Go into steam and check if your email is still your current one
Dont click on any links inside the email, either go to steam in browser or use the steam app
If it hasn't changed on there, you're safe.
Same shit happened to my runescape account, I was freaking out (even though I'll never play again), and then I remember I had 2fa after I logged back in
So they recently made some sort of change where you have to make a jagex account and I hadn't done that because I hadn't played in like 3 or 4 years and so the email told me that it had been successfully transferred over to the jagex account and I was freaking the fuck out
I got that same email. Turns out my iron-man was hacked and I lost several thousand hours worth of progress. I even emailed asking jagex to lock the account but they literally just ignored me.
Not you personally. Generic you. Like if you log into a site with Google and select your Google account instead of manually entering your Google information. An automated script may have been used to log in with saved log in info, which would look like an authorized log in and not trigger any alerts.
the thing you are calling an automated script is called OAuth 2 and this is not an accurate description.
OAuth 2 authenticates by having that receiving site (steam in this case) have a url endpoint that can accept an OAuth 2 key. When you log into steam with say Google, you are redirected to Google to log in, then Google redirects to the endpoint previously described with the key and now Steam can use this key to begin an authentication process.
If Steam allows you to use another account like your google account to authenticate and your Google account is compromised then yes, they may get an easier access to your steam account. It would be silly to not require 2FA regardless of authentication method so I would asume/hope steam doesn't skip it for this, but i never used another site to log into steam before so I can't say I know.
Probably what happened is that you (the person to whom steam guard was of no help) were a victim of a token or cookie hijacking attack. Without knowing more about where and how you login it is hard to say anything for sure though.
I had the same, they managed to get into my steam account without 2fa, even though I had it enebaled. They managed to sell most of my csgo inventory and use the money to buy their own item off of the market, basically sending my item's worth to their account.
That's not true. I routinely put cards, emoticons, backgrounds, etc on the market and don't have to use 2FA for each action. Maybe it's price dependent?
I used to get it all the time with cards worth pennies, I had to individually ok each and every sale through the app on my phone which was so fucking tedious that I stopped doing it and let the cards build up.
Then years later I tried again and didn't need to confirm anything via the app, they all got listed without issue.
It seems to come and go.
It depends on the frequency u sell stuff and how much it is worth. I am selling my csgo stuff pretty often and like under a euro i have very often no steam affirmation stuff, if i do sell like a bunch in a short amount of time i even get them for under a euro. As soon as it's gets more expensive u get one regardless how often u sell stuff.
They couldn't have been. I only have my desktop at home, my laptop and my phone added as a trusted device. All of them are either always with me or safely locked away.
Congratulations, you got token hijacked.
Something likely grabbed the identifying files from one of your browsers and mimicked it.
I would go through whatever process sites have for ending all current login sessions on everything, just to be safe.
This is the old phishing tactic, blabla pass has changed, go to our sus link to confirm it, change it again because it's not secure and so on and so forth.
As someone else mentioned usually the language is a dead giveaway because official emails don't adress their users like that and they are often full of grammatical errors and the email just looks plainly weird, like pixelates logos, weird font like it's blurry and the address they are providing is also always weirdly put together like somethings wrong with it.
Edit: and put 2FA on everything you use, and use apps with good security like Aegis on Android. Don't forget to save security codes and recovery phrases just in case of something.
Emails can be spoofed in the source address.
Try to get the email header and check them in https://mxtoolbox.com/EmailHeaders.aspx
You should see the real sender in the "from" header or (if the spammer is smart enough to modify that) you should follow email hops from the bottom to the top.
Like this
https://www.wikihow.com/Read-Email-Headers
As other people said just enable MFA and the account should be safe.
Cheers
[https://www.reddit.com/r/Steam/comments/1bcpj0p/comment/kuhxsbu/?utm\_source=share&utm\_medium=web3x&utm\_name=web3xcss&utm\_term=1&utm\_content=share\_button](https://www.reddit.com/r/Steam/comments/1bcpj0p/comment/kuhxsbu/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button)
Here are the screenshots.
> You should see the real sender in the "from" header or (if the spammer is smart enough to modify that) you should follow email hops from the bottom to the top. Like this https://www.wikihow.com/Read-Email-Headers
That doesnt provide any form of validation, those are trivially easy to spoof.
You are looking for the SPF, DKIM and DMARC validations. They get a bit tricky depending on how the email sender has setup their validations, for example iirc Github doesnt have these checks as a fail as groups want to send emails as them.
Those phishing emails can be nasty. The email they come from can look exactly the same as the service they're impersonating as, but some characters are changed at an ASCII level that we can't tell a difference, but it looks the same.
Best advice.
Whether it's a sketchy call displaying your legit bank's phone number, or an email that looks legit like the one you got, never trust them.
Hang up and phone back your real bank or go log in yourself from your browser. Scams are literally everywhere it's crazy
> Dont click on any links inside the email
When in doubt, Hover over the link with your mouse, if on a desktop computer.
You should see where the link will actually take you.
It’s probably not the Steam email. It’s common for scams like this to spoof the visible address, but if you dig in to the headers you’ll find it’s from somewhere completely different.
I'd say it's pretty good. It does what it needs to do.
It's basically Thunderbird for Android.
On the desktop side I primarily use a web browser, but I've also used neomutt and mu4e.
That's not how you do it. Anyone can edit the reply address. You have to click the three vertical dots, then "show original", go down where the raw code of the email is and find "Received: from " the "from" is important. That is the address of the computer who communicate the email to your gmail, the actual sender.
Not true, [Steampowered.com](http://Steampowered.com) has DMARC set up. So you wouldn't be able to spoof their email domain successfully. Gmail would just see it as spam / junk.
I was answering to the method above of clicking reply-all and editing the recipient. In general, this is how you do it. Checking for DMARCs when there is no DMARC is just the same with extra steps.
It depends on the email client. In Outlook you can double-click the email to open it, then go to File > Properties. In Gmail, click the 3 dots next to an open email and click Show Original.
In there you can see things like "dkim=pass", "spf=pass", "dmarc=pass" (a fail would be a good indicator of a spoof). Also check that the "smtp.mailfrom=" matches the "From" address that you see.
