Steam Escrow System Drives Impatient Users To Fake Trading Sites Serving Malware

An anonymous reader writes: On Wednesday, Valve introduced a new "trade hold" system that should prevent scammers from stealing items from Steam users' hijacked account, or at least minimize the occurrence of such incidents. Anyone using the Steam Guard Mobile Authenticator to confirm trades is able to continue trading as always. Users who haven't enabled it, or can't, can still trade, but they'll have to wait up to 3 days for the trade to go through. The system was, understandably, not welcome by some users, and it didn't take long for scammers to take advantage of this discontent.

Item trading bought me a game on sale.

[truck_soccer]

Anyone stupid enough to trade STEAM ITEMS through any service that isn't STEAM gets no sympathy. Are people getting dumber or am I getting less tolerant?

Re:Well, I did learn something

Doesn't matter if you give them out or not to the ad agencies. This monday I was browsing the menu of a local take out restaurant that I had never used before and decided to pass because of their prices. By Thursday (yesterday) there was an ad postcard in the mail with my full name on it (not simply addressed to resident) and I'm running firefox locked down with ghostery and noscript allowing cookies for session only and disallowing any 3rd party cookies. Another case in point I dropped my insurance Assurant to switch to Obamacare this fall and since then I've had over a dozen cold calls from insurance agents spanning across the country saying they recently heard I canceled my insurance and trying to scare me into getting their insurance instead.

I FUCKING HATE THE SPYING / ADVERTISING OUR WORLD HAS DEGENERATED INTO

Re:Hold system is ridiculous

[BenJeremy]

I understand your frustration, but something had to be done. My son had his account stolen. It took us over a week to get it back, and in the meantime, the scammer who tricked my son into giving up his password (I tried to teach him better beforehand, but at least his experience means he actually listens to me now) and took over his account sold it to some Russian kid, who was probably out a bit of cash when the account was returned (my son's account had over 600 games at the time).

He didn't have anything in his inventory worth trading out, at least... there wouldn't have been anything left if there was. With this system, at least that wouldn't have been as much as a worry.

The authenticator is a fine system. You can probably set up an alternative that allows SMS messages, like Ring.to or Google, that your son can use as the authenticator; no need for a cell phone these days. It's never too early to take measures that can enhance your son's security now, and even better when such measures can be carried with him for the rest of his life, too.

I hope Steam also improves the way they handle account thefts - it would be a simple thing to check logs against IPs and international locations to see fishy activity once a complaint is raised and act immediately to, at least in the short term, freeze the account until things get sorted. From Day One Steam has not allowed the trading or sale of Steam Accounts in their TOS, so a user suddenly changing names and accessing an American account from Russia should raise a red flag that is easy to spot by the system. Likewise, actions like trying to trade out all the items in the inventory should also signal a possible fraudulent activity. There are probably a good dozen automated ways Steam could detect potential account theft and squash it without ever inconveniencing the customer.