How To Lock Your Steam Account (and to avoid to “Hey Bro!” everybody on your friendlist)
Hi everybody ! It’s Wednesday (just saying in case you would be shook that it’s not a Monday post) and today we’re gonna speak of something important that not everybody know, HELL I didn’t even know about it until randomly clicking on a link that I’m 99.99% sure that most of us didn’t guess that it may have such effect.
For those who may not know about it, my Steam account has been hacked around two weeks ago without me putting my credential anywhere and even using Steam Guard. For those who didn’t follow the story, I got back my account, but only after the ones who got access to my account tested CS:GO or whatever it’s called on it and contacted all my friend list, calling them “Hey Bro!” and adding a shady link for them to win a game.
The Facts
Before writing the lengthy explanation on how to lock your account, kick anybody who is currently using it and teaching you how to proceed, I would like to speak of Steam attitude regarding the problem.
I didn’t follow a shady link, I didn’t put my credential anywhere and my mail is secured. I tried to have some information as I attempted to recover my account, but it was one of those dialogue of the deaf like we love them:
- When I told them that I didn’t put my credential anywhere, they told me to get steam guard.
- When I told them that I had steam guard, they told me to make sure my mail was safe.
- When I told them I had steam guard and that my mail was safe, they told me to not put my credential anywhere.
- When I told them that I didn’t put my credential anywhere AND that I had steam guard AND that my mail was safe, they closed the conversation saying that apparently I had my account back.
So I have absolutely no answer to give you on what happened, just that I have less reason to lie about putting my credential anywhere than Steam has to cover the fact that some people, and not only me, get hacked despite being on a similar situation as I am (secured mail, steam guard, no credential entered anywhere). There may be a breach somewhere, and it’s more that and the fact that some people who are actually playing CS:GO may get their item stolen that pushes me to explain how the hell to lock your account.
Phishing
Around the time I’ve been hack, a new sort of phishing appeared, and someone made a post on Steamgifts warning people about it and linking an article from a website called BLEEPINGCOMPUTER. The article was named “Steam Accounts Being Stolen Through Elaborate Free Game Scam”.
My account sent the link to the shady website exposed on the article, but the article itself doesn’t explain how to lock your account in case of phishing. This is what it states:
Which is absolutely true, but while they added a lot of pictures to explain what happens when you get phished, they forget to point at a really specific link visible on one of their screenshot and we’re going to speak about this specific link and how you will receive it.
How to Lock your Steam Account
Let’s play a little game. Without reading the next part of this article, try to find the answer of this > tiny quizz < ♥
You found the answer ? You didn’t find the answer ? You didn’t try to find the answer ? It doesn’t matter really (does it ?) because I’m going to tell you how the hell to lock your account right now.
Are you ready ?
Are you really ready ?
ARE YOU SURE YOU’RE READY TO LEARN THE TRUTH ?
THE TRUTH THAT WAS WRITTEN IN SO SMALL LETTERS THAT YOU NEVER EVER PAID ATTENTION TO IT ?
I mean, this is true. You can even do the test at home and see by yourself how big is the link that allows you to lock your account, because it appears ONLY on a specific occurrence and it’s when you change your email.
So, yeah, if you read through the whole stuff, which, I guess, isn’t exactly something that comes to your mind when you’re stressed as you’ve just been kicked from your account and been told that your email has been changed, you can see that there is a specific recovery link at the bottom that you have to use to recover the account and/or lock it.
The link will not appear anywhere else, it’s not a basic link, it’s a link with a specific token to solve the specific situation that got you to receive this email. If you click on it, you’ll be asked if you can access to the account (aka “does your password works”) which is obviously never the case when you’ve been hacked.
I decided to make it simple and to give you an easy to follow tutorial. The procedure takes maybe, wow, 15 seconds and can save your items if you have some valuable for hackers (I’m thinking of you CS:GO)
The locking feature allows to “Locked features will include purchasing, changing password, changing email, Trading, Community Market, and playing on VAC enabled servers.”
