Hackers use phishing scams that steal Steam accounts

A new phishing attack targets Steam users. The technique is very well designed and can cause users to lose their accounts to fraudsters.


The scam was reported by security firm Group-IB, which identified more than 150 fraudulent resources impersonating Steam pages.

This phishing scam is done using the Browser-in-the-Browser technique, a technique that allows malicious actors to simulate a page or service on a fake website. A kind of cloning of legitimate sites. “I want to tell you the story of how I was scammed and lost my Steam account, including over 100 purchased games and donations totaling over $200,” described one user whose account was stolen.

Read more:

In this case, hackers send a message via Steam chat asking users to join a League of Legends, Counter Strike, Dota 2 or PUBG team to play in tournaments.

An approach used by cybercriminals. (Image: Reproduction/ Group-IB)

The messages will have links pointing to a website that appears to be hosting an Esports competition, but is actually a malicious website. Scammers ask users to create an account on the site using their Steam account to join a team.

The website opens a fake window next to the Steam login. The login page is not opened by the Steam program on the computer, the window is opened in the browser itself. Through this it is already possible to identify the fraud.

After logging in, the page opens a new form asking the victim to enter a verification code via email and SMS. After the verification is complete, a link to a legitimate website so that the user does not doubt the legitimacy of the procedure he has just performed.

Shortly after entering the login credentials and providing the verification code, the fraudsters have already hacked the account and changed the Steam account password and email.

How to protect yourself from browser hijacking attacks

As reported by Group-IB, the phishing attack uses JavaScript code, then an extension to block the script and thus prevent the code from being opened.

Be careful even with messages sent from friends on Discord and Steam, they can be used by scammers, as all accounts on these two platforms are often hacked. So make sure you are really talking to your friend.

Through Bleeping Computer and Digital Trends

Watch new videos YouTube Digital look? Subscribe to the channel!

Leave a Comment

Your email address will not be published.