Steam accounts are under attack from a new phishing scam that tricks users in to downloading malicious software that bypasses Valve's Steam Guard system, according to Malwarebytes Unpacked. Valve launched Steam Guard in 2011 and has since made it mandatory for all Steam trades.
Steam Guard works by placing an SSFN file on authorized PC's, Steam will check for this file every time you log in and as long as its there, you can get in to your account straight away. Back in April, scammers made a fake website for users to log in to and manually upload the SSFN file, which would grant them unlimited access to that account. However, the results weren't great so now they are trying a much simpler method that might catch a few people off guard.
Whoever is behind this is now sending out private messages asking to trade but claiming that a Steam error is stopping them from adding you as a friend. The account will then send a link to a fake login page, once your details are in there, you will start downloading some malicious software, which the page will ask you to run in order to complete the login process.
The server contacts a Russian site, the program will scan your PC for the SSFN file and automatically upload it without your knowledge or permission. All of this allows unlimited access to any account tricked by this.
Discuss on our Facebook page, HERE.
KitGuru Says: A lot of you guys are smart enough to not fall for something like this but it's still a good idea to get the word out as not everyone is super careful. Instead of claiming that only an idiot would ever fall for this, you would be better off helping spread the word and making sure people stay smart. After all, a lot of Steam accounts are worth a lot of money with all of the games on there.
Source: Malware Bytes