All Discussions > Steam Forums > Off Topic > Topic Details
This topic has been locked
How to spot a fake Steam link?
Not as in steamcornmunity.com or something, you know how you need some websites want you to login with your steam account? How do we see the difference between a fake phishing one and a real Steam login link?
< >
Showing 1-15 of 15 comments
Okay, before you go to a third-party site, go to the actual steamcommunity.com and log in there first.

Then go to that site and click the “Sign in with Steam” button.

A legit openID will let you sign in with one click.

If it asks you to enter your login info, it is phishing.
Canny McTin-Face Dec 9, 2018 @ 3:58am 
Originally posted by Vix is best "Wofe":
Okay, before you go to a third-party site, go to the actual steamcommunity.com and log in there first.

Then go to that site and click the “Sign in with Steam” button.

A legit openID will let you sign in with one click.

If it asks you to enter your login info, it is phishing.
oh yeah, it normally asks wether if it is you that is logging in without asking for the password! clever move
MonoAlice Dec 9, 2018 @ 3:59am 
I'm not paying 6295$ for that.
There is a lock saying "Valve Corp [US]" next to the url.
Canny McTin-Face Dec 9, 2018 @ 4:00am 
Originally posted by Ξph3merΛ:
I'm not paying 6295$ for that.
There is a lock saying "Valve Corp [US]" next to the url.
right.. what if we are on mobile?
MonoAlice Dec 9, 2018 @ 4:02am 
Originally posted by Canny McTin-Face:
Originally posted by Ξph3merΛ:
I'm not paying 6295$ for that.
There is a lock saying "Valve Corp [US]" next to the url.
right.. what if we are on mobile?
Currently using iOS safari, the URL will be green.
If on Google Chrome, there will be a lock next to the URL (Even the mobile)
Canny McTin-Face Dec 9, 2018 @ 4:19am 
just noticed one more thing, if you change the site's language it will give you a phony error sign about Steam servers or something.
Kargor Dec 9, 2018 @ 4:46am 
Don't trust URLs, and don't trust "green locks" and stuff like that.

It's not too difficult to register something that looks like Valve, and because it's technically flawless it will get a "green" by the browser. Yet, my "Valwe Corp" still isn't that same thing as the real Valve. I might even be able to get a "Valve Corp" in some country.

Also, browser have had security issues that allowed websites to display stuff in the address field that didn't really correspond to what was shown as a webpage.

All this may or may not be easy, fixed, still an issue etc. -- but it's all extra work, and it can fool you. Logging into the real Steam on your browser beforehand is trivial (in fact, unless the login has expired for some reason, I never have to do that...), and the real "Login through Steam" will just ask you whether you want to log in with that account. That's trivial, and even IF that website manages to get your Steam login name somehow, how is you clicking "Yes" going to give them anything?
Phantom Dec 9, 2018 @ 8:10am 
Originally posted by Canny McTin-Face:
Not as in steamcornmunity.com or something, you know how you need some websites want you to login with your steam account? How do we see the difference between a fake phishing one and a real Steam login link?

Official Steam logins on third-party sites uses OpenID and the pop-up shows the Steam URL.

As an example...


The pop-up by itself is NOT generated by the site.

I sort of explained it a little more here...

https://steamcommunity.com/sharedfiles/filedetails/?id=1534605887

Check the 'phishing' index part of the guide.

:yinyangflip:
Azza ☠ Dec 9, 2018 @ 8:48am 
If you click on the 'Sign in with Steam' button, it should popup in a new web-browser windows, with Steam's URL and a SSL certificate lock upon it. The SSL padlock should be a lock (not broken / open) and if clicked upon should show you it's ownership. You can view if the certifcate is valid and who owns it.

