Steam users warned to beware this dangerous phishing scam
Avoid opening any links in messages sent from unknown users
A new scam is making the rounds online that could lead to PC gamers losing access to their Steam accounts or even having their devices infected with malware.
If you've played an online multiplayer game before, then you're likely familiar with skins. Skins are fancy overlays of in-game items that are most commonly traded-in game. However, they're also sold for either virtual or real cash online.
Valve, the company behind Steam, offers skins and other tradeable items in its own games such as Counter Strike: Global Offensive and Team Fortress 2 though skins are also available in many of the games on its digital distribution service. As Valve launched Steam all the way back in 2003, many PC gamers have built up large libraries of games and some have even spent thousands of dollars doing so.
Now though, Malwarebytes is warning of a new scam involving skins that could result in victims losing access to their accounts and their massive library of games.
Free knife scam
According to a new blog post from Malwarebytes Labs, one of the oldest scams around is skin phishing in which a scammer will create a fake marketplace, an imitation of a real game-themed lounge or a fake user's trading inventory page to carry out account compromise.
What makes this tactic so dangerous is the fact that it can be carried out in such a short time. A scammer will begin by sending a message to potential victims on Steam or Discord that contains a malicious link.
Here are just a few examples of the messages used in this latest skin phishing campaign:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- “Yo, I don’t know you unfortunately, but this is for you, I do not need that knife [link]”
- “I haven’t met you unfortunately (or not lol), but take it, I dont don’t need that skin [link]”
- “G’day – I don’t need this bayonet just take it [link]”
Once a user's Steam account has been taken over, they'll need to go through Steam support to try and recover it but by that time, the scammer will have likely changed their password and other login information. To make matters worse, they might even try to perform identity theft by logging into a victim's other online accounts using their Steam credentials.
To protect yourself from this scam and others like it, Malwarebytes recommends that Steam users enable two-factor authentication (2FA) for their accounts and avoid clicking on any links from unknown users either in-game or online.
Want to protect your PC from malware? Check out our list of the best malware removal software and the best antivirus software
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.