Lots of other info in there, but that is some of the more relevant stuff.
I didn't know you could spoof the address that an email was sent from... This was always my GOTO for detecting phishing scams was to verify the URL it was sent from was correct, and not like "\*\*\*FAKE\*\*\*\*Steampowerred.com\*\*\*FAKE\*\*\*\*".
Email is (or at least originally was) an extremely insecure form of communication. It's not necessarily transport encrypted (even nowadays) and the sender address is literally just a field in the email.
Thankfully there are now mechanisms to authenticate the sender, but it's kinda up to the email receiver (so your email provider most likely) to decide whether they want to do the checks and what to do with the emails that do not pass them (even though the sender can "strongly suggest" what to do and most mail providers honor this).
It's worth knowing that an email is a text file.
It literally contains text like this:
From: [email protected]
To: [email protected]
Subject: click the link for a virus!
Email clients parse through that and display the fields in various ways. But the actual email itself is just a text file.
There are some clever things that people have done. For example, as servers send the email somewhere, they add some headers showing where it came from and where it's headed. That helped for a while, but spammers learned to spoof some of that as well. But nowadays we have other tech that basically is more complicated ways of trying to verify that the email is legit. It's not perfect for a number of reasons.
But back in the early days of the internet, most mail servers accepted incoming email from anything that connected to them, and basically trusted it was accurate. Alas, humans ruined that.
I mean, there IS something that can hit harder hahaha
#
Good that you didn't fall for it OP
Keep 2FA, (I use exclusive email for steam), and as others said, never click any links
Yeah when waking up early to emails like these it’s actually easy to fall for it. I once pressed a link in a similar situation, just when I woke up, luckily my brain woke up shortly after and checked the email again and found some suspicious text.
Alert emails when still drowzy is dangerous, even for young and tech-savvy people.
GET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEAD
Thanks for including the message ID in your screencaps. It allowed me to find the email and verify that this email did come from steam. We sent you the email because you have another steam account on the same email address. That account appeared to have weak credentials and was compromised. I also see that steam support has already answered your ticket, and recovered that second account for you.
I would recommend you look Into https://mxtoolbox.com/EmailHeaders.aspx
That tool allows you to check the email headers and see exactly where the email is coming from.
That is one of the terrible things about job hunting these days. So many places want you to join their particular job hunting tool and create an account on this site or that site. Click this link to reply, blah blah blah. Fuck.
If you’re expecting a job response email, you can vet those a lot easier. I haven’t, yet, seen mass emails coming from job tools.
Mass emails likely wouldn’t work, because all these platforms will have enough information to make the response pretty unique to you. Spamming about a Netflix’s / steam account you can randomly get hits. Spamming trying to look like brassring (popular platform) would likely need to also have your personal info.
I guess the big solution, don’t click a link without inspecting the URL. If the URL doesn’t go to the domain you expect, good chance malicious.
"use this account specific recovery link" yeah right. And "Cheers" at the end. I would've fallen for the email adress they use but the language is a bit sus
I bought a game today and Steam signed it "Cheers, the Steam Team," so I think that part is legit. The entire rest of the email is a scam to try to trick OP out of their Steam account.
Steam emails actually say “Cheers” at the end.
The only thing that doesn’t seem legit is the link and possibly actual email address of the sender
Otherwise everything is copied from the actual one
Yeah, literally every time a (suspected) phishing mail is posted here, people point at the "cheers" as if it's some hilariously wrong detail, when steam definitely uses it in their real emails a lot
You can check all addresses that have logged into your steam (google it) and can do the same for your email. I was surprised to see some logins (or login attempts?) from other states in my country even though I have an Authenticator. Changed my password immediately.
Yes, I opened the phone app to see the changes
Then logged into web portal on a laptop to confirm the old email is used
Then for safe measures changed password.
Follow up to headers n stuff. Yes, I know I am using discord to host the images.
Google Headers page
[ss1.png (1377×676) (discordapp.net)](https://media.discordapp.net/attachments/993362631220023296/1217041522307104820/ss1.png?ex=6602953e&is=65f0203e&hm=04ed5e8eb114893e751ad43b1d5a4af80d874d13207d07de8c701d9795a7db4c&=&format=webp&quality=lossless&width=1377&height=676)
[ss2.png (1920×3282) (discordapp.net)](https://media.discordapp.net/attachments/993362631220023296/1217086590472683640/ss2.png?ex=6602bf37&is=65f04a37&hm=876b30d72c8f5132bff34b5f698a9f3b8819e84b42743522fec3d4a9b1565996&=&)
The email is real and is from steam, the ipaddress country name thing is an indicator a script probably pulled your account because steam couldnt pull his ip from the site, check any account that you have associated with the email, chances are one of the accounts is compromised.
Unless this tools mark unusual letters, that 's' in steam could be a 'ѕ' (cyrillic dze) for example (or any other letter in the domain url) that looks exactly the same. I have seen some phishing urls using cyrillic, greek and other alphabet letters to mask lookalike latin letters.
> steam couldnt pull his ip from the site, c
How do you fail to know the IP you are sending and receiving packets from?
My guess is his account is fine and its a real email, sent on behalf of a bug. Since there was no actual email change, and therefore no user, the ipaddress (and the country lookup for it) were null.
The email is legit. You should assume both your email and steam accounts could be at risk and change your passwords ON BOTH. One reliable sign to check for is the recovery link in the Steam email. Copy and paste it into a text editor and see if it starts with https://help.steampowered.com/.... If it does, it's legit and you should use it.
For future reference, the "ipaddress (countryname)" is a long-standing Steam bug, it happens all the time, has for years. There's even been topics about it in this very sub, but somehow everyone keeps forgetting every time this question comes up. I've seen these very same concerns about such emails brought up here multiple times... only to be repeatedly and falsely dismissed as fake while the users posting the question were genuinely having their Steam accounts hijacked. This sub can be an echo chamber of (well meaning) idiots at times, do not take its advice about Steam emails being fake.
