Steam Phishing: Popular as Ever
Essential information
- Published
- 20/06/2025 18:55
- Modified
- 23/06/2025 23:08
- Tags
- 2025-06-20 credential-theft cybersecurity fraud gaming phishing social engineering steam
- Related entities
- 31 observables
Description
A recent phishing campaign targeting Steam users has been identified, involving deceptive messages sent through the platform's Friends list. The attackers use fraudulent URLs that closely mimic Steam's official domain, directing users to a fake 'Summer Gift Marathon' page. Upon logging in, users' credentials are stolen, potentially leading to further phishing attacks and theft of inventory items. The blog post lists numerous similar phishing domains and provides tips for users to stay safe, including only logging in through the legitimate Steam website, being cautious of unexpected messages with links, and using tools like URLscan.io and VirusTotal to check suspicious websites.