

Yep, as we speak I just had an e-mail from them confirming that my daughter has logged in on her Android tablet. :smile:

I can't say for sure about the spam, because my GMail account also hoovers up mail from an old e-mail account that I used once upon a time to register an Internet domain name. Boy did that open up the spam floodgates... Still GMail does a great job of sending to the spam folder, so it doesn't bother me.

 

Share this post


Link to post
Share on other sites
1 minute ago, Holdit said:

Still GMail does a great job of sending to the spam folder,

Yes, fully concur it does that, but I find that despite setting the Spam filters to delete, it still places them in the Spam label/folder, instead of just deleting them. Then I have to clean the Spam folder manually.

Share this post


Link to post
Share on other sites
9 minutes ago, Ray Proudfoot said:

Looks like I'm in a minority here then. I don't have FSX:Steam. I'm now with P3D moving from FSX:SP2.

I understand your advice about not clicking on the link in an email but given it does include a validation code which then gives me access to my login page on the genuine Steam platform it appears genuine. I don't click on any unsolicited emails. Mailwasher Pro is excellent for guarding against spam and dangerous mail.

Yes that's fine, After reading your first post I did a quick search through my mail for Steam account-related messages and I found a few of those with the validation code. They are fine. If ever in doubt, hover your mouse pointer over the link, and the target address will appear in the bottom left-hand corner of your browser. If you see an IP address instead of the domain you're expecting, be very careful.

Your policy regarding e-mail clinking is a wise one. Part of my job is to train (mostly non-technical) users in good security practice, and I stress the e-mail link warning several times, but still I get the occasional call "Um...I've just clicked on a link in an e-mail/opened an attachment and I think it might be dodgy.."

  • Upvote 1

Share this post


Link to post
Share on other sites

I've written to Steam Guard support detailing my experiences since opening the account. Let's see what they say. The only personal info they have about me is my email address. I haven't applied for a forum account as they requires more personal info.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now