gamasutra.com : New phishing scam sees hackers bypass Steam Guard security

Discussion in 'General Discussion' started by RIP, Apr 17, 2014.

gamasutra.com : New phishing scam sees hackers bypass Steam Guard security

Discussion in 'General Discussion' started by RIP, Apr 17, 2014.

  1. RIP

    RIP Veteran Member

    New phishing scam sees hackers bypass Steam Guard security
    April 17, 2014 | By Mike Rose

    Valve introduced Steam Guard back in 2011 -- an additional security measure that aims to protect users whose Steam accounts are compromised. However, a new phishing scam has seen hackers manage to bypass Steam Guard completely.

    When you have Steam Guard activated on your Steam account, and you (or someone else) attempts to log in to your account from somewhere other than your regular computer, a code is sent to your email which must be entered before access can be gained.

    A new phishing scam, however, asks for a username and password for Steam, and then tells users that they need to download a special SSFN file from your computer. This file is located in your Steam folder, and is in place to tell Steam Guard that it doesn't need to security check your computer.

    As noted by Malwarebytes' Chris Boyd, if you upload your SSFN file through the phishing website, the scammer can then potentially use this file, coupled with a username and password, to gain access to a Steam account and claim it as their own.

    This is a relatively new scam that Gamasutra has seen in action just in the last couple of weeks. Scammers use the account to drain it of any credit, items and trading cards that are inside, and then move on to another account -- notably, the scammer cannot purchase anything, since they need to know your card security details.

    Valve is aware of the issue, and is warning Steam users not to send their SSFN files to anyone.
    syberghost likes this.
  2. syberghost

    syberghost Guild Admin Staff Member

    Finally something worthy to knock my April Fool's prank off the top of the front page.
  3. RIP

    RIP Veteran Member

    Figured since so many use Steam here that this would be an important post to put up.
  4. syberghost

    syberghost Guild Admin Staff Member

    At this point I shouldn't have to say this anymore, but just in case there's somebody who has forgotten:

    Support people for any reputable company will never, ever, EVER, ask for your password. EVER. Any request for your password that doesn't come from the official client or webpage is fake. If they have a legitimate need to access your account, they'll have tools that let them do so without your password.

    If you aren't expecting the email, assume all links in it are fake; type the URL in yourself instead of clicking.

Share This Page