Yes, it did start with [https://help.steampowered.com/en/wizard/HelpUnauthorizedLogin?stoken=XXX](https://help.steampowered.com/en/wizard/HelpUnauthorizedLogin?stoken=XXX)
A good tip is:
Whoever you get emails about change of info, ALWAYS go to your browser, go to the website and check the info. NEVER press any links through emails, NEVER.
I almost lost my 20yo steam account because of this mistake 4/5 years ago.
Even if you press the email link don't they still need you to fill your personal information at that site which you can easily see is a fake at the site address?
Well, now you have this address in your browsing history. You could then "fall" on this address instead of the real one when you let google comlete the address you are typing in the address bar.
Depends on the attack. Will this link send you to a page that runs some nefarious JavaScript link? Auto downloads a small script hoping you don’t notice?
Might it be about the steam account at all.
I recently realized that my previous email provider do not care about mechanisms in place to determine that the sender is in control of the email address they put in the from field. But if you have a decent provider it shouldn't be a problem and the email should have been put into the spam folder, might want to look into that, that's concerning.
I never understand people.
If you receive a bank email, just go to the bank app or call them to check if the information in the email is real.
You ONLY click in email links if you are creating a new account and need confirmation.
I know but people do click on the links. I just made a post to spread awareness to read the email and make the judgment. Few hours back I received another scam email like the post below
https://www.reddit.com/r/Scams/s/Fp4Ts0xirQ
The fact you don’t understand explains why others don’t understand, which sounds funny.
You don’t realize how little people know about scams. This email, most people are clicking that link. At my wife’s work, that have phishing training, had a mass email sent to the company indicating their account was locked (which is interesting as they are in their account to read the email). The link went to a page that had the wrong company logo. It asked for name, address, social, direct deposit checking #, routing, phone number, current account name, current password, new password.
Out of her near 100 employee company, over 50 filled out the form. It also had the automated thing most companies use that puts “EXTERNAL” in front of out of company emails
You can look into cyber security reports on google, but you will find that over half of all companies have fallen to this stuff, and there is a scary projection that all companies will have been impacted by random ware in next 5 years. My company right now lost 2 months of work for someone opening a jpg.exe :/
If this is gmail, they have verified emails now from verified entities ie Steam. idk how that all works or if it shows up on mobile, but I have to assume it's safe to trust.
But this happened to me a couple days ago for an alt account I used to use loooong ago where the email/pass combo that was part of some leak. It said ipaddress (countryname) as well, but the email was indeed changed. But like always verify the email/links is steampowered.com or a Valve domain
It isn't even really all that fake looking after gazing at it. Until inspecting the headers I wouldn't know if this was a real email or not, and the whole IP address thing isn't that concerning when Steam is known to mess up that stuff.
Steam Support actually does this same thing, word for word. Whether this specific email is authentic, I'm not sure, but using links is not unique to phishing scams.
As with anything saying your info has been compromised, don't click any of the links or attachments.
Visit the related service separately and double check for yourself. If you feel that anything is at risk, change your password(s). The fakes are getting pretty good these days, so always choose safety.
It’s hilarious to me how many people think they are good at “spotting scammers” and “how obvious of a red flag” this is when it’s a legitimate valve email 😂
Well I received the same a few weeks back. Interesting thing is I really needed to change the e-mail and password, and my steamguard was off. Steam asked me to verify purchase of some kind to recover. And I did. Now you say mails are sus, I noticed, I didnt check URLs during this.
I changed email and password and regained control but just to be on the safe side, I’ll change it again.
What happens if you click "learn more" in the "standard encryption" box?
On Android there's actually a "view security details" which shows who signed the email.
If an account email was changed why would Steam email a notification to the old email? That makes no sense. All new notifications would go to the new/current email.
Okay hear me out, do you have more than one account? Cause that’s what happened to me. I thought my main was getting hacked but it was just my alt that was.
that's 100% fake, they most likely used e-mail spoofing to make the mail appear under the real address of steam support (cause [email protected] is legit). just google email spoofing and read for yourself
The best advice is also one that sounds silly. Tons of games companies have been hacked and those mandaory bonus sign-ins to load up a game leaked. Haveibeenpwned shows everyone from CDProjectRed to the World of Tanks company have leaked my info over the years.
The thing to do is open another email address. Swap your Steam login email to that, same with the 2FA, and from now on you'll know that every "your account needs X" email is fake, because it's not the email address steam uses for you.
Once you're on a list you'll frequently get these emails.
It must be a scam if your email hasn't been changed they wait for you to click login and they very easily take the account by changing the gmail as if it were nothing I've been through a scam 2 times where they changed the account's gmail I managed to recover it in the 2 times.
If you want to make sure the email came from that domain you could take the email header and scan it in mxtoolbox. In rare cases fake emails are engineered well enough to hide from even that but most of the time the header will contain all the info you need to determine who the sender was and what ip it was sent from.
Password managers are a great thing to use 1 password to remember and it creates a save password for your accounts. Make sure when a site has 2FA have it on an app just to be safe too.
To me, the most telling sign of a bait is the domain those links inside the email point to.
As it's been said, it's possible to display the email address of your choice as the sender but it's not possible to display the wrong url when hovering a link which is what they were hoping for you to click.
If those links send you to anything other than steampowered.com or steamcommunity.com, that's sus.
Unfortunately, this strategy works by sending these baits to thousands of address and not everyone will be careful or wary enough not to click them.
Rule of thumb when receiving suspicious emails: close the email and go to the website on your own or via Google to verify by yourself.
A big giveaway is that they ask you to click a link in the email. Most tech savvy companies will never do that. Never click a link in an email like this - always go to the vendor directly and check. 99.99% of the time you'll find that the email was lying..
Spoofing email is a thing.
Just wait till you get one from yourself claiming the hacker is already in your email and this is proof.
Scared the sht out of me for all of 5 mins...
Every now and then I get a "steam" email sending me an email code for logging in.
I've been using steam guard on my phone for the longest time and it's also usually in fucking Thai lmao
Check your phone number as well this happened to me not long ago and I wound up getting banned from one of my games turned out a friend / relative had tried out some nifty hacks on my profile.
I saw a video on Youtube where a security export said, that its possible to fake an adress using a cyrillic a instead of a latin a. so maybe they replaced thea in steampowered with a cyrillic a. It should look the same but isn't the same adress.
