Jump to content
Sign in to follow this  

Careful with "Steam" links, fellas!

Recommended Posts

1:23 AM - Pikachu on LSD: I think it's about time for a friendly reminder about phishers

1:23 AM - Tomætoes [sWF2]: he's like spiderman

1:23 AM - Tomætoes [sWF2]: a menace to society


Keep an eye out there!  Phishers are getting just that bit more craftier now.


Even with SteamGuard enabled, unscrupulous people have been simply asking for the SteamGuard code and have also written tools to grab authentication files off the installed Steam client and using it in their own.


Example message, poor English intact.

You'll get this either from friends that have been hijacked and/or other victims that scrape trading sites for your profile:

4:20 AM - dickbutt: Hi. My friend want to trade with you.Add him. steamycornmutiny.com/id/tf2player22


Of course, copy / pasting the link into your browser and bypassing Steam's link filter puts you on a page with a seemingly innocent Steam profile, and any action to attempt to add the "friend" points you to a sign-in page.  From there, you'd maybe consider dropping your username and password into the boxes and trying to sign in.


After filling in your info, the current flavor of the day for hijacking is this dialog, in place of the normal SteamGuard one you'd expect:



Which, if you download and run, will probably grab the SteamGuard file off of your hard drive, which is then easily usable in custom-written Steam clients.  I say probably, considering the analysis service I use isn't any more descriptive than saying it needs the .NET 4.0 framework.  The other one did, though.


tl;dr random executable downloads are bad, mmmkay?


I'm sure you're all careful about random adds and such, so this is a just-in-case thing if you haven't heard yet.

Share this post

Link to post

4:20 AM




Seriously though, I got one of these messages while I was asleep apparently by one of our own members. It could happen to you too, reader. Maybe.


Anyway, everyone be cautious, no one wants to get all of their shit stolen.

Share this post

Link to post


Indeed he was. The phisher sent me a message. I was all "haha, no." Weirdly, Showing's inventory looks okay.  The phisher removed me from his friends list though.


That cornmunity sounds mighty tasty.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...