Fake Steam Skin Giveaway Site Steals your Login Credentials
A fake Steam skin giveaway site has been created that states it gives away news skins every day, but in reality it just steals your login credentials.
This phishing site was first discovered by researcher nullcookies where he posted a warning about it on Twitter.
After nullcookies told us that Steam phishing sites are commonly promoted directly on Steam, we performed a search and found that this scam is being promoted through comments made to Steam profiles. These comments state “Dear winner! Your SteamID is selected as a winner of Weekly giveaway. Get your Karambit | Doppler on giveavvay.com”.
If a user goes to the promoted site they will be shown a pretend ‘$30,000 giveaway’ promotion that contains 26 days of free skin giveaways for Counter-Strike: Global Offensive (CSGO). This phishing landing page also has a fake running chat screen on the left hand side of the page.
In order to get a free skin, the site tells you to login to the site using your Steam credentials and then wait for the words “SKIN RAIN” to appear in the chat. When they appear, the site says you should click on the words to get one of the free skins being offered that day.
They also state that these skins are allegedly being sponsored by G2A, Handouts, opencases.cheap, GamDom, Kinguin, and FaceIt. It goes without saying that you should not believe what is said on this site.
If a user falls for the scam and clicks the “Sign in via Steam” button, it will pretend to open the login form from Steam, but will ultimately display a fake Steam login form. While this screen looks like the normal Steam login, any login credentials that are entered will be sent to the attackers instead.
When logging in, the scam site will also initiate a legitimate Steam Guard request and prompt you to enter it so that they have the code.
Once the attackers gain access to the victim’s login credentials, they can hijack their Steam account, trade away items, and perform other malicious activity such as promoting their scam.
Thankfully, this phishing page is heavily reported and as it’s hosted behind Cloudflare, an alert will be shown to users who try to access it and warns that this is a suspected phishing site.
To be protected from sites like these, all Steam users should only login to Steam directly from the steampowered.com domain. If you are using another site that wants to login through Steam, be sure to do thorough research about the site before entering any login credentials.