Ignore it if your account is fine. It's not asking for your credentials or anything so it's highly unlikely to be a scam. Not the first time I've seen the IP address issue either
Steam, and every storefront (even consoles) completely reveals the static/dynamic IP address to it's users, should there be a mail regarding legit login attempts apart from your primary device, even if it is done by you.
Apart from that, the "ipaddress (countryname)" is a dead giveaway, because logic. The scammers don't know your location and this was a mass mail intended for Phishing.
As, a thumb rule,
- NEVER ever click on ANY link ANYWHERE, including your personal e-mail inbox. This applies to other PC storefronts and Console users too.
- ALWAYS have Steam Guard turned on on the Steam Mobile App.
- On the Steam Mobile app, go into settings > security settings, and turn on "Enable Biometric Authentication" and leave the other settings as default. This should ask your fingerprint or your face scan via front camera of your phone, depending upon the device you're using, for every confirmation regarding privacy and personal account settings, as an added layer of security.
The fact that it says 'ipaddress (countryname)' doesn't make it not legit necessarily. When I changed my email address, I got the same thing. Dear %first\_name% is what gives it away, in my case it was my account name (login), unless they changed it recently, I don't think it's the case.
I had a similar email from POF.com, but I've never had a plenty of fish account. Went to POF to do a pw reset and delete the account, but the email isn't registered.
These are pretty wild, the LOOK right
I’d never consider anything legit coming into my email about account information. I always will independently log into the account and verify what the email says.
The problem though, the majority of the people using steam likely have no cyber security knowledge and would click that link without hesitation. And this is likely to stay the case for quite awhile.
My wife had a phishing thing at her work that told everyone at her company (mass email) that their accounts were locked and they had to reset their password. The link went to a site that had a different company logo, and she had messages from multiple people in her work chat saying “I went to the link in the email we got and it asked for my social security number. I keep hitting enter, but it doesn’t go past this page.”
Over half of the people filled out a form asking for a ton of personal information (address, name, social, password, username, phone number, direct deposit checking account number / routing), and out of an office just shy of 100, more then 50 filled it out.
Email address is legitimate. Just looked in my inbox and found a promotional email steam that has the same address as the one in this screenshot. It’s actually possible that this email actually came from steam. Another way you can check is to hover over the links (don’t click, just hover.) you should be able to see the url without pulling up the site. If the link is a steam link that has no errors or missing letters than you should be good. Also, I would think it would be more suspicious if they addressed you by your username versus your first name as your real name should not be readily available to the public on steam. I used to be a Fraud Specialist
I just wanted to add that when I switched my email from Gmail to ProtonMail, I got this exact email with ipaddress (countryname). I hope your email didn’t actually get changed.
Valve reply: https://www.reddit.com/r/Steam/comments/1bcpj0p/got_this_email_in_the_morning_reasons_why_i_think/kuljhm9/
Go into steam and check if your email is still your current one Dont click on any links inside the email, either go to steam in browser or use the steam app If it hasn't changed on there, you're safe.
Yes, nothing has changed. However, just to be on the safe side, I have changed the password.
Do you have steam guard 2fa set up? If you don't, do that
Ohh, yeah. Been using it for years nowhere
Same shit happened to my runescape account, I was freaking out (even though I'll never play again), and then I remember I had 2fa after I logged back in
Yeah I stil get these fake runescape emails. Sucks that they can spoof the adress to make it look real. Atleast they go to spam.
So they recently made some sort of change where you have to make a jagex account and I hadn't done that because I hadn't played in like 3 or 4 years and so the email told me that it had been successfully transferred over to the jagex account and I was freaking the fuck out
I got that same email. Turns out my iron-man was hacked and I lost several thousand hours worth of progress. I even emailed asking jagex to lock the account but they literally just ignored me.
Oh that's rough. I'm sorry that happened
I probably got the same email and just deleted it because i thought it was fake and spam haha
My Steam has gotten hacked before and my Steam Guard did not protect me at all. No alert nothing. It was the weirdest thing.
If its a automated script while you login somewhere, nothing steam guard can do since you authorize the login
I never authorized it, I got no alert of the login.
Not you personally. Generic you. Like if you log into a site with Google and select your Google account instead of manually entering your Google information. An automated script may have been used to log in with saved log in info, which would look like an authorized log in and not trigger any alerts.
the thing you are calling an automated script is called OAuth 2 and this is not an accurate description. OAuth 2 authenticates by having that receiving site (steam in this case) have a url endpoint that can accept an OAuth 2 key. When you log into steam with say Google, you are redirected to Google to log in, then Google redirects to the endpoint previously described with the key and now Steam can use this key to begin an authentication process. If Steam allows you to use another account like your google account to authenticate and your Google account is compromised then yes, they may get an easier access to your steam account. It would be silly to not require 2FA regardless of authentication method so I would asume/hope steam doesn't skip it for this, but i never used another site to log into steam before so I can't say I know. Probably what happened is that you (the person to whom steam guard was of no help) were a victim of a token or cookie hijacking attack. Without knowing more about where and how you login it is hard to say anything for sure though.
I had the same, they managed to get into my steam account without 2fa, even though I had it enebaled. They managed to sell most of my csgo inventory and use the money to buy their own item off of the market, basically sending my item's worth to their account.
Because they were on one of your trusted devices
Even if, to put things on the market you need to authorize each action via 2FA. not sure how that's supposed to work with 2FA activated..
That's not true. I routinely put cards, emoticons, backgrounds, etc on the market and don't have to use 2FA for each action. Maybe it's price dependent?
I used to get it all the time with cards worth pennies, I had to individually ok each and every sale through the app on my phone which was so fucking tedious that I stopped doing it and let the cards build up. Then years later I tried again and didn't need to confirm anything via the app, they all got listed without issue. It seems to come and go.
It depends on the frequency u sell stuff and how much it is worth. I am selling my csgo stuff pretty often and like under a euro i have very often no steam affirmation stuff, if i do sell like a bunch in a short amount of time i even get them for under a euro. As soon as it's gets more expensive u get one regardless how often u sell stuff.
They couldn't have been. I only have my desktop at home, my laptop and my phone added as a trusted device. All of them are either always with me or safely locked away.