Next try dragging that popup window outside of the other's web-browser window, ensuring it's not a faked popup. One of the phishing tricks is to create a movable box on their own webpage, with want just looks to be a popup window frame, URL box, and the SSL certificate. You wouldn't however be able to use it like a real popup web-browser window, change URL or vertify the SSL upon clicking.
Last edited by Azza ☠; Dec 9, 2018 @ 8:50am
Thoko05 Feb 26, 2021 @ 7:12am 
Originally posted by Azza ☠:
If you click on the 'Sign in with Steam' button, it should popup in a new web-browser windows, with Steam's URL and a SSL certificate lock upon it. The SSL padlock should be a lock (not broken / open) and if clicked upon should show you it's ownership. You can view if the certifcate is valid and who owns it.

Next try dragging that popup window outside of the other's web-browser window, ensuring it's not a faked popup. One of the phishing tricks is to create a movable box on their own webpage, with want just looks to be a popup window frame, URL box, and the SSL certificate. You wouldn't however be able to use it like a real popup web-browser window, change URL or vertify the SSL upon clicking.

Thank you so much.
You saved my account just by this message. I've already gotten hacked once and don't want to try it again.
Some random person sent me a friend request asking me to join a tournament.

Then sent a link to a website called: https://cyber-esport.com
The scammer asked me to vote for his esports-team after I said that I didn't want to join it, and said that I needed to be logged in to vote.
I then started making an account but with a false e-mail, username etc.
After that, the website tried making me connect with Steam, but that seemed a little weird that I already needed to connect to steam before doing anything else.

I tried connecting it and a fake popup appeared, that looked kinda legit and also not.
For example, I tried moving the window to my other monitor, or outside the web browser, but couldn't. Tried changing language just for fun, but couldn't. The Steam corp. logo was fake too, but it was so well designed and looked legit because of that.

Now I am sure this person is a scammer, trying to steal my login info.
Thank you so much for your help. I now blocked and reported the person, thanks to you.

Thank you for saving my account. <3 :gearthumbsup::Dogeface::steamhappy:
Dribo Mar 9, 2021 @ 5:20am 
Originally posted by Thoko05:
Thank you so much.
You saved my account just by this message. I've already gotten hacked once and don't want to try it again.
Some random person sent me a friend request asking me to join a tournament.

Then sent a link to a website called: https://cyber-esport.com
The scammer asked me to vote for his esports-team after I said that I didn't want to join it, and said that I needed to be logged in to vote.
I then started making an account but with a false e-mail, username etc.
After that, the website tried making me connect with Steam, but that seemed a little weird that I already needed to connect to steam before doing anything else.

I tried connecting it and a fake popup appeared, that looked kinda legit and also not.
For example, I tried moving the window to my other monitor, or outside the web browser, but couldn't. Tried changing language just for fun, but couldn't. The Steam corp. logo was fake too, but it was so well designed and looked legit because of that.

Now I am sure this person is a scammer, trying to steal my login info.
Thank you so much for your help. I now blocked and reported the person, thanks to you.

Thank you for saving my account. <3 :gearthumbsup::Dogeface::steamhappy:

Yup, i reported the website for scamming as well. Asking for steam login was just too suspicious because it wasn't in a new window. I called them out and they closed the site instantly haha
Dracoco OwO Mar 9, 2021 @ 5:25am 
Necromancy is illegal.
Vault Hunter 101 Mar 30, 2021 @ 8:08pm 
Originally posted by dimmen:
can anyone help me with finding out if this is real or not

How about you stop going to random websites that promise you free money?
Originally posted by Vault Hunter 101:
Originally posted by dimmen:
can anyone help me with finding out if this is real or not

How about you stop going to random websites that promise you free money?
i got that notification from the discord server that i play on thats why i wanted to know
cSg|mc-Hotsauce Mar 30, 2021 @ 11:57pm 
Originally posted by dimmen:
Originally posted by Vault Hunter 101:

How about you stop going to random websites that promise you free money?
i got that notification from the discord server that i play on thats why i wanted to know

Random things on Discord that have Steam "like" links to scam sites...

Report those people who send them.

:qr:
< >
Showing 1-15 of 15 comments
Per page: 1530 50

All Discussions > Steam Forums > Off Topic > Topic Details
Date Posted: Dec 9, 2018 @ 3:54am
Posts: 15