Came this close to getting scammed

All Discussions > Steam Forums > Steam Community > Topic Details

Kamoo Feb 6, 2024 @ 11:14am

Came this close to getting scammed

Earlier today, a stranger added me asking for a trade, I politely refused. A few minutes later, they sent me another workshop page asking for an upvote for a skin their friend created.

Sure, I can do that, right?

I opened the link, clicked the upvote, and steam login window popped up. Being careful as I am, I double-checked the URL of that popup window and it turned out to be alright.

However, after I scanned the QR code, it didn’t log me in. Weird. That’s when I sensed something fishy… It turned out that the workshop page was a phishing mirror, it's domain name doesn't check out.

I quickly logged off all my devices and changed my password. Luckily, I didn’t lose anything. From the device page, I could see an unknown Android device that had logged in with my account.

Only in the postmortem, I found out why that popup window looked so legit - it was a complete HTML imitation, rendered inside of that fake workshop page, that explains why it has correct steam domain and the safe check stuff - how clever

< >

Showing 1-6 of 6 comments

Kamoo Feb 6, 2024 @ 11:26am

I don't know if I can post the link here, moral of the story is, just don't trust any links from friends you don't know.

Here is a write up of this attack vector with demo:
https://mrd0x.com/browser-in-the-browser-phishing-attack/

Last edited by Kamoo; Feb 6, 2024 @ 11:44am

Knee Feb 6, 2024 @ 1:47pm

Considering all the other things I’ve seen people fall for, nice job evading that scam.

Tristin Feb 6, 2024 @ 2:37pm

Just block message from strangers in setting. Problem solved.
If someone have to talk to you, let them post comment on your profile.

Last edited by Tristin; Feb 6, 2024 @ 2:37pm

Kamoo Feb 6, 2024 @ 9:06pm

This might sound radical, but seriously, pop-up windows should never exist in the first place. I consider myself tech-savvy, I always check the domain before every login, and I fell for that. Most people have little chance against these kinds of phishing. Until browsers fix their problem, Steam should educate their users regularly on these kinds of hacks.

Many thanks to the stranger who awarded this post :)

cSg|mc-Hotsauce Feb 6, 2024 @ 9:11pm

The "Vote for my team" variants of the phishing scam link has been going around for over a decade.

https://help.steampowered.com/en/faqs/view/7958-1D76-CA26-7BB4

As said, they are variants of the same type of phishing scam link.

Kamoo Feb 6, 2024 @ 9:23pm

Originally posted by cSg|mc-Hotsauce:
The "Vote for my team" variants of the phishing scam link has been going around for over a decade.

https://help.steampowered.com/en/faqs/view/7958-1D76-CA26-7BB4

As said, they are variants of the same type of phishing scam link.

:winterbunny2023:

I actually recall that some years ago, I did a vote-up for a stranger’s team, but I didn’t have any valuables or cash in me, so I probably didn’t notice that my account was already hacked by then.

< >

Showing 1-6 of 6 comments

Per page: 1530 50

All Discussions > Steam Forums > Steam Community > Topic Details

Date Posted: Feb 6, 2024 @ 11:14am

Posts: 6

Start a New Discussion

Discussions Rules and Guidelines

Report this post