Steam Site Hit by Phish Scam

Gamers can also use this forum to chat about any game related subject, news, rumours etc.

Moderator: maddog986

Post Reply
User avatar
Joe D.
Posts: 4004
Joined: Wed Aug 31, 2005 12:05 pm
Location: Stratford, Connecticut
Contact:

Steam Site Hit by Phish Scam

Post by Joe D. »

from Yahoo News

"A new phishing scam tries to trick gamers on the Steam online video game platform into divulging their passwords — and it does so by masquerading as Steam's own security measures and tricking users into disabling the Steam app's built-in protection ... Malwarebytes reports that scammers have crafted official-looking Steam login pages that prompt users to enter their usernames and passwords. These pages are just 'phishing' or using bait to trick users into compromising themselves.

"In the usual Steam sign-in process, users would then have to enter the emailed code generated by Steam Guard. However, the scam website then asks users to upload a file from the Steam folder on their computer called a SSFN file. This file is what authorizes your computer to Steam Guard; it essentially tells Steam Guard not to demand an emailed code.

"If you upload your SSFN file, the scammers can then use it, along with the phished usernames and passwords, to access your Steam account. Once inside, the scammers can drain the account's credit as well as its virtual items and trading cards that Steam users can collect and trade. However, the scammers can't buy more video games from Steam's online store, since that would require knowing your credit card information ..."

http://news.yahoo.com/steam-gaming-hit- ... 55051.html
Stratford, Connecticut, U.S.A.[center]Image[/center]
[center]"The Angel of Okinawa"[/center]
Home of the Chance-Vought Corsair, F4U
The best fighter-bomber of World War II
User avatar
JiminyJickers
Posts: 290
Joined: Tue Oct 04, 2011 8:21 am
Location: New Zealand

RE: Steam Site Hit by Phish Scam

Post by JiminyJickers »

Thanks for the warning. I would never upload a file from my PC as part as a login procedure, but it is good to be aware of this none the less.
User avatar
CGGrognard
Posts: 596
Joined: Wed Oct 02, 2013 9:31 pm
Location: USA

RE: Steam Site Hit by Phish Scam

Post by CGGrognard »

Thanks for the information, especially the details of it's working.
"The supreme art of war is to subdue the enemy without fighting." - Sun Tzu
gradenko2k
Posts: 930
Joined: Mon Dec 27, 2010 6:08 am

RE: Steam Site Hit by Phish Scam

Post by gradenko2k »

So all you have to do is to hand-over your username and password to a total stranger? Man, these scams are getting subtler and subtler every day
User avatar
Qwixt
Posts: 901
Joined: Mon Jun 19, 2006 6:33 am

RE: Steam Site Hit by Phish Scam

Post by Qwixt »

I kind of disagree with the title as the steam site has been hit with nothing. Most likely, users are getting directed to the fake site through email or other activities. Then the users fall for some amazing and overly complex wtf were you thinking trap. If these scammers actually managed to replace the steam pages with their stuff, then yes, steam site did get hit by the scam.

Otherwise, this is the same basic phish scheme used over and over, but with a twist due to the need to upload a file.
aaatoysandmore
Posts: 2847
Joined: Wed Sep 11, 2013 1:35 pm

RE: Steam Site Hit by Phish Scam

Post by aaatoysandmore »

Another thing I keep getting daily on my Steam account is asking me to verify my Email account, using the ole method for security purposes and bringing me excellent customer service. It does have a close this popup feature and every day that's exactly what I do. There is no reason for Steam to need to verify who I am unless I ask them to or report some scandal. I never type in my email address and immediately close this lil popup (looks like a banner across the screen) and have written to support to please stop sending me this crap, but they never respond (as per usual with Steam when you want support). Just an FYI in case you get this too. I'd contact Steam officials first before verifying anything you didn't setup to be verified like when you change computers or browsers or something like that and your Steam Account doesn't recognize that computer or browser.
Post Reply

Return to “General Discussion”