Steam Users Targeted by Phishers

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20090804-steam-picA phishing campaign that started around the beginning of the year, targeting gamers who use Valve Software’s Steam network, continues unabated but with a twist: The phishers have registered dozens of domain names, such as or (where the ### can be a two or three digit number), which are used to host the phishing pages. The pages appear to be a “Steam Community” login page which looks identical to Valve’s Steam Community Web site.

There are a few ways you can quickly identify whether you’re on the right page, or a fake. For one, the real Steam Community page is a secure HTTP page, so you should see the “https” in the address bar, and the lock icon in the corner of the browser window. By clicking on this icon, you can view the valid security certificate information, which clearly shows that the site is owned by Valve.

Another way you can tell that you’re on the correct Steam login page is to try using the “Select your preferred language” dropdown at the top of the window to change to any language other than English. If you’re on Steam’s page, the language will change; If you’re on the phisher’s page, it simply refreshes and remains set to English, no matter which language you pick. Also, the real Steam page features a cartoony graphic of “players” chatting amongst themselves which changes periodically. The phishers’ pages always have the same static graphic, shown above.

Read on for some additional details.

As a tease, they don’t get any more conventional than this one: The text at the top of the phishing page implores visitors that “Now, and for the last 0.3 minutes (sic), you can test Killingfloor for free in the steamshop!” Presumably, this 20-second window of opportunity is intended to spur gamers into rapidly, and without thinking, enter their credentials into the form on the page.


The various domains are essentially a placeholder for a full-window iframe; The actual malicious pages are being hosted at a variety of free Web hosting services. As quickly as the free pages are being pulled down, the phishers are throwing new ones up elsewhere. Webroot is working with the Web hosting providers and domain registrars to get the entire batch shut down quickly.

If you suspect for a moment that you might have been taken in by this ruse, log into Steam and change your password immediately. We’ve extensively covered why phishers want your game account passwords. Don’t give the bad guys a chance to monetize your game account details.

Thanks to the folks who run Web of Trust for passing along this valuable information.

wordpress blog stats

2 thoughts on “Steam Users Targeted by Phishers

  1. ive been reporting these anonnying phisher for awhile now
    had afew their redirector urls and web hosts shut down after reporting them to admins/web masters of these free sites 😀 hell even track one down found his facebook and photo lol some plain crimals and others but like this one just steal other account to sell/trade/ use for online game cheating with aimbots/ other bad things

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s