New phishing method is gaining popularity

Trolling isn’t exactly a new phenomenon on Steam. no wonder. The platform is full of accounts with hundreds or thousands of purchased games, expensive CS: GO skins, and more.

It’s often just a password that separates criminals from valuable accounts. And they became more creative.

In a blog post, cybersecurity firm Group-IB reports on a method that has recently become popular: browser-in-browser phishing.

So can criminalsdata To get there, they specifically lure players to their websites. This works, for example, via an invitation to «CS: GO», «dotta“, or the “PUBG” tournament.

Only one thing separates the player from the esports tournament: the “verification” of the Steam account. In a shockingly fake popup, it’s meant to be data Enter. Even two-factor authentication works normally.

Who gets here? I fell in love with scammers He is unlikely to see his account again.

The problem is how realistic the pop-ups appear. The URL looks authentic, even SSL encryption has been suggested. The window behaves normally most of the time, it can be closed, moved and expanded. In short: the scam looks real.

However, there are still some differences from the real third-party site window of Steam. “Group-IB” has identified a few points: for example, an SSL certificate is just an image and cannot be clicked as usual. Also, the maximize button doesn’t work and the popup can’t be dragged outside the browser window.