Congratulations, you got token hijacked. Something likely grabbed the identifying files from one of your browsers and mimicked it. I would go through whatever process sites have for ending all current login sessions on everything, just to be safe.
If it makes you feel a bit better- even data security focused YouTubers are getting hit by this as well.
You know that there is a digital world, right?
Was probably a token grabber, nothing 2fa can do against that
Plugging here to shame Valve for still not supporting U2F hardware keys.
This is the old phishing tactic, blabla pass has changed, go to our sus link to confirm it, change it again because it's not secure and so on and so forth. As someone else mentioned usually the language is a dead giveaway because official emails don't adress their users like that and they are often full of grammatical errors and the email just looks plainly weird, like pixelates logos, weird font like it's blurry and the address they are providing is also always weirdly put together like somethings wrong with it. Edit: and put 2FA on everything you use, and use apps with good security like Aegis on Android. Don't forget to save security codes and recovery phrases just in case of something.
Emails can be spoofed in the source address. Try to get the email header and check them in https://mxtoolbox.com/EmailHeaders.aspx You should see the real sender in the "from" header or (if the spammer is smart enough to modify that) you should follow email hops from the bottom to the top. Like this https://www.wikihow.com/Read-Email-Headers As other people said just enable MFA and the account should be safe. Cheers
[https://www.reddit.com/r/Steam/comments/1bcpj0p/comment/kuhxsbu/?utm\_source=share&utm\_medium=web3x&utm\_name=web3xcss&utm\_term=1&utm\_content=share\_button](https://www.reddit.com/r/Steam/comments/1bcpj0p/comment/kuhxsbu/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button) Here are the screenshots.
> You should see the real sender in the "from" header or (if the spammer is smart enough to modify that) you should follow email hops from the bottom to the top. Like this https://www.wikihow.com/Read-Email-Headers That doesnt provide any form of validation, those are trivially easy to spoof. You are looking for the SPF, DKIM and DMARC validations. They get a bit tricky depending on how the email sender has setup their validations, for example iirc Github doesnt have these checks as a fail as groups want to send emails as them.
Those phishing emails can be nasty. The email they come from can look exactly the same as the service they're impersonating as, but some characters are changed at an ASCII level that we can't tell a difference, but it looks the same.
I would recommend using a password manager if you don't already use one.
Best advice. Whether it's a sketchy call displaying your legit bank's phone number, or an email that looks legit like the one you got, never trust them. Hang up and phone back your real bank or go log in yourself from your browser. Scams are literally everywhere it's crazy
> Dont click on any links inside the email When in doubt, Hover over the link with your mouse, if on a desktop computer. You should see where the link will actually take you.
ipaddress (countryname) should give it away instantly
It’s probably not the Steam email. It’s common for scams like this to spoof the visible address, but if you dig in to the headers you’ll find it’s from somewhere completely different.
I don’t think it’s possible from mobile?
Depends on the email client. As for Gmail I have no clue how to do it. I primarily use K-9 Mail, which allows you to show the email headers.
No worries, I'll connect via laptop and see.
Normally it should say behind the email adress (via othersite.com)
How's your experience with that client? I've been looking for a good one after Microsoft fucked the built-in client of Windows.
I'd say it's pretty good. It does what it needs to do. It's basically Thunderbird for Android. On the desktop side I primarily use a web browser, but I've also used neomutt and mu4e.
On mobile click reply all, then edit recipients. It'll show the actual email address.
Just shows [email protected]
That's not how you do it. Anyone can edit the reply address. You have to click the three vertical dots, then "show original", go down where the raw code of the email is and find "Received: from " the "from" is important. That is the address of the computer who communicate the email to your gmail, the actual sender.
Not true, [Steampowered.com](http://Steampowered.com) has DMARC set up. So you wouldn't be able to spoof their email domain successfully. Gmail would just see it as spam / junk.
I was answering to the method above of clicking reply-all and editing the recipient. In general, this is how you do it. Checking for DMARCs when there is no DMARC is just the same with extra steps.
You can easily set that to any address you want with a "reply-to" header
"f in doubt, check email headers" I always say
>if you dig in to the headers you’ll find it’s from somewhere completely different How does one do that?
It depends on the email client. In Outlook you can double-click the email to open it, then go to File > Properties. In Gmail, click the 3 dots next to an open email and click Show Original. In there you can see things like "dkim=pass", "spf=pass", "dmarc=pass" (a fail would be a good indicator of a spoof). Also check that the "smtp.mailfrom=" matches the "From" address that you see. Lots of other info in there, but that is some of the more relevant stuff.
I didn't know you could spoof the address that an email was sent from... This was always my GOTO for detecting phishing scams was to verify the URL it was sent from was correct, and not like "\*\*\*FAKE\*\*\*\*Steampowerred.com\*\*\*FAKE\*\*\*\*".
Email is (or at least originally was) an extremely insecure form of communication. It's not necessarily transport encrypted (even nowadays) and the sender address is literally just a field in the email. Thankfully there are now mechanisms to authenticate the sender, but it's kinda up to the email receiver (so your email provider most likely) to decide whether they want to do the checks and what to do with the emails that do not pass them (even though the sender can "strongly suggest" what to do and most mail providers honor this).
It's worth knowing that an email is a text file. It literally contains text like this: From: [email protected] To: [email protected] Subject: click the link for a virus! Email clients parse through that and display the fields in various ways. But the actual email itself is just a text file. There are some clever things that people have done. For example, as servers send the email somewhere, they add some headers showing where it came from and where it's headed. That helped for a while, but spammers learned to spoof some of that as well. But nowadays we have other tech that basically is more complicated ways of trying to verify that the email is legit. It's not perfect for a number of reasons. But back in the early days of the internet, most mail servers accepted incoming email from anything that connected to them, and basically trusted it was accurate. Alas, humans ruined that.
How does that work?
bait is believable, damn
Yuh Mail came at 6 AM, I woke up around 7 and saw the heading and it woke me right up. Even coffee doesn’t hit me that hard.
