Steam users should be careful of clicking links sent via direct messages on the platform. A new phishing scam could lock you out of your account, leaving it drained of expensive skins and compromising your credit card info.
The new scam was spotted by Group- IB (via PC Gamer), which provided a full report on just how this sophisticated phishing scam works. Hackers target competitive and professional gamers, sending direct messages through steam inviting those players to join online tournaments. The messages all contain links to fake tournament sites which will ask players for their Steam login credentials and a two-factor authentication code in order to sign up. After that, hackers gain access to the account and drain it of virtual goods, such as CS:GO skins, and also gain access to the user's credit card. Hackers can then use the account's friends list to send even more phishing messages.
Related: Indies Are Carrying The Single-Player FPS Right Now
The hackers target pro players since they’re more likely to have plenty of expensive stuff that can be easily sold on the open market. They set up sites that look pretty much exactly the same as real esports tournaments, right down to the URL and SSL certificate lock, making those players feel like they’re looking at a legit site. Group-IB reports that the scam first appeared in Spring 2022 and has already compromised accounts worth hundreds of thousands of dollars.
There’s a more detailed analysis on the Group-IP report for those with a more technical background, but the general warning here is to be careful of Steam DMs with links. The scam works via JavaScript, so a script-blocking extension will offer some protection, but the best protection is to just not click
Read more on thegamer.com