If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

A Steam phishing scam is baiting players with tournament play

Stay safe!

Steam users beware: there's a new browser-in-the-browser phishing scam technique that's baiting players with the promise of tournament play.

Group-IB has published a new report on the topic, illustrating how a new campaign is targeting professional gamers (spotted by PCGamer).

The campaign imitates browser pages within Steam with fake direct messages inviting players to join tournaments.

Eurogamer Newscast: Ubisoft moves forwards, bets big on Assassin's Creed.

They're then urged to log in to Steam using their credentials and 2FA code, giving hackers access to their accounts, their virtual goods, and credit card information, as well as a friends list for more targets.

The fake browser window opens in the same tab to convince users it's legitimate and can even be moved around and minimised like a webpage.

Steam phishing page example
An example of a Steam phishing page, via Group-IB.

A link in the address bar is also identical to the legitimate website, making these fake windows harder to spot.

It seems this new campaign is targeting professional gamers in the hope they will have more expensive virtual goods.

Whether you're a pro or not, don't click on links you don't trust or give away personal information!

From Assassin's Creed to Zoo Tycoon, we welcome all gamers

Eurogamer welcomes videogamers of all types, so sign in and join our community!

Related topics
About the Author
Ed Nightingale avatar

Ed Nightingale

Deputy News Editor

Ed has an interest in streaming, people and communities, and giving a voice to marginalised people.