A new phishing scam has found a way around Steam Guard, Valve has admitted. Steam Guard requires a code sent to the Steam users registered email address before it lets users on unrecognised devices access the platform.
This scam bypasses the security completely and Steam have been warning people not to send their SSFN files to anyone, as this is what the cheeky perpetrators have been using to access users’ libraries.
The scam requests usernames and passwords for Steam and then tells the poor scammed sod to upload an SSFN file. The file normally resides in the Steam folder and exists to tell Steam Guard to not security check the computer.
The file can then be used to gain access to the Steam account, since Steam Guard won’t do a security check on the computer exploiting it. This way funds can be drained from the wallet and trading cards can be sold or stolen.
It is not, at least, possible for the scammer to purchase games, however, as that would still require bank/paypal information.
It’s hardly elaborate and Steam details shouldn’t be given out to anyone, but people fall for obvious scams all the bleeding time.
Cheers, Gamasutra.