Jump to content

Steam Fake Skins


MaxOMax

Recommended Posts

Just Beware !!

 

Steam players – beware of fake skins as phishers try to hijack accounts

 

Phishing scammers have once again targeted users of the popular Steam gaming service, it was revealed this week.

 

The credential-stealing scam, first reported by security researcher ‘nullcookies’ on Twitter, offers new skins every day.

 

A skin is a modification providing a new look and feel for items in Steam’s online games, and they are in hot demand. There are entire digital marketplaces dedicated to trading them.

 

The scammers post to a Steam user’s profile. A typical message reads:

Quote

Dear winner! Your SteamID is selected as winner of Weekly giveaway.
Get your ☆ Karambit | Doppler on giveavvay.com.

 

 

A quick search reveals over a hundred Steam profiles displaying similar text.

 

The URL, which Cloudflare now flags as a suspected phishing scam, appears to be down.

 

Bleeping Computer explains that the site asked for a user’s login credentials, promising that in exchange, the words STEAM RAIN would appear in a chat window on the left of the screen. Clicking on the link would score the victim one of the free skins on offer that day, said the scam site.

 

The chat window was, of course, a fake, as was the whole proposition. Victims who clicked on the link met a fake Steam login form that took their information for the crooks to use. That enabled them to perpetrate more fraud by using the victim’s account to post the same phishing link.

 

This phishing attack is notable because it is so convincing. Often, phishing websites feature poor language or spelling mistakes, but this scam went to extra lengths to convince victims that it was real. For example, the crooks reportedly used JavaScript to randomly select phrases from a list, periodically updating the chat window.

 

The site even included a faux Steam Guard two factor authentication (2FA) screen that sends a special access code to the address that the user entered, just as Steam’s real 2FA mechanism does. This all helped to lull the user into a false sense of security.

 

Phishing scams gravitate towards heavily used online services like banks and popular email account providers. Steam is one of the most successful online gaming providers, peaking at around 14.5 million concurrent users this week. It’s no wonder, then, that this isn’t the only phishing attack that its users have endured.

 

Other scams have reportedly lured gamers into clicking on screenshots of items offered for sale, triggering drive-by downloads, while some phishers have pretended to be Steam’s operators warning of a security problem.


Original Article: Steam players – beware of fake skins as phishers try to hijack accounts

Tag Line: Want to Have fun, join Trucking World at ETS2, ATS and TruckersMP.

 

Respected Member of the Arab Community and TMP
Former: Forum Moderator, Support Team & Game Moderator

Link to comment
Share on other sites

  • 3 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.