Contents
More than 130 million gamers log into Steam monthly, making it the most active gaming platform and virtual storefront. Some have been using it for over 20 years, amassing sky-high backlogs and making lifelong friends along the way.
Losing one’s account is a devastating blow on many levels. Find out everything there is to know about phishing scams so that it doesn’t happen to you!
What are Steam Phishing Scams & How Do They Work?
Phishing is a well-known and common type of social engineering attack. Rather than bother with sophisticated cybersecurity protections that companies like Valve put into place, it exploits users’ trust and lack of knowledge.
The attackers start by contacting you with an urgent message. Sometimes they do this through emails if the address was leaked in previous data breaches. They also commonly use already compromised Steam accounts and send these messages to everyone on the account’s friends list via Steam chat.
The message will claim there’s a problem or opportunity and urge you to resolve it. They often pose as Steam support and claim you got a VAC ban that you can appeal. Offers of free game skins or invitations to playtest events are also common.
Either way, there’s a link for you to click on. Doing so takes you to a website that may look like a real Steam page but is actually fake and designed to steal your login details. They may even try to bypass Steam Guard by asking for the 2FA code you get.
What Are the Consequences?
With your credentials in hand and 2FA out of the way, the crooks get complete access to your account. They can log you out of all devices or change the email and password, preventing further logins. That’s just the start, though.
On the one hand, the hackers may sell off or trade away all the items in your account. Some skins and other items are worth a lot of money, after all. While Steam won’t give them access to your linked financial account, it is possible to drain them if you’ve authorized automatic payments. They’ll then use the funds to buy expensive skins or gift cards and trade them for cash on shady reseller sites.
On the other hand, they may escalate the attack. For example, if your Steam and email passwords are identical or similar, hackers can gain access to your email address. From there, it’s trivial to ask for password changes and take over other associated accounts. If PayPal or banking accounts are among them, the financial loss can be substantial.
Finally, there’s the loss of trust. Hacked accounts are often used to spread phishing scams around. Even if you get yours back, friends who’ve received such messages may never fully trust you again.
How to Stay Safe?
Not falling for Steam phishing scams boils down to two things: knowledge and preparedness.
Most of these scams aren’t hard to spot since they follow the same pattern. Always go with your gut and double-check any message that seems suspicious or too good to be true. Also, real Steam support already has your account details, so why would they need them? Gaming communities quickly spot new scams and spread the word, so keep yourself informed.
That said, there’s no substitute for proper cybersecurity precautions. Make sure you’re using a complex and unique password for all your accounts. Use a password organizer to generate strong passwords without having to remember them all.
Plus, you can use the manager to autofill your credentials on Steam’s official website. Since autofill won’t work on spoofed sites, you’ll know there’s something wrong if you get tricked into following a phishing link.
Conclusion
PC gaming is trendy again, meaning Steam and the number of attempts to scam its users out of their accounts are only poised to grow. Now that you know what to look for and how to protect yourself, you can stay one step ahead.
