Virtualization Technology News and Information
Fraudsters are hunting gamers via Halloween sale
Kaspersky researchers have reported on findings that certain phishing websites attempt to steal account credentials from popular gaming platform users. In particular, they found websites that would imitate an authorization page on the Steam website to obtain a user's login name and password. Hackers used a carefully crafted copy of an interface from the legitimate website before the platform's traditional Halloween sale. Once a user attempts to perform any action on a fraudulent site, they stumble upon a browser window to enter their username and password. The domain name in the address bar seems legitimate, so this would not raise concerns. The criminals also attempt to request a confirmation code that the user receives via email or through the legitimate app. 

"Steam is definitely not the only gaming platform being targeted by cybercriminals. In 2019 we saw 229,983 attacks on EA's Origin and, but there has also been a rise in criminals' interest in Steam particularly," said Mikhail Sytnik, security researcher at Kaspersky. "In H1 2019, Kaspersky saw around 58,000 attacks from websites disguised as the Steam platform, and this number more than doubled in H2, reaching 131,000 - and the year is not even over yet. Demand is only set to increase in the final quarter of the year. Fraudsters love to exploit sales on all kinds of gaming platforms, as any that have strict time limits make gamers less attentive to details and therefore more willing to fall for a ruse. We hope gamers benefit from the sales deals as much as possible during the upcoming holiday period. Just be careful when clicking on banner ads and third-party links, especially during the period of ‘special offers' as such phishing is on such a steep rise."

To avoid falling for phishing tricks, Kaspersky recommends:

  • Only use official gaming apps, websites and platforms, such as Steam's official website store.
  • If you are not sure if a website is genuine and secure, never enter your credentials or personal information. If you think that you have may have entered your login and password on a fake page, immediately change your password and call your bank or other payment provider if you think your card details may have been compromised.
  • Use a security solution with behavior-based anti-phishing technologies, such as Kaspersky Security Cloud or Kaspersky Total Security, which will warn you if you are trying to visit a phishing web page.
  • Never use the same password for several websites or services, because if one is stolen, all your accounts are vulnerable. To create strong hack-proof passwords without having to face the struggle of remembering them, use password managers, such as Kaspersky Password Manager.
For more information, visit
Published Thursday, October 31, 2019 9:33 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2019>