Steam Users Beware, There's A New Hack Out To Get You

Read this if you want to avoid an unwanted phishing trip.
Steam Users Beware, There's A New Hack Out To Get You

Internet security has been going through a rough patch if the number of times we've had to cover similar stories in the past few months is anything to go by. Nobody is safe, from the big guys at Microsoft to the still big guys at Nvidia, and now even the tiny fish that populate the ocean of Steam. Yeah, a new and very effective phishing scam has already claimed a considerable number of accounts so we're here to show people how to identify it before it is too late.

Group-IB, a collective of hackers that work for the light side of the force has warned of a very dangerous new type of scam that mimics invitations to tournaments, invitations that once opened will lead to users to the world of no longer having a Steam account. This new scam is more dangerous than traditional phishing because instead of looking like the real deal but then having an obviously fake URL, this one mimics the entire thing. This new technique is called Browser-In-The-Browser phishing, which means it's completely indistinguishable from the real thing. It's like an evil version of the golden ticket in the Willy Wonka story, or maybe a regular version of the golden ticket because we all know damn well that all those kids died.

a fake page
This one is easy to spot because of all the strange letters, but these also come in English.

Group-IB warns that many players are losing their accounts to very interesting proposals. We don't doubt the prowess and skill of our readers, but consider training a bit more and wait for the next invitation if you get one of these:

a scammer trying to trick a steam user with a fake invitation

The good news is that even though these scams are much harder to spot, they're still not exactly perfect. Group-IB states that even though these windows look just like the real deal, they don't behave like it. These new windows cannot be moved or resized, so trying either option is an efficient testing mechanism. An even better idea is to try and minimize these windows because that will close them instead.

Even more importantly, disabling the execution of JS scripts on your browser will prevent fake windows from showing up.

For an ultra-detailed explanation, head over to Group-IB's official website.

Top Image: Valve

Scroll down for the next article
Forgot Password?