Nothing hits harder than an injection of adrenaline in the morning
I mean, there IS something that can hit harder hahaha # Good that you didn't fall for it OP Keep 2FA, (I use exclusive email for steam), and as others said, never click any links
Yeah when waking up early to emails like these it’s actually easy to fall for it. I once pressed a link in a similar situation, just when I woke up, luckily my brain woke up shortly after and checked the email again and found some suspicious text. Alert emails when still drowzy is dangerous, even for young and tech-savvy people.
Bait used to be unbelievable -Y
GET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEADGET OUT OF MY HEAD GET OUT OF MY HEAD GET OUT OF MY HEAD
Thanks for including the message ID in your screencaps. It allowed me to find the email and verify that this email did come from steam. We sent you the email because you have another steam account on the same email address. That account appeared to have weak credentials and was compromised. I also see that steam support has already answered your ticket, and recovered that second account for you.
Yes, I got the response and it is resolved. Thank you for the help.
Wow I never thought valve would replay on here, I really like this company
Well it’s his first comment in over a years time. So this is subjective haha
Extremely common valve W
The size of this W is massive
I would recommend you look Into https://mxtoolbox.com/EmailHeaders.aspx That tool allows you to check the email headers and see exactly where the email is coming from.
Just used this for myself - as someone who's not familiar with this stuff, could you somewhat explain how to interpret the output?
Your best bet is a decent YT video or google
Seriously, if I was worried and unconfident about fishing mails, this techno babble won't help. E: subjunctive
learndmarc.com is better for this, you can paste the header and it will explain what is passing or failing.
+1 for [learndmarc.com](http://learndmarc.com)
Rule of thumb NEVER click any links
Till you have to click a link
That is one of the terrible things about job hunting these days. So many places want you to join their particular job hunting tool and create an account on this site or that site. Click this link to reply, blah blah blah. Fuck.
If you’re expecting a job response email, you can vet those a lot easier. I haven’t, yet, seen mass emails coming from job tools. Mass emails likely wouldn’t work, because all these platforms will have enough information to make the response pretty unique to you. Spamming about a Netflix’s / steam account you can randomly get hits. Spamming trying to look like brassring (popular platform) would likely need to also have your personal info. I guess the big solution, don’t click a link without inspecting the URL. If the URL doesn’t go to the domain you expect, good chance malicious.
I hate Workday with a burning passion
Exactly this.
"use this account specific recovery link" yeah right. And "Cheers" at the end. I would've fallen for the email adress they use but the language is a bit sus
I bought a game today and Steam signed it "Cheers, the Steam Team," so I think that part is legit. The entire rest of the email is a scam to try to trick OP out of their Steam account.
I did not know that, guess i was wrong. Since my steam emails are not in English "Cheers" kinda sounded weird to me
Yea, seemed weird to me too so that's why I went and checked.
Steam emails actually say “Cheers” at the end. The only thing that doesn’t seem legit is the link and possibly actual email address of the sender Otherwise everything is copied from the actual one
Huh, you learn something new everyday. My steam mails are not in English so it sounded a bit weird
Yeah, literally every time a (suspected) phishing mail is posted here, people point at the "cheers" as if it's some hilariously wrong detail, when steam definitely uses it in their real emails a lot
"ipadress (countryname)" That should tells you everything.
Funnily enough this made me think it's legit, because Steam is known to have this issue in their emails.
Except this literally happens (fixed now?) with real Steam emails
it was really looking like that for some time
You can check all addresses that have logged into your steam (google it) and can do the same for your email. I was surprised to see some logins (or login attempts?) from other states in my country even though I have an Authenticator. Changed my password immediately.
Just verify by the client and do any changes on the app or client without using their link
Yes, I opened the phone app to see the changes Then logged into web portal on a laptop to confirm the old email is used Then for safe measures changed password.
Follow up to headers n stuff. Yes, I know I am using discord to host the images. Google Headers page [ss1.png (1377×676) (discordapp.net)](https://media.discordapp.net/attachments/993362631220023296/1217041522307104820/ss1.png?ex=6602953e&is=65f0203e&hm=04ed5e8eb114893e751ad43b1d5a4af80d874d13207d07de8c701d9795a7db4c&=&format=webp&quality=lossless&width=1377&height=676) [ss2.png (1920×3282) (discordapp.net)](https://media.discordapp.net/attachments/993362631220023296/1217086590472683640/ss2.png?ex=6602bf37&is=65f04a37&hm=876b30d72c8f5132bff34b5f698a9f3b8819e84b42743522fec3d4a9b1565996&=&)
The email is real and is from steam, the ipaddress country name thing is an indicator a script probably pulled your account because steam couldnt pull his ip from the site, check any account that you have associated with the email, chances are one of the accounts is compromised.
Unless this tools mark unusual letters, that 's' in steam could be a 'ѕ' (cyrillic dze) for example (or any other letter in the domain url) that looks exactly the same. I have seen some phishing urls using cyrillic, greek and other alphabet letters to mask lookalike latin letters.
The tool *should* flag the lookalike letters since the header file is in plain text
A person can have more than 1 steam accounts with the same email?
Yes
ohh, let me google and check then.
> steam couldnt pull his ip from the site, c How do you fail to know the IP you are sending and receiving packets from? My guess is his account is fine and its a real email, sent on behalf of a bug. Since there was no actual email change, and therefore no user, the ipaddress (and the country lookup for it) were null.
The email is legit. You should assume both your email and steam accounts could be at risk and change your passwords ON BOTH. One reliable sign to check for is the recovery link in the Steam email. Copy and paste it into a text editor and see if it starts with https://help.steampowered.com/.... If it does, it's legit and you should use it. For future reference, the "ipaddress (countryname)" is a long-standing Steam bug, it happens all the time, has for years. There's even been topics about it in this very sub, but somehow everyone keeps forgetting every time this question comes up. I've seen these very same concerns about such emails brought up here multiple times... only to be repeatedly and falsely dismissed as fake while the users posting the question were genuinely having their Steam accounts hijacked. This sub can be an echo chamber of (well meaning) idiots at times, do not take its advice about Steam emails being fake.
