New phishing scam puts your beloved Steam trading cards at risk | PCGamesN

New phishing scam puts your beloved Steam trading cards at risk

Steam Guard phishing scam

A new phishing scam has found a way around Steam Guard, Valve has admitted. Steam Guard requires a code sent to the Steam users registered email address before it lets users on unrecognised devices access the platform. 

This scam bypasses the security completely and Steam have been warning people not to send  their SSFN files to anyone, as this is what the cheeky perpetrators have been using to access users’ libraries. 

The scam requests usernames and passwords for Steam and then tells the poor scammed sod to upload an SSFN file. The file normally resides in the Steam folder and exists to tell Steam Guard to not security check the computer. 

The file can then be used to gain access to the Steam account, since Steam Guard won’t do a security check on the computer exploiting it. This way funds can be drained from the wallet and trading cards can be sold or stolen. 

It is not, at least, possible for the scammer to purchase games, however, as that would still require bank/paypal information. 

It’s hardly elaborate and Steam details shouldn’t be given out to anyone, but people fall for obvious scams all the bleeding time. 

Cheers, Gamasutra.

Sign in to Commentlogin to comment
Rob Zacny avatarShriven avatarBelimawr avatarSpaceDementia avatar
Rob Zacny Avatar
4 Years ago

I shouldn't blame the victim. I really shouldn't. But ...come on.

Shriven Avatar
4 Years ago

This.... This is more like Darwinism..

Belimawr Avatar
4 Years ago

realistically tho if this is possible it will only be a matter of time before people are incorporating sending the file over with a key logger to get the password and username.

so while it is kind of the persons fault if they fell for a phishing scam, it does also expose a massive gaping hole in the steam security.

SpaceDementia Avatar
4 Years ago

Credit card information can be saved and re-used later for future purchases. Isn't it possibler phishers could use that to buy games or steam wallet funds?