I got an email supposed to be from Steam that said there was an attempt to access my account from an unauthorized location. It gave a url located in China and said the one attempting to log in used my correct username and password. It then gave a security code it said would have to be used by anyone, including me, in order to access my account. The email looked completely legitimate and had all the right graphics and structure. I tried to log in to my account and found that no "security code" was needed. I logged in and accessed the account with no problem. Do you think the email was a phishing attempt? it gave a link to click on to "fix" the problem and highlighting the link did show a Steampowered url but with a lot of numbers and such after it.
For reference here's a screenshot from genuine mail from Steam (image edited to remove account name, security code and the last part of the link URL): doesn't ask you to click on the link to "fix" anything but use it if you can't login to your account even with the security code. Plus yeah the fact you could login without the code means there wasn't an unauthorized login attempt in reality made to your account, therefore phishing...
It never hurts to change your password after something like that And cheers Gromuhl'Djun, you're up late
It only asks for the code on unauthorized or new devices so it would only be required for the person trying to log in from China or wherever. As soon as he logged in from his normal PC it wouldn't ask. edit: unless you have the settings set to require at each log on But yeah sounds suspicious either way. But it wouldn't hurt to change your password just in case. And possibly change your email password too.
Iv'e had a few of those e-mails usually says trying to log in from Brazil. Never took any notice of them to be honest.
Oh yeah forgot authorized devices don't need the code, necessarily. Agreed that changing password is a good idea anyway.
Check the email headers from the properties of the email, see if it really came from steam Best practise though, never click a link in an email like that, if you need to enter the code it gives, it will ask you when you try to log in from store.steampowered.com manually
It looked just like that and as that one also says "No one will be able to access this account without accessing this email". To me that says that nobody, including me, would be able to access the account without the code given in the email. What would be the point of giving a code if you are able to log in without it?
Well it assumes that you are not on your normal PC that you connect to Steam with so yes, nobody will be able to log in without the code. Unless they are on your regular PC but then why would they need this feature anyway? I just tested it with my phone from a web browser. It asked for the code to log in on the phone, then logged in on my PC fine.
As said above. If the mail was exactly like that, including the link url then it was possibly genuine and someone had attempted to access your account. So Steam Guard worked as it should have. Change your Steam password quickly though if you haven't yet.