Got it!

This website uses cookies to ensure you get the best experience on our website. Learn more

Valve, you can end the challengermode scams. Doing so is profitable for you.

Windranger DOTA 2 Hero Warriors Ice

As we know, this is a devastating phishing scam for a lot of dota players. I have not fallen for it, but I know the perpetrators have had wide success in stealing potentially hundreds of thousands of dollars in e-items.

It works by having someone ask you to register for a tournament or voting for a friend in a popularity contest, involving dota or csgo. It links you to a website where you need to login or register using your steam credentials. The website is well made and looks authentic.

To log in, it will also ask for your steam guard. At this point, I’m guessing it takes your username, password, and steam guard in one go, and immediately logs onto steam with it. Steam allows you to remember your credentials, so the scanner does not have to login with Steam Guard again, later.

Once they have access to your account, the scammer has near infinite power to make all sorts of unfavorable trades and you won’t realize until it is too late. Furthermore, the scammer uses the compromised account to repeat the scam to friends list potential victims, by checking which ones have valuable inventories. It is even more effective now since the scammer is now using social engineering from a more trusted vantage point — most people do not immediately suspect their long time friends.

So what should valve do?

It’s simple.

Steam Guard should require a further verification code when conducting trades, gifts, or adding a new steam guard. A pre-trade confirmation.

No trades or gifts should be permitted within 15 minutes of logging on, with or without 2FA.

A pre-trade confirmation lasts 60 minutes so the average user won’t be bogged down with endless 2FAs when trading legitimately.

User also has option to turn off pre-trade confirmations for a day if needed.

This should make those scams worthless overnight since they would need multiple steam guard codes to actually steal the items.

A scam victim is unlikely to buy items anymore which is a hit to valve’s profits. So valve should implement this change.


leave a comment

Your email address will not be published. Required fields are marked *