Free game offer leads to Steam phishing site
Posted on 02 November 2012.
Online gamers are often targeted with phishing schemes set up by crooks who are after users' in-game items and money, and the latest one to be spotted is aimed at Steam users.

The phishing page is a spoof of the official Steam Community webpage, sporting an "exclusive offer": a free Valve game.

All the users have to do is enter their Steam username, password, email address, and choose the wanted game (click on the screenshot to enlarge it):

In order to see just how far down the rabbit hole goes, GFI's Jovi Umawing inserted fake information and chose a game.

"I was then taken to a page where I was asked for more details, particularly my email address and password, instead of sending me the confirmation email it had promised earlier," he shared.

So, not only will the victims end up with their Steam account compromised, but also their email accounts. Depending on the additional information gathered by the crooks, they might become victims of identity theft.

"Be wary of free games and offers that would cost you more than you want to bargain for, especially if they’re hosted on dubious sites that use familiar strings in URLs you’d normally see in legitimate sites," he warns. "To be safe, visit Steam directly to double-check if they indeed have free offers."

This particular one is hosted on hxxp://, and has fortunately been blocked by most browsers that show the warning of it being a phishing site. Still, the page can easily be moved to another address, so the aforementioned advice is always appropriate.


Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Jul 22nd