Phishing Attacks on Steam Users Are on the Rise

Experts from Kaspersky Lab have released a report indicating that since June of this year, there has been a noticeable increase in sophisticated and well-executed phishing attacks targeting Steam users.

Why Steam Is a Target for Scammers

Researchers note that digital game distribution services have long attracted the attention of cybercriminals. Typically, attackers aim to steal user credentials to strip victims’ in-game characters of valuable items, which are then sold for real money. Steam remains one of the most popular platforms among both users and scammers.

How the Phishing Attacks Work

Attackers lure users to websites that mimic or copy legitimate online stores—specifically those related to Steam—where users can supposedly purchase in-game items. These fake sites are often very convincing, making it difficult to spot the deception. In some cases, the imitation is so precise that it’s nearly impossible to distinguish from the real thing.

Scammers are not interested in having users spend much time on these sites, as prolonged visits increase the risk of detection. Therefore, phishing sites quickly prompt users to enter their Steam login and password as soon as they click any link. This request may not seem suspicious, as using one service’s account to log into another is common practice (such as registering for web services via social networks or Google). Steam also allows users to log into third-party sites using their Steam credentials, especially for trading platforms that need access to inventory data.

Imitation of the Steam Login Window

The fake login window closely resembles the real one: the address bar displays the correct Steam community URL, the layout is responsive, and if you open the link in a different browser or with a different language setting, the content and title of the fake page will change accordingly to match the new locale.

However, if you right-click on the title of this window (or on the control elements), a standard web page context menu appears. By selecting “View Source,” it becomes clear that the window is a fake, created using HTML and CSS.

The fake login form appears even more convincing because it checks the entered credentials using the original services: if you enter an incorrect username or password, you’ll receive an error message.

Two-Factor Authentication and Full Account Takeover

After entering valid login credentials, the site will request a two-factor authentication code, which is sent via email or generated in the Steam Guard app. Any code entered here is also sent to the scammers, giving them full control over the victim’s account.

Other Phishing Methods

In addition to the more complex method of creating a login window using HTML and CSS, attackers also use traditional techniques, such as opening a fake login form in a separate window with a blank address bar. Despite the different display method, the principle remains the same: the form checks the entered credentials and, if correct, requests a two-factor authentication code.