Beware: Valve Steam Guard Phishing Attack Discovered

rated by 0 users
This post has 7 Replies | 1 Follower

Top 10 Contributor
Posts 26,500
Points 1,196,740
Joined: Sep 2007
ForumsAdministrator
News Posted: Tue, May 13 2014 12:36 AM
Another day, another exploit/attack/hack/breach/phishing scam to worry about. This one concerns Valve’s Steam Guard Protection and a new phishing scheme that, if successful, allows a cybercriminal to steal a file that will bypass the Steam Guard Protection and allow the thief to log in to the victim’s account from any computer.

Steam Guard phishing
The above is a fake--a phishing attempt

Malwarebytes detailed how the scam works. When you attempt to log into Steam on a different machine and Steam Guard asks you to submit a verification code it will let you in. However, if the phisher gets you to fall for a fake message that looks just like the Steam Guard pop-up, he can acquire your SSFN file, which, when dropped into the Steam directory on the thief’s computer, allows him to log in to Steam as you.

Steam Guard phishing
This is what you *should* see

“While logged in as a Steam user, they’ll be able to see the victim’s purchase history, change current email address, current Steam password, disable Steam Guard, change the profile name and update the stored payment method (if any),” wrote Malwarebytes’ Christopher Boyd in a post. Fortunately, “They can’t make purchases with the stored card because Steam requires you to re-enter the security code when making payments,” he added.

Be sure that you’re vigilant and that any Steam Guard screen you see is legit. Take an extra moment to scan for anything off.
  • | Post Points: 110
Not Ranked
Posts 6
Points 25
Joined: Mar 2011
GLair replied on Tue, May 13 2014 10:18 AM

Wonder how long this has been going on. I got a steam guard pop up the other day, and i was on the same laptop i always use.

  • | Post Points: 5
Not Ranked
Posts 6
Points 25
Joined: Mar 2011
GLair replied on Tue, May 13 2014 10:30 AM

Never mind, was looking at the article on my phone, so the picture wasn't too clear, mine was a regular pop up sending a code to my email.

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: May 2014

Mauro Cifuentes

  • | Post Points: 5
Top 150 Contributor
Posts 627
Points 5,605
Joined: Sep 2012
Location: Canada
ForumsAdministrator
Moderator
RWilliams replied on Tue, May 13 2014 4:24 PM

Is the main point of this just to ruin someone's day? I don't see the point of taking over an account... if free games matter -that- much, you'd think people would be quicker to pirate them, not breach someone's account.

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: May 2014

Rwilliams, your missing the point. It's about money. Yes you can pirate the game, but most likely there will be no multiplayer function. Another is the steam community marketplace where you can sell a persons collected items from in game. Some games like TF2 and CSGO have some extremely high priced items which go into the 100's of dollars. The money then goes into your Steam Wallet, then you could purchase games with those acquired funds and gift them to another account or sell them at a reduced price to others. These accounts can also be sold to game hackers who just want a cheap account to hack with and not to be worried if their main account gets banned.

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: May 2014

WHATEVER !

  • | Post Points: 5
Not Ranked
Posts 39
Points 285
Joined: Jun 2011
Location: U.S.A.
elkhorn replied on Wed, May 14 2014 1:21 PM

I hope there is a solution very soon !!!

  • | Post Points: 5
Page 1 of 1 (8 items) | RSS