News

Steam users expect a wave of phishing attacks

Kaspersky Lab analysts warn Steam users of a wave of carefully planned phishing attacks.

Attackers copy in-game accessories stores to steal gamer accounts and resell their virtual property.

“Although such attacks themselves have long been commonplace, the last campaign is masked by a high degree of elaboration. The organizers carefully copied the design of real Steam-related stores”, – say the researchers.

Fake sites have all the external attributes: security certificates, warnings about the use of cookies, an HTTPS connection icon in the address bar.

Fraudsters are not interested in the user spending a lot of time on the site – sooner or later, he may find that the site is fake. Therefore, “to the point” phishing sites go very quickly: as soon as the user clicks on any link, in front of him appears a window to enter the username and password for his Steam account.

Read also: Vietnamese student created 42 malicious applications, in sum downloaded more than 8 million times

The authorization form also repeats the pages familiar to users – fraudsters indicate the URL of the Steam portal and change the design in accordance with the interface language used.

Moreover, the entered information is checked against the original database, so that the phishing site recognizes incorrect logins and passwords. Having received the correct pair, the service requests a two-factor authentication code, which allows fraudsters to take control of the victim’s account.

Experts urge users to be vigilant.

How to protect yourself?

The main ways to protect against this and similar fraud are not much different from the recommendations for identifying “ordinary” phishing sites.

Examine the address bar and its contents. Pay close attention to forms of authorization on “external” resources. If you suspect that the authorization form is false, open the Steam main page in a new browser window and log in to your account. Then return to the suspicious login form and refresh the page. If it is real, a message appears stating that the login has already been completed.

If everything seems normal, but something is suspicious, check the domain using WHOIS: trustworthy companies do not register domains for short time and do not hide their contact details. In the end, activate two-factor authentication through Steam Guard, follow the general recommendations of Steam and use a protection solution with phishing protection.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button