If you log in the account, you have an alert showing of which states this :
In case you wonder, YES CS:GO is part of the “VAC enabled game servers”, which means that if you bought loot box there and got lucky, you can avoid people to trade your items if you follow that simple guide and are fast enough to do so. So as bonus as making this small tutorial, I recommend you to link your steam to your main mail account so you have the “your email has been changed” message right away.
Also, in case you wonder, yes I did create a steam account especially for locking it.. From myself.
What do you think of my explanation, was it clear enough ? Did you actually learn anything ? If you play CS:GO, do you think that this may be useful for you to know that ? Did phishing happen to you or one of your friend ? Did they recover their account without any problem ? Did they lose anything ?
Hope you liked the topic, even though it was really specific (and full of pictures, I’m sorry for people who had to scroll down through that mess, I promise it wasn’t to bother you, I just don’t know how to make a collapsible thingy ^^” .. But if you want to teach me, I’m in !)
ONE LAST THING THOUGH.. DID YOU PLAY THE LITTLE GAME AND FOUND THE EASTER EGG ?
Thank you for sharing that!
Apart from you being hacked, my cousin got recently hacked. I don’t know how that happened, but she wasn’t on for a while and… yeah, there it was. Weird message, playing CS:GO - which she never did before - and totally not reacting to my message. Was pretty obvious. She got it back, so all is fine :)
Unfortunately it can really happen to anybody, especially young people are there are much more on Steam than we think !
Thanks for the article and easy quiz 👍
You’re welcome, it was more about paying attention than anything ^^ !
I found the link as the answer to the quiz, but could not guess your answer to the ITH quiz. I used the caption of the image first (since you asked “what is the picture,” and the the text of the link second, but neither worked.
Edit: Okay, I got it by entering the full URL of the image. I think the question should be, “what is the URL of the picture,” or accept the image caption as a correct response.
Edit2: Funny, I didn’t even see the giveaway link that appeared. I guess it’s been a while since I did an ITH puzzle.
A big thanks to make us all more aware of this threat. Great idea to gamify the takeaway! Unfortunately, I am too low level to join the GA.
Your rhyme made me really happy !
What is your level currently ?
I’ll make next one lower for you,
But solving will be harder too !
Thanks for the info, this is very good to know in advance. I’m sure I’d miss an obsure link like that in the midst of panic. It’s been worrisome to read about how easily Steam guards have been bypassed with those phishing scams, and your situation sounds even more unusual.
I know, and I truly believe that over time phishers will make their scams more and more complex. On the website which allows you to know how long you have to wait to get an answer from Steam support, you can see how many requests they get from people trying to recover their account. It’s actually a crazy amount, the day I was hacked, the support received 25.000+ tickets. And that was only 24 hours mind you as it reset every day.
So if that post can help even just one person to get there items secured while they go through the procedure to recover their account, it will be great.
Wow, those numbers are wild. I wonder if all those are legitimate or if there’s foul play involved on that end as well, i.e. scammers flooding support in order to hamper the recovery process.
You can have a look at that yourself on the “STEAM SUPPORT STATS” page. So yeah, nobody is safe, so better learn how to protect your account, just in case.
Nice to know about locking accounts. That’s wayyy too small of texts for such important information. :o It’ll probably be quite helpful for me since I have some valuable TF2 items.
I did get quite a few of those phishing links, one time even from a familiar steam friend(who’s account got hacked) and I almost went through with it but noticed it was kinda weird and stopped.
Note that you can do the whole process without locking your account and instead bookmarking the page so you are only one click away from locking it !
I think knowing how to lock your account is good for csgo players. They are the ones that will be more valuable since they will have items already compared to accounts like yours where its a bunch of work. I know when I saw the message from you it was very obviously when clicking on your profile was a giant csgo sign screaming IM A HACKER. As far as im concerned you are the only friend ive heard been hacked but yeah they need to make it easier to lock your account instead of that 1 way
Of course, if they check that it might be because the most valuable things are on CS:GO, but who knows, maybe other games in the future may have high priced loot box prizes and the hackers/phishing never will stop progressing. Better safe than sorry as we say ^^ !