July 15, 2024

New phishing method is gaining popularity

New phishing method is gaining popularity

Steam is a good target for scammers – accounts are valuable. Criminals have become more sophisticated. But they are far from defeated.


The basics in brief

  • Scammers try to steal Steam account passwords.
  • To do this, they are increasingly imitating a third-party login page in Steam.
  • The popups are pretty good fake. But you can tell from a few things.

Trolling isn’t exactly a new phenomenon on Steam. no wonder. The platform is full of accounts with hundreds or thousands of purchased games, expensive CS: GO skins, and more.

It’s often just a password that separates criminals from valuable accounts. And they became more creative.

In a blog post, cybersecurity firm Group-IB reports on a method that has recently become popular: browser-in-browser phishing.

How does the scam work

So can criminalsdata To get there, they specifically lure players to their websites. This works, for example, via an invitation to «CS: GO», «dotta“, or the “PUBG” tournament.

Only one thing separates the player from the esports tournament: the “verification” of the Steam account. In a shockingly fake popup, it’s meant to be data Enter. Even two-factor authentication works normally.

Who gets here? I fell in love with scammers He is unlikely to see his account again.

How to protect yourself

The problem is how realistic the pop-ups appear. The URL looks authentic, even SSL encryption has been suggested. The window behaves normally most of the time, it can be closed, moved and expanded. In short: the scam looks real.

However, there are still some differences from the real third-party site window of Steam. “Group-IB” has identified a few points: for example, an SSL certificate is just an image and cannot be clicked as usual. Also, the maximize button doesn’t work and the popup can’t be dragged outside the browser window.

More on this topic:

data dota

See also  NASA's Osiris-Rex probe is set to explore other asteroids