Sophos Detects Fresh Phishing Scam Abusing Steam

Security researchers from Sophos the security company caution that phishers are increasingly targeting the biggest Internet gaming website worldwide namely Steam.

Actually, the Steam accountholders are getting the fraudulent, phishing e-mails that have the subject line, "Warning! Your (user) steam account will be suspended?" as well as a spoofed sender's address seeming like they've been sent from support@steampowered.com.

Also, it's possible that the fraudsters are exploiting an authentic e-mail template that Steam uses since the e-mails bear an appropriately-designed header as well as footer, exhibiting logos belonging to 'Steam and Valve,' the owner of Steam.

Moreover, they're using a conventional lure in their attack, which's the intimidation about having the gaming account of the e-mail recipient deactivated.

Incidentally, the phishing e-mail states that Steam has lately found that various PCs have been trying to access the recipient's Steam account when several passwords were entered prior to the first browsing session. Consequently, it's necessary that he revalidates his account details to Steam before February 11, 2011, otherwise his account will be put on hold indefinitely, the message concludes. Softpedia.com reported this on February 17, 2011.

Meanwhile, the e-mail provides a web-link that recipients are directed for following wherein they can re-validate their account details.

Remarking about this phishing assault, Senior Technology Consultant Graham Cluley at Sophos says that albeit it appears as though the web-link would lead one onto the actual site of Steam, but in reality the HTML takes onto a phishing website. Nakedsecurity.sophos.com published this on February 16, 2011.

Amazingly, the above mentioned spoofed e-mail was detected on February 15, 2011 though the message asserts that Steam-users must respond within February 11, 2011 if they want to avoid the dire consequences.

Cluley adds that similar to an earlier observation of an underground economy for captured accounts of iTunes, Steam accounts too bear certain monetary worth.

Eventually, he says that users must think again prior to following the particular web-link, adding that they shouldn't use an identical password on Steam as well as on other Internet sites as that can mean handing over to cyber-crooks things in excess of their Steam account credentials.

Related article: Spike in Attacks Causes Early Release of Windows Patch

» SPAMfighter News - 2/26/2011