Kaspersky Lab analysts warn Steam users of a wave of carefully planned phishing attacks.
Attackers copy in-game accessories stores to steal gamer accounts and resell their virtual property.“Although such attacks themselves have long been commonplace, the last campaign is masked by a high degree of elaboration. The organizers carefully copied the design of real Steam-related stores”, – say the researchers.
Fake sites have all the external attributes: security certificates, warnings about the use of cookies, an HTTPS connection icon in the address bar.
Fraudsters are not interested in the user spending a lot of time on the site – sooner or later, he may find that the site is fake. Therefore, “to the point” phishing sites go very quickly: as soon as the user clicks on any link, in front of him appears a window to enter the username and password for his Steam account.
Read also: Vietnamese student created 42 malicious applications, in sum downloaded more than 8 million times
The authorization form also repeats the pages familiar to users – fraudsters indicate the URL of the Steam portal and change the design in accordance with the interface language used.
Moreover, the entered information is checked against the original database, so that the phishing site recognizes incorrect logins and passwords. Having received the correct pair, the service requests a two-factor authentication code, which allows fraudsters to take control of the victim’s account.
Experts urge users to be vigilant.
How to protect yourself?
The main ways to protect against this and similar fraud are not much different from the recommendations for identifying “ordinary” phishing sites.
Examine the address bar and its contents. Pay close attention to forms of authorization on “external” resources. If you suspect that the authorization form is false, open the Steam main page in a new browser window and log in to your account. Then return to the suspicious login form and refresh the page. If it is real, a message appears stating that the login has already been completed.