Steam Security Info

Securing your Steam account

Daily phishing example #16

by | Sep 3, 2020 | Phish, Skin, Steam | 0 comments

This phish starts out from a screenshot showing a valuable item just acquired by someone in Rocket League, and is cropped to hide username and player avatar so it works for any account.

The link where you supposedly get free valuable items tries to look like a Psyonix address using the word Psyonix in it, and that word in this case is the developer of Rocket League, where the in-game items are for. And uses HTTPS protocol so web browser will mark it as secure.

But just because a website uses HTTPS protocol it doesn’t mean that it is safe. It simply means that the connection is established using encryption from your machine to the web server where the website is located at.

First line is a link to the phishing page, second line is the code you need to input to initiate the phish and third line is telling you to act fast and think later.

The phishing page has a set of codes which are required to get to the point where the page asks for your Steam logon details, including Steam Guard code if it detects valid username and password to match a Steam account.

The codes it requires can be seen in the JavaScript file which handles code for the prizes and codes to enter on homepage, seen below.

How to avoid losing your account to this?

Never login anywhere other than https://*.steampowered.com and https://steamcommunity.com using your Steam account.

If you get a pop-up always make sure the address bar says https://steamcommunity.com and that you can edit the address, some phishing pages use a fake pop-up element where you cannot edit the address or drag the pop-up outside of your browser window but this one doesn’t use any tricks and just says about:blank in place of an address.

If you want to be extra safe login first on the real https://steamcommunity.com website and then go back to suspicious website. If you aren’t logged in there then you are not on the real Steam website. Like shown on the example picture below.

Omitted from screenshot is that it also shows your current Steam wallet balance in upper right corner and your real username between the display name Sign In button.

Submit a Comment