•  News
  • 50.25% (Neutral)
  • Member Topic Starter
Another day, another exploit/attack/hack/breach/phishing scam to worry about. This one concerns Valve’s Steam Guard Protection and a new phishing scheme that, if successful, allows a cybercriminal to steal a file that will bypass the Steam Guard Protection and allow the thief to log in to the victim’s account from any computer.

Steam Guard phishing
The above is a fake--a phishing attempt

Malwarebytes detailed how the scam works. When you attempt to log into Steam on a different machine and Steam Guard asks you to submit a verification code it will let you in. However, if the phisher gets you to fall for a fake message that looks just like the Steam Guard pop-up, he can acquire your SSFN file, which, when dropped into the Steam directory on the thief’s computer, allows him to log in to Steam as you.

Steam Guard phishing
This is what you *should* see

“While logged in as a Steam user, they’ll be able to see the victim’s purchase history, change current email address, current Steam password, disable Steam Guard, change the profile name and update the stored payment method (if any),” wrote Malwarebytes’ Christopher Boyd in a post. Fortunately, “They can’t make purchases with the stored card because Steam requires you to re-enter the security code when making payments,” he added.

Be sure that you’re vigilant and that any Steam Guard screen you see is legit. Take an extra moment to scan for anything off.

Wonder how long this has been going on. I got a steam guard pop up the other day, and i was on the same laptop i always use.


Never mind, was looking at the article on my phone, so the picture wasn't too clear, mine was a regular pop up sending a code to my email.


Mauro Cifuentes


Is the main point of this just to ruin someone's day? I don't see the point of taking over an account... if free games matter -that- much, you'd think people would be quicker to pirate them, not breach someone's account.


Rwilliams, your missing the point. It's about money. Yes you can pirate the game, but most likely there will be no multiplayer function. Another is the steam community marketplace where you can sell a persons collected items from in game. Some games like TF2 and CSGO have some extremely high priced items which go into the 100's of dollars. The money then goes into your Steam Wallet, then you could purchase games with those acquired funds and gift them to another account or sell them at a reduced price to others. These accounts can also be sold to game hackers who just want a cheap account to hack with and not to be worried if their main account gets banned.


I hope there is a solution very soon !!!