Warning: Criminals want to hijack Steam accounts

With a new scam, criminals are targeting users’ Steam accounts. How to protect yourself!

Almost every PC gamer should have a Steam account, as there are many games available at bargain prices. Over the years, many games accumulate on one’s own account, and payment options are usually also stored in the account. This arouses the desires of criminals who are currently trying to use a new scam to take over the Steam accounts of inexperienced users.

Fraud in the browser window

Here, the scammers rely on a phishing method called “browser in the browser”, which was used for other attacks in February. A website is displayed as part of another website in the browser. In this way, the criminals want to trick their victims into entering their login data in a window that supposedly belongs to Steam, although the data is immediately forwarded to the criminals unnoticed in the background.

Clever deception

The security company Group IB cites an example: An invitation to a competition or a vote in connection with Steam lands in the inbox via e-mail. After clicking on this link, the Steam access data should be typed in in a newly opened window. This window is deceptively similar to the login on Steam, but actually runs in the background in front of the website shown. As a result, the usual security measures cannot take effect, and the Steam URL in the browser window does not indicate any danger.

Evidence of a phishing attempt

Even two-factor authentication cannot protect against the “browser-in-the-browser” attack, because this can also be displayed by the scammers. Real protection only offers a precise control of the clicked links. The fraudsters’ login window, which is designed as a pop-up, is also not displayed in the taskbar and cannot be moved outside of the browser area.

Steam: Users have been waiting for this button

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button