3 min read

The Steam Gaming Platform Is a Common Target for Criminals. Here's How to Recognize Fraud

Silviu STAHIE

August 19, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
The Steam Gaming Platform Is a Common Target for Criminals. Here's How to Recognize Fraud

The Steam gaming platform is one of the biggest targets for fraud, but the good news is that most attacks use social engineering and phishing. This means that, with a bit of prep and a solid security solution, it’s not very hard to keep your account safe.

We all know Steam as the ubiquitous storefront for publishers and indie developers, but it's a micro-economic cosmos. When used as intended, it can even generate some profit for its users. Unfortunately, new types of fraud will inevitably appear whenever criminals have the slightest chance to profit.

Steam has been around for a very long time, meaning that criminals have changed their vector of attack numerous times as the platform grew more secure. Now, criminals have to try to go after the next weak link - Steam users.

Reported by mistake

One of the more widespread frauds on Steam that continues to claim victims even today is based exclusively on social engineering. Criminals contact potential victims through third-party channels like Discord and inform them that they have reported them by mistake to Steam. They wanted to report a scammer but got the Steam username wrong.

The scammers talk nicely and respectfully, they apologize profusely, and they want to "make things right." This is where the scam may vary slightly, but they generally offer to put you in contact with yet another person, supposedly a Steam admin.

The "Steam admin" is sympathetic and wants to help. But to help, he needs to verify the account somehow, which usually involves the victim logging out and providing the attacker with the login credentials and the SteamGuard code. The criminal then proceeds to purchase gifts through Steam or persuades the victim to buy Steam Cards from third-party websites, promising to return the money once the account has been "verified."

Posing as other people

Other attack vectors include direct contact through emails, Steam or even by phone. Some criminals pose as Steam employees, and ask for various items in trades to "validate" the account. Of course, the items they're after would be expensive, and they won't return them as promised.

In other situations, criminals posing as government agents call people on the phone, threatening to take action due to unfilled taxes or other reasons. They try to persuade victims to purchase Steam Gift Cards to cover the infraction.

Trades are often the criminal's bread and butter

One of the most common types of fraud involves Steam target trades. On this platform, people are free to trade all kinds of gaming rewards, skins and more, including some items that can be really expensive. Some people trick users into engaging in fake or malicious trades.

People might receive trade requests from people already on their friend list, not knowing that their friend's account was compromised. In other situations, criminals redirect Steam users to third-party websites that copy the trading functionality in the app and request money instead of items. Attackers might even offer CD keys as a trading currency.

And let's not forget about phishing or password reset attempts that can also be used. Some attackers may take over an account only to ask for a ransom.

Conclusion

Steam will always be a target for scammers, fraudsters and other criminals. Users should always be on the lookout and follow a few simple rules. Never engage with people outside the official platform; always be wary of trades initiated by people on the friend list.

Also, don't click on links involving Steam services received from unknown people, don't follow any instructions from phone conversations, and always run a security solution, like Bitdefender Ultimate Security on your device. The security solution will pick up malicious links before they can cause any harm.

Lastly, if a trade seems too advantageous for you, be suspicious. Trades are some of the sought-after frauds, and you should always check the validity of trades before engaging in them.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read