New Phishing Scam Targeting Steam Uncovered

👤by Tim Harmer Comments 📅18.04.2014 13:25:16

Internet security firm Malwarebytes is reporting that a new vulnerability with Steam's Login/Authentication system has been uncovered, bypassing Steam Guard to allow unauthorised users access to your Steam account. Generally exploited by standard phishing techniques, where an individual attempts to have you log into your account on a website which looks legitimate but is in reality a facsimile located on their own servers, it should only affect the unwary user not yet inured to such attempts.

Steam Guard is an optional account security layer which prevents new computers from accessing a Steam Account unless the user inputs a verification code sent to the accounts associated email address. If the Steam desktop application is used to log in and access is verified via Steam Guard a file is then created, allowing that PC access in future. It's this mechanism which is being used as a vector for attack.

Rather than only requesting Username/Password, the phishing site follows up with:

We see you’re logging in to Steam from a new browser or a new computer. Or maybe it’s just been a while…

As an added account security measure, you’ll need to grant access to this browser by uploading the special ssfn* file from your Steam folder…

Ssfn* file contains your ID number and located in a directory Steam folder
(…/Program Files/Steam/ssfn* )

Needless to say that this would be a giant red flag to most users, but with a broad enough sweep the scammers will pick up enough victims to make it worthwhile. Once they have successfully logged in said scammers will have access to the entirety of your Steam account, and will eventually be able to change the associated email account, password, CCN and even sell your inventory items via the Steam Marketplace.

In all likelihood Valve will address the problem soon, perhaps by changing the authentication system such that ssfn* files will be generated from and checked against your PC specs on application log-in. Until then it's best to always be vigilant, especially when a site is asking you to upload files from your own PC.

Source: Malwarebytes via The Inquirer

Recent Stories