Steam users beware: there's a new browser-in-the-browser phishing scam technique that's baiting players with the promise of tournament play.
The campaign imitates browser pages within Steam with fake direct messages inviting players to join tournaments.
They're then urged to log in to Steam using their credentials and 2FA code, giving hackers access to their accounts, their virtual goods, and credit card information, as well as a friends list for more targets.
The fake browser window opens in the same tab to convince users it's legitimate and can even be moved around and minimised like a webpage.
A link in the address bar is also identical to the legitimate website, making these fake windows harder to spot.
It seems this new campaign is targeting professional gamers in the hope they will have more expensive virtual goods.
Whether you're a pro or not, don't click on links you don't trust or give away personal information!