Unusual transactions detected.
Unusual transactions detected.
I rely on Nordpass for security. No passwords are stored in the browser. Many passwords are quite long—some reach 50 characters. For most sites, I use the Authenticator app. I never log in to anything I don’t own. Background A while ago, my Discord and Steam accounts were compromised. Discord kept sending spam links, and my Steam account was selling items I possessed. I ran a scan with Malwarebytes and found nothing. I resolved the issues and chose to reset all my devices. What confuses me is that an account using an authenticator app never received a verification message saying “is this you.” Plus, I didn’t see anything on my PC. Now Google has flagged suspicious activity on my account. It showed up after I logged out of my device, which turned out to be the PC I’m currently using since I’d logged out from there. I also need to authenticate with longer passwords on new devices, especially when using a new drive recently. Any explanation for what’s happening?
Currently, the main goal is to steal authentication tokens. This means attackers pretend to be your computer to bypass strong multi-factor authentication systems. If this is your second encounter, it’s likely you’re running software with risky code. Since the targets are Discord and Steam, it probably relates to your Steam account or inventory data.
Review your bookmarks for those links. If you have a weak or incorrect saved link (or an email with a URL), you're sharing your details each time you access it. Sometimes the characters in the omnibox look normal but actually change how the site appears, distinguishing real from fake pages. This might not be your problem, just something I wanted to mention.
Thanks for the feedback. You mainly use games available on Steam, don’t often purchase extra items. The only things you own are those provided by the games themselves. So far, your hacks have used Steam EA app, Discord, and a Google account. Regarding "bad bookmarks," it seems you’re referring to problematic or unreliable bookmark settings.
Consider trying another approach since the usual methods aren't working. Check out the first chart on the site: https://gist.github.com/StevenACoffman/a...dc2693ed4b. The special "a" in the look-alike section resembles the regular "a" but behaves differently. If a URL appears to be a variation like "abc.com", it redirects to another site. Malicious actors often exploit this by duplicating the fake domain, allowing them to steal login details when you visit. This isn't a widespread issue, but it's something worth mentioning. I'm just highlighting a potential risk when linking from suspicious emails or saved bookmarks.