Malwarebytes’ Chris Boyd is warning owners of Steam accounts about a relatively new phishing approach that goes after both their account login credentials and a file that allows them to bypass the entering of the Steam Guard verification code.
“When logging in on a PC you haven’t used before, Steam Guard will pop a window asking for a verification code which will have been sent to your email address. Without the code, you can’t log in,” he explains.
So how do scammers try and get around this security measure? On a specially crafted phishing page they first ask the victims to enter the login credentials, then they phish for the SG verification code by showing a notification that looks very much like the usual Steam Guard pop-up box:
As you can surmise, once installed on the attacker’s computer, the file in question will allow him to bypass the additional security layer provided by Steam Guard.
The Malwarebytes did tested the technique, and it works like a charm.
Phishers have been trying this particular approach for a month now and, if posts on the Steam forum are to be believed, they have had some success.
“In one of those weird twists of fate, some moderators had previously been advising users to copy their SSFN from one machine to another to avoid the 15 day trading delay when moving to a new machine. That desire for convenience has come back to bite some gamers in a way they probably couldn’t have imagined,” noted Boyd.
“We spend a lot of time advising people not to download files from non-trusted sources, but it’s clear that we all need to start letting people know that sometimes uploading files to strange destinations can also result in a bad experience for all concerned.”