Threat Management, Malware, Phishing

Phishing scam uses fake giveaways to lure in Steam gaming service users

Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials.

Researcher "nullcookies" first reported the fraudulent giveaway promotion in a Twitter post late last month. BleepingComputer followed up on the post and determined that the actor or actors are attempting to lure in victims via comments made to Steam profiles. These comments falsely state that the recipient has won a weekly giveaway and can claim his or her prize on giveavvay.com, a malicious website.

The malicious site further perpetuates the scam by showing what appears to be a $30,000 giveaway promotion featuring 26 days worth of free skins for the multiplayer first-person shooter game "Counter-Strike: Global Offensive." Site visitors are instructed to click on sign-in button, which opens up a fake Steam login form where the victims can enter their information for the attackers to steal, Bleeping Computer reports.

The site reportedly even creates a legit "Steam Guard" security request (for logins from unrecognized devices) and prompts users to complete the process so the attackers also gain to the special access code. And to feign authenticity, the site also displays a phony chat screen on the left side of the page. These fabricated chat messages are comprised of randomly selected phrases that are inserted via JavaScript code.

Fortunately, because the malicious site is hosted behind Cloudflare, users who visit the page should receive a warning of suspected phishing activity, BleepingComputer notes.

In late October, Kaspersky reported observing increasingly frequently and sophisticated scams targeting Steam users since last June.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds