With a new scam, criminals are targeting users’ Steam accounts. How to protect yourself!
Almost every PC gamer should have a Steam account, as there are many games available at bargain prices. Over the years, many games accumulate on one’s own account, and payment options are usually also stored in the account. This arouses the desires of criminals who are currently trying to use a new scam to take over the Steam accounts of inexperienced users.
Fraud in the browser window
Here, the scammers rely on a phishing method called “browser in the browser”, which was used for other attacks in February. A website is displayed as part of another website in the browser. In this way, the criminals want to trick their victims into entering their login data in a window that supposedly belongs to Steam, although the data is immediately forwarded to the criminals unnoticed in the background.
The security company Group IB cites an example: An invitation to a competition or a vote in connection with Steam lands in the mailbox via e-mail. After clicking on this link, the Steam access data should be typed in in a newly opened window. This window is deceptively similar to the login on Steam but actually runs in the background in front of the website shown. As a result, the usual security measures cannot take effect, and the Steam URL in the browser window does not indicate any danger.
Evidence of a phishing attempt
Even two-factor authentication cannot protect against the “browser-in-the-browser” attack, because this can also be displayed by scammers. Real protection only offers precise control of the clicked links. The scammers’ login window, which is designed as a pop-up, is also not displayed in the taskbar and cannot be moved outside of the browser area.