Comment: Fake Steam Site Steals Login Credentials

A fake Steam skin giveaway site has been created that states it gives away news skins every day, but in reality it just steals your login credentials.

If a user goes to the promoted site they will be shown a pretend ‘$30,000 giveaway’ promotion that contains 26 days of free skin giveaways for Counter-Strike: Global Offensive (CSGO).

This phishing landing page also has a fake running chat screen on the left hand side of the page.If a user falls for the scam and clicks the “Sign in via Steam” button, it will pretend to open the login form from Steam, but will ultimately display a fake Steam login form. While this screen looks like the normal Steam login, any login credentials that are entered will be sent to the attackers instead.

Stuart Sharp, VP of Solution Engineering,  OneLogin
December 03, 2019
While a full solution includes eliminating password reuse, the first step is MFA.
Password stealing malware and phishing attacks are a challenge for enterprises and consumers alike. Password Stealing techniques usually target the weakest link when it comes to security – the human being. Due to the high incidence of password reuse, once a set of login credentials have been compromised, it’s very likely that attackers will have access to many more of the user’s accounts. Wh ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article