Steam users should exercise particular caution at the moment, because a new phishing method is making the rounds on the platform, like the website Group-IB reported. We’ll tell you what to look out for and how to avoid the hacker attack.
This is how the new trick works
The technical method behind it has been around for a long time: Supposed in-browser windows open on websites in order to get to the user’s data. In the case of the new Steam scam, it’s particularly sophisticated.
The hackers send direct messages via Steam (also from previously stolen profiles of your friends) and entice you to participate in tournaments for LoL, Counter-Strike, Dota 2 or PUBG. Sometimes they also offer discounted tickets to esports tournaments or ask users to vote for their favorite teams.
The links lead to a fake site. Each click in it opens another in-browser window that looks deceptively like a real Steam login window – complete with Steam Guard and two-factor authentication.
As a result, the hackers steal all important data, change your login and can tamper with your virtual goods, payment information and contact information to their heart’s content. This method is particularly dangerous because the supposed in-browser window simulates a legitimate login and can even be translated into 27 languages, depending on the user’s location.
The method also suggests that particularly valuable accounts from e-sportsmen and professional streamers are to be attacked here.
more on the subject
How secure is Steam? The big expert check
This is how you recognize a fake browser-in-browser window
- If the window shows what looks like an SSL certificate with a lock icon in the browser bar, take a closer look. Usually, clicking on it opens more information. In a fake window, this lock icon is just an image file.
- Try maximizing, moving, or scaling the window. In the case of a fake pop-up, this will not be possible.
- Checks whether a new window has been opened in the taskbar. Otherwise it is a fake window.
Have you come across this or a similar method yourself? What phishing experience have you had so far? Share them with us in the comments!
.png?width=1200&height=630&fit=crop&enable=upscale&auto=webp)