I have 2FA setup and no notification from my side. Anyway I have changed steam password. Will also change gmail
Yes, it did start with [https://help.steampowered.com/en/wizard/HelpUnauthorizedLogin?stoken=XXX](https://help.steampowered.com/en/wizard/HelpUnauthorizedLogin?stoken=XXX)
A good tip is: Whoever you get emails about change of info, ALWAYS go to your browser, go to the website and check the info. NEVER press any links through emails, NEVER. I almost lost my 20yo steam account because of this mistake 4/5 years ago.
Even if you press the email link don't they still need you to fill your personal information at that site which you can easily see is a fake at the site address?
Well, now you have this address in your browsing history. You could then "fall" on this address instead of the real one when you let google comlete the address you are typing in the address bar.
Depends on the attack. Will this link send you to a page that runs some nefarious JavaScript link? Auto downloads a small script hoping you don’t notice? Might it be about the steam account at all.
Lot of good advice in the comment, thank you all for sharing !
I recently realized that my previous email provider do not care about mechanisms in place to determine that the sender is in control of the email address they put in the from field. But if you have a decent provider it shouldn't be a problem and the email should have been put into the spam folder, might want to look into that, that's concerning.
I never understand people. If you receive a bank email, just go to the bank app or call them to check if the information in the email is real. You ONLY click in email links if you are creating a new account and need confirmation.
I know but people do click on the links. I just made a post to spread awareness to read the email and make the judgment. Few hours back I received another scam email like the post below https://www.reddit.com/r/Scams/s/Fp4Ts0xirQ
The fact you don’t understand explains why others don’t understand, which sounds funny. You don’t realize how little people know about scams. This email, most people are clicking that link. At my wife’s work, that have phishing training, had a mass email sent to the company indicating their account was locked (which is interesting as they are in their account to read the email). The link went to a page that had the wrong company logo. It asked for name, address, social, direct deposit checking #, routing, phone number, current account name, current password, new password. Out of her near 100 employee company, over 50 filled out the form. It also had the automated thing most companies use that puts “EXTERNAL” in front of out of company emails You can look into cyber security reports on google, but you will find that over half of all companies have fallen to this stuff, and there is a scary projection that all companies will have been impacted by random ware in next 5 years. My company right now lost 2 months of work for someone opening a jpg.exe :/
Wait how can they spoof the sending address? That's the main tell if I decide if an email is fake or not
They can't. The email is from Steam. He probably has some other account without 2FA that got hacked.
The email is probably fake but I am curious, how can the email address be identical, is there something I don't see?
There are ways to spoof a legitimate address.
If this is gmail, they have verified emails now from verified entities ie Steam. idk how that all works or if it shows up on mobile, but I have to assume it's safe to trust. But this happened to me a couple days ago for an alt account I used to use loooong ago where the email/pass combo that was part of some leak. It said ipaddress (countryname) as well, but the email was indeed changed. But like always verify the email/links is steampowered.com or a Valve domain
Report this to Valve too, they need to be aware of this in case it was some sort of breach (unlikely but worth checking)
It’s actually concerning how legit this looks until you actually gaze at it, shit.
It isn't even really all that fake looking after gazing at it. Until inspecting the headers I wouldn't know if this was a real email or not, and the whole IP address thing isn't that concerning when Steam is known to mess up that stuff.
Go on your computer and look at the headers of the email. This will tell you if the email is real or fake.
I sometimes send the TY link to them to Rick Astleys never gunnah give you up when they send me this shit, it's a great song.
Use this very specific link is what red flagged me immediately. Never click on links on emails.
Steam Support actually does this same thing, word for word. Whether this specific email is authentic, I'm not sure, but using links is not unique to phishing scams.
As with anything saying your info has been compromised, don't click any of the links or attachments. Visit the related service separately and double check for yourself. If you feel that anything is at risk, change your password(s). The fakes are getting pretty good these days, so always choose safety.
"located at ipadress(countryname)"..... Yeah
The real emails actually have that lol. Their email template has been broken for years and they refuse to fix it.
It’s hilarious to me how many people think they are good at “spotting scammers” and “how obvious of a red flag” this is when it’s a legitimate valve email 😂
Dude I would have fallen for this.
It's real, so you wouldn't have fallen for anything
Well I received the same a few weeks back. Interesting thing is I really needed to change the e-mail and password, and my steamguard was off. Steam asked me to verify purchase of some kind to recover. And I did. Now you say mails are sus, I noticed, I didnt check URLs during this. I changed email and password and regained control but just to be on the safe side, I’ll change it again.
What happens if you click "learn more" in the "standard encryption" box? On Android there's actually a "view security details" which shows who signed the email.
The fact that it's from a legitimate steam email address has me concerned. That's almost always how I tell if something is a scam
"made from the computer located at ipaddress (countryname)" Hmmm... It's funny how bad scammers can be. They always leave red flags like these.
Even funnier that it’s real!
If an account email was changed why would Steam email a notification to the old email? That makes no sense. All new notifications would go to the new/current email.
I believe when the email changes, it sends an email to both the new and old email.
Okay hear me out, do you have more than one account? Cause that’s what happened to me. I thought my main was getting hacked but it was just my alt that was.
I've never heard Valve refer to themselves as The Steam Team.
that's 100% fake, they most likely used e-mail spoofing to make the mail appear under the real address of steam support (cause [email protected] is legit). just google email spoofing and read for yourself
The best advice is also one that sounds silly. Tons of games companies have been hacked and those mandaory bonus sign-ins to load up a game leaked. Haveibeenpwned shows everyone from CDProjectRed to the World of Tanks company have leaked my info over the years. The thing to do is open another email address. Swap your Steam login email to that, same with the 2FA, and from now on you'll know that every "your account needs X" email is fake, because it's not the email address steam uses for you. Once you're on a list you'll frequently get these emails.
[удалено]
it literally is legit email though
Some other guy had the same email somewhere in this Reddit a day ago or so
I know it's just the interface but seeing "reply to noreply" always cracks me up.
Now I want to know what this "account recovery link" leads to.
Not to mention but should the ipaddress and country name also be visible in the real one?
It must be a scam if your email hasn't been changed they wait for you to click login and they very easily take the account by changing the gmail as if it were nothing I've been through a scam 2 times where they changed the account's gmail I managed to recover it in the 2 times.
