Steam, the world’s largest online gaming platform, is increasingly being targeted by phishers trying to steal credentials from its 30 million users.
If you’re not familiar with Steam, just imagine something like iTunes – but for PC and Mac video games.
If you’re interested in digitally downloading video games for your computer, Steam is likely to be your destination.
Phishing attacks against Steam users are nothing new – they’ve been around for a couple of years – but as more and more users jump onto the Steam bandwagon (train?) phishers have greater chances of success.
Here’s one example of a Steam phishing email, intercepted by SophosLabs, which was sent to an email address that has never registered for a Steam account:
Subject: Warning! Your steam account will be suspended?
Although it looks like the link will take you to the real Steam website, the HTML actually directs you to a phishing site. Our spam researchers had a wry smile when they spotted that the email was sent on 15 February and yet it claims that Steam accounts will be closed if they don’t hear back from the users by 11 February.
Just as we’ve seen a black market for stolen iTunes accounts, so Steam accounts have a monetary value too.
So, don’t be too trigger-happy and always think before you click on that link. And if you use the same password on Steam as you do on other websites you could be handing cybercriminals over more than just the keys to your games cupboard.
Valve, the company behind Steam, has published advice on how to secure your Steam account which users would be wise to read.