Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 16, 2019
arrowPress Releases







If you enjoy reading this site, you might also want to check out these UBM Tech sites:


New phishing scam sees hackers bypass Steam Guard security

New phishing scam sees hackers bypass Steam Guard security

April 17, 2014 | By Mike Rose

April 17, 2014 | By Mike Rose
Comments
    6 comments
More: Console/PC, Business/Marketing



Valve introduced Steam Guard back in 2011 -- an additional security measure that aims to protect users whose Steam accounts are compromised. However, a new phishing scam has seen hackers manage to bypass Steam Guard completely.

When you have Steam Guard activated on your Steam account, and you (or someone else) attempts to log in to your account from somewhere other than your regular computer, a code is sent to your email which must be entered before access can be gained.

A new phishing scam, however, asks for a username and password for Steam, and then tells users that they need to download a special SSFN file from your computer. This file is located in your Steam folder, and is in place to tell Steam Guard that it doesn't need to security check your computer.

As noted by Malwarebytes' Chris Boyd, if you upload your SSFN file through the phishing website, the scammer can then potentially use this file, coupled with a username and password, to gain access to a Steam account and claim it as their own.

This is a relatively new scam that Gamasutra has seen in action just in the last couple of weeks. Scammers use the account to drain it of any credit, items and trading cards that are inside, and then move on to another account -- notably, the scammer cannot purchase anything, since they need to know your card security details.

Valve is aware of the issue, and is warning Steam users not to send their SSFN files to anyone.


Related Jobs

Sucker Punch Productions
Sucker Punch Productions — Bellevue, Washington, United States
[10.15.19]

Producer
Sucker Punch Productions
Sucker Punch Productions — Bellevue, Washington, United States
[10.15.19]

QA Manager
Sucker Punch Productions
Sucker Punch Productions — Bellevue, Washington, United States
[10.15.19]

Senior Lighting Artist
Sucker Punch Productions
Sucker Punch Productions — Bellevue, Washington, United States
[10.15.19]

Camera Designer









Loading Comments

loader image