A Steam phishing scam is baiting players with tournament play
Stay safe!
Steam users beware: there's a new browser-in-the-browser phishing scam technique that's baiting players with the promise of tournament play.
Group-IB has published a new report on the topic, illustrating how a new campaign is targeting professional gamers (spotted by PCGamer).
The campaign imitates browser pages within Steam with fake direct messages inviting players to join tournaments.
They're then urged to log in to Steam using their credentials and 2FA code, giving hackers access to their accounts, their virtual goods, and credit card information, as well as a friends list for more targets.
The fake browser window opens in the same tab to convince users it's legitimate and can even be moved around and minimised like a webpage.
A link in the address bar is also identical to the legitimate website, making these fake windows harder to spot.
It seems this new campaign is targeting professional gamers in the hope they will have more expensive virtual goods.
Whether you're a pro or not, don't click on links you don't trust or give away personal information!