Read your steam game invites very carefully!

[Drac]

Tonight I received a game invite to L4D 2 from someone not on my friends list. I accepted his chat request thinking it was probably someone I had played with recently just to tell him it was too late and I was about to crash.

He then sent another invite and that's when I did a double take.

It said he was currently playing Left 4 Dead 2 but it was a non-steam game. This seemed odd because the thought of someone using a hacked version of L4D2 just isn't cool, it's an awesome game and valve deserver money for it. Then it struck me, how can he possibly send steam invites with an obviously non-legit copy of the game that's not intergrated into steam?

So I looked at his invite closer. It was also worded slightly differently from the normal Valve game invite text that gets generated when you send an invite so I clicked it knowing that if it was a link to any website outside of the steam domain I'd get a warning and sure enough it was. I clicked no and then blocked all communication from them. This is disturbing because you're not meant to be able to inject hidden URLs into steam chat, just raw URLs so you can see what you're clicking on before you click it. A major flaw I hope Valve correct soon.

Anyway, make sure you read game invites carefully. Double check the person is playing a proper version of the game and don't accept invites from people you don't trust. If you EVER click an invite and it gives you a prompt asking you to continue to a website always click no.

It's also quite annoying that you can't see "friends in common" for people who set their steam profile to private. I know some like their privacy, but as an extra precaution it's probably best not even to accept chat requests from people you don't know who have private profiles. You can view their profile before accepting a chat request using the little arrow drop-down menu thingy.

I kinda wish valve would colour invite and "Drac is now playing Left 4 Dead 2. Click here to join" text differently from the standard chat colours, or move that functionality to a UI yes/no button and out chat links for invites and joining other playes altogether as it's just another way for account hijackers to trick people.

The person trying to pull this swifty on me was this charaming example of humanity: Steam Community :: ID :: D'Artagnan [u] - it's safe to view his steam profile page.

[King_Rocket]

That's why I never accept invites that don't have some sort of personal message attached, all the auto generated spam ones I just ignore.

[Xavien]

I couldnt agree with you both more, lets face it steam accounts are worth a fortune if you have alot of games attached to them, steam is a great idea but it doesnt come without its risks and the more games that are steam only the more people are going to try and hack them. Its bad enough with the constant WOW spam but lets face it a steam account is worth a dozen wow accounts its only a matter of time before the steam spam starts......

[Drac]

It they integrated invites into the steam UI instead of using chat text links this wouldn't be an issue.

Hopefully we'll see this happen in a future Steam Client update.

[Snowbull]

Thanks for the heads up Drac..

[Thermal Ions]

Quote:

Originally Posted by Drac

This is disturbing because you're not meant to be able to inject hidden URLs into steam chat, just raw URLs so you can see what you're clicking on before you click it. A major flaw I hope Valve correct soon.

Thanks for the heads up Drac.

Did you report the incident to Steam Support at all?

[Ned]

Thanks for the info Drac.

[PhatFreD]

Yeah, just copy the opening post into a Steam support ticket.

[Drac]

We can unstick this, steam has changed the way invites work so this should no longer be an issue.

[Ned]

Thanks Drac, done.