A new kind of phishing scheme has popped up, targeting competitive and professional gamers on the Steam gaming platform.
According to a report from Group-IB, hackers have started using a browser-in-browser technique to target gamers in an attempt to steal their Steam accounts.
The hackers target individual gamers by sending them a message with an invite to a gaming tournament. In order to sign up for the tournament, the target has to sign into their Steam account through the phishing website.
However, instead of creating a new, secure window for users to log into their Steam accounts, the phishing website creates a fake window that mimics the Steam website.
What looks like the official Steam login page is actually a fake front. By the time you enter your username, password, and two-factor authentication code, hackers already have access to your Steam account.
This particular phishing attack seemingly targets professional or competitive Steam gamers under the guise of tournament play.
And professional gamers tend to have more lucrative Steam accounts, with some accounts estimated worth over $100,000. That’s a lot of CS:GO skins.
As always, the key here is to ignore messages from strangers on Steam. It seems that the hackers are exclusively targeting users with Steam messages.
So whatever you do, don’t click on any outside links in messages from users you don’t know on Steam. Or on any platform for that matter. Phishing scams are constantly running rampant, not just on Steam.
It’s pretty unlikely that any stranger is going to approach you with legitimate opportunities on the internet.
Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.