Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook

a used attempt new type steam phishing

mrtroutSteam Used in a New Type of Phishing Attempt
#1        Steam Used in a New Type of Phishing Attempt
120 million Steam active players are vulnerable to Phishing
May 26, 2021 12:53 GMT  ·  By George Dascalu  ·        A new type of phishing attempt using the popular gaming platform Steam has been uncovered by users in a Reddit post. 

It started like any other traditional phishing attack: a friend on Steam asks a user to vote for their team. In order to vote, the user must use Steam OAuth, which is a typical practice on legitimate websites.

The author of the post sounded intrigued by the fact that the interface was professionally designed. The user can sign in via Steam by clicking Sign in via Steam, which opens a virtual pop-up window over the original tab. After doing so, he realized that it was not a real window. It was just a misleading CSS interface that displayed a layer on top of the website, pretending to be a new window. He could minimize it or move it outside the borders of the platform's window.

The scam consists of fooling users into thinking they are using the correct Steam URL and that it is safe to enter their credentials. On the fake window, users can see the Valve brand and the lock icon (the sign that says the connection is secured by HTTPS), that strengthens the idea of legitimacy, as these are all UI elements of the real website.

Steam Scam Window
Things get even worse if you have 2FA enabled on the Steam account. You'll be prompted for the 2FA code you received on your phone, and once you do that, the Steam authentication app will actually be transferred to the attacker's device. Needless to say that you will be completely locked out of your account.

Scammers have also used Steam phishing attacks last year
This isn't the first time users have noticed phishing attempts using Steam pop-up windows. Another user posted a remarkably similar scam almost a year ago, and it seems bad actors continue to use this approach.

It appears that the scammers are from Russia, as the domain is registered under the registrar One user responded that the registrar will not pay much attention to this problem, but he did file a malware site report with Google so that Chrome can block this in the future.

As phishing attempts become more sophisticated, users should pay attention to more details than before. It is no longer enough to just look for the HTTPS icon, domain name, and website name. Phishing trends are constantly evolving, and you should be aware of this and consider using anti-phishing or anti-spyware software.

Forum Jump:

Users browsing this thread: 2 Guest(s)