Free game offer leads to Steam phishing site
Posted on 02 November 2012.
Online gamers are often targeted with phishing schemes set up by crooks who are after users' in-game items and money, and the latest one to be spotted is aimed at Steam users.

The phishing page is a spoof of the official Steam Community webpage, sporting an "exclusive offer": a free Valve game.

All the users have to do is enter their Steam username, password, email address, and choose the wanted game (click on the screenshot to enlarge it):

In order to see just how far down the rabbit hole goes, GFI's Jovi Umawing inserted fake information and chose a game.

"I was then taken to a page where I was asked for more details, particularly my email address and password, instead of sending me the confirmation email it had promised earlier," he shared.

So, not only will the victims end up with their Steam account compromised, but also their email accounts. Depending on the additional information gathered by the crooks, they might become victims of identity theft.

"Be wary of free games and offers that would cost you more than you want to bargain for, especially if they’re hosted on dubious sites that use familiar strings in URLs you’d normally see in legitimate sites," he warns. "To be safe, visit Steam directly to double-check if they indeed have free offers."

This particular one is hosted on hxxp://, and has fortunately been blocked by most browsers that show the warning of it being a phishing site. Still, the page can easily be moved to another address, so the aforementioned advice is always appropriate.


The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 1st