Skip to main content

A Steam phishing scam is baiting players with tournament play

Stay safe!

Steam users beware: there's a new browser-in-the-browser phishing scam technique that's baiting players with the promise of tournament play.

Group-IB has published a new report on the topic, illustrating how a new campaign is targeting professional gamers (spotted by PCGamer).

The campaign imitates browser pages within Steam with fake direct messages inviting players to join tournaments.

Eurogamer Newscast: Ubisoft moves forwards, bets big on Assassin's Creed.Watch on YouTube

They're then urged to log in to Steam using their credentials and 2FA code, giving hackers access to their accounts, their virtual goods, and credit card information, as well as a friends list for more targets.

The fake browser window opens in the same tab to convince users it's legitimate and can even be moved around and minimised like a webpage.

Steam phishing page example
An example of a Steam phishing page, via Group-IB.

A link in the address bar is also identical to the legitimate website, making these fake windows harder to spot.

It seems this new campaign is targeting professional gamers in the hope they will have more expensive virtual goods.

Whether you're a pro or not, don't click on links you don't trust or give away personal information!

Read this next