Steam Security Info

Securing your Steam account

Daily phishing example #23

by | Jan 28, 2023 | Blog, Phish, Steam, Vote | 0 comments

This phish starts out with a friend invite. After you accept the invite you get asked to vote for a team.

The linked website is using a faked pop-up that mimics a web browser with faked address bar on top. You cannot for example click the lock icon which says “Valve Corp. [US]” to verify the certificate, edit or type to the address text field or move it outside of your browser window. If it were a real pop-up window then you could do all this.

How to avoid this phish?

Always check that the address starts with https://steamcommunity.com and just to be safe you can type that yourself to avoid look a likes with different symbols that may look like the real letter but aren’t, for example i is not ı and so on.

Another simple trick is to login at https://steamcommunity.com first, then if you are feeling brave enough open possible suspicious link(s) and see if you are logged in or not. If you are automatically logged to Steam then it’s very likely the real Steam openID portal.

The real page will know your display name, username and Steam wallet balance as long as you are logged in already before hand.

Submit a Comment