Steam Security Info

Securing your Steam account

Daily phishing example #20

by | Sep 30, 2022 | Blog, Phish, Steam, Workshop | 0 comments

This phish starts out with a friend invite. After you accept the invite you get asked to play CSGO and then told that the person who wants to supposedly play with you has to finish their drawing first.

Then they start pasting screenshot of it and other drawings, that are CSGO weapon skins, to the chat. Eventually giving you a link to Steam workshop to show off the weapon skin. However this link is a phishing link instead of a link to a real Steam website.

This phishing website has a text asking if you would wish to see the weapon skin in the game. The phisher will ask you to click a button for “Yes”, which prompts you to login to Steam and this is when the phishing website steals your login information and also has functionality to ask for your Steam guard code which in turns logs in the phisher to your Steam account.

How to avoid this phish?

Always check that the address starts with https://steamcommunity.com and just to be safe you can type that yourself to avoid look a likes with different symbols that may look like the real letter but aren’t, for example i is not ı and so on.

Another simple trick is to login at https://steamcommunity.com first, then if you are feeling brave enough open possible suspicious link(s) and see if you are logged in or not. If you are automatically logged to Steam then it’s very likely the real Steam openID portal.

The real page will know your display name, username and Steam wallet balance as long as you are logged in already before hand.

Submit a Comment