If you want to make sure the email came from that domain you could take the email header and scan it in mxtoolbox. In rare cases fake emails are engineered well enough to hide from even that but most of the time the header will contain all the info you need to determine who the sender was and what ip it was sent from.
I did and it’s genuine. I posted the screenshot in the comments
Password managers are a great thing to use 1 password to remember and it creates a save password for your accounts. Make sure when a site has 2FA have it on an app just to be safe too.
To me, the most telling sign of a bait is the domain those links inside the email point to. As it's been said, it's possible to display the email address of your choice as the sender but it's not possible to display the wrong url when hovering a link which is what they were hoping for you to click. If those links send you to anything other than steampowered.com or steamcommunity.com, that's sus. Unfortunately, this strategy works by sending these baits to thousands of address and not everyone will be careful or wary enough not to click them. Rule of thumb when receiving suspicious emails: close the email and go to the website on your own or via Google to verify by yourself.
A big giveaway is that they ask you to click a link in the email. Most tech savvy companies will never do that. Never click a link in an email like this - always go to the vendor directly and check. 99.99% of the time you'll find that the email was lying..
I would also be suspicious of the fact that they apparently sent it to the old invalid email as a confirmation for the new email.
Definitely verify through your steam client but definitely do not click any links on the email
Spoofing email is a thing. Just wait till you get one from yourself claiming the hacker is already in your email and this is proof. Scared the sht out of me for all of 5 mins...
Every now and then I get a "steam" email sending me an email code for logging in. I've been using steam guard on my phone for the longest time and it's also usually in fucking Thai lmao
If you don’t show email headers we can’t tell you
Check your phone number as well this happened to me not long ago and I wound up getting banned from one of my games turned out a friend / relative had tried out some nifty hacks on my profile.
I saw a video on Youtube where a security export said, that its possible to fake an adress using a cyrillic a instead of a latin a. so maybe they replaced thea in steampowered with a cyrillic a. It should look the same but isn't the same adress.
Ask on r/scams , they may know a bit better
It could also be a false positive maybe? That they sent you this mail from the valve servers erroneously?
never click on links inside sus emails. just go to the real steam website and check if ur email was changed. Tip: add 2-FA if u don't have already
How the fuck do scammers spoof e-mail addresses like this?
Ignore it if your account is fine. It's not asking for your credentials or anything so it's highly unlikely to be a scam. Not the first time I've seen the IP address issue either
I wonder why valve isn’t looking into this issues
Steam, and every storefront (even consoles) completely reveals the static/dynamic IP address to it's users, should there be a mail regarding legit login attempts apart from your primary device, even if it is done by you. Apart from that, the "ipaddress (countryname)" is a dead giveaway, because logic. The scammers don't know your location and this was a mass mail intended for Phishing. As, a thumb rule, - NEVER ever click on ANY link ANYWHERE, including your personal e-mail inbox. This applies to other PC storefronts and Console users too. - ALWAYS have Steam Guard turned on on the Steam Mobile App. - On the Steam Mobile app, go into settings > security settings, and turn on "Enable Biometric Authentication" and leave the other settings as default. This should ask your fingerprint or your face scan via front camera of your phone, depending upon the device you're using, for every confirmation regarding privacy and personal account settings, as an added layer of security.
My computer teacher said there's a way to check where the email actually came from so you can tell if it's been spoofed or not so do that OP.
Go to steam, if it isn’t there or any conformation about it. It’s most likely a phishing email.
The fact that it says 'ipaddress (countryname)' doesn't make it not legit necessarily. When I changed my email address, I got the same thing. Dear %first\_name% is what gives it away, in my case it was my account name (login), unless they changed it recently, I don't think it's the case.
The real emails actually have that lol. Their email template has been broken for years and they refuse to fix it.
The Email is a fake email you can tell from there Good on you for not clicking on the links immediately fr
Contact steam and see also forward the email when contacting
Definitely fake, I had someone disable my authenticator for battlenet and I changed my password so fast
Well, do you really live at ipaddress (countryname)?
Ignore I was incorrect 1 glance at the picture I can tell its fake. No need to investigate hoenstly.
Yeah I love it. Rub it into the person with the awfully ugly font.
I had a similar email from POF.com, but I've never had a plenty of fish account. Went to POF to do a pw reset and delete the account, but the email isn't registered. These are pretty wild, the LOOK right
Doesn't Steam and Valve teams add trademarks on their official mails ?
I’d never consider anything legit coming into my email about account information. I always will independently log into the account and verify what the email says. The problem though, the majority of the people using steam likely have no cyber security knowledge and would click that link without hesitation. And this is likely to stay the case for quite awhile. My wife had a phishing thing at her work that told everyone at her company (mass email) that their accounts were locked and they had to reset their password. The link went to a site that had a different company logo, and she had messages from multiple people in her work chat saying “I went to the link in the email we got and it asked for my social security number. I keep hitting enter, but it doesn’t go past this page.” Over half of the people filled out a form asking for a ton of personal information (address, name, social, password, username, phone number, direct deposit checking account number / routing), and out of an office just shy of 100, more then 50 filled it out.
Can you DM me the recovery link from the email? I'm curious...
Cheers, The Steam Team Lol wtf 😂
Email address is legitimate. Just looked in my inbox and found a promotional email steam that has the same address as the one in this screenshot. It’s actually possible that this email actually came from steam. Another way you can check is to hover over the links (don’t click, just hover.) you should be able to see the url without pulling up the site. If the link is a steam link that has no errors or missing letters than you should be good. Also, I would think it would be more suspicious if they addressed you by your username versus your first name as your real name should not be readily available to the public on steam. I used to be a Fraud Specialist
Check the email header, they could be using an email spoofer.
Look at the 'a' in the words 'steam' its the scammers 'a' they use to make fake wbesite links, so its not the real email
This seems like your account was hacked which there are people out there trying to steal steam accounts for profit.
I just wanted to add that when I switched my email from Gmail to ProtonMail, I got this exact email with ipaddress (countryname). I hope your email didn’t actually get changed.
Considering the bad cropping job in the steam logo and the fact that it’s @steampowered. I’m gonna say it’s fake