Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Newly discovered phishing scam on Steam
3 min. read
Published onMay 24, 2021
published onMay 24, 2021
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
By reading about other people’s mistakes and by sometimes learning the hard way, we are all aware that the internet is not exactly the safest place.
One simple click can cause major leaks and losses if we don’t keep our eyes wide open. Being smart is being safe in this ever-growing online world, so avoid all suspicious sites and offers you might come accross,
New phishing scheme discovered via Steam
According to the Reddit postsubmitted today by one of the users, a simple action that he was asked to perform on Steam for a fellow gamer, almost resulted in him losing his account.
Trying not to arouse any suspicions, the innocent request urged the user to just vote for a gaming team. When trying to do so though, what he discovered was a bigger surprise than he expected.
However, in order to perform this action, you have to use Steam OAuth to log in, which is pretty much a common thing among verified websites.
The trick was that, after you clicked onSign in via Steam, another virtual popup window would open inside the original tab.
This gives most users the impression that they are using the correct steam URL and that it’s completely safe to input the credentials.
Because the Valve corporation name and icon, as well as other elements of the original website’s UI are present, it becomes easier to trick the unsuspecting into providing personal information.
What surprised me was the quality of trick!
2FA data sent to the attackers
The post author on Reddit continues to explain that, in case anyone went through with this sign up process, the loss of the Steam account would be almost a certain thing.
If users had the 2FA option enabled, actually inputting the security code that they received on their phone, could lead to total account takeover, as they would have all the information they need.
Although the Steam platform isn’t commonly used to perform such schemes, its not uncommon. Malicious third parties will never stop concocting new ways to trick you out of your possesions.
So, what we can learn from this situation is that we should never provide our personal information to any suspicious or unverified websites.
Using thelatest antivirus softwarecan save us the trouble of having to restore potential damage caused by all sorts of malintent, or try and recuperate lost data.
Always make sure to keep track of where you choose to make such precious information available, in order to avoid data loss or other leaks.
Remember that not everything on the internet is what it seems and that staying protected should be our number one priority, regardless.
Have you ever been a victim of phishing? Tell us all about it in the comments section below.
Alexandru Poloboc
Tech Journalist
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host.
A certified gadget freak, he always feels the need to surround himself with next-generation electronics.
When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Alexandru Poloboc
Tech Journalist
With a desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter.
