The Steam gaming platform is one of the biggest targets for fraud, but the good news is that most attacks use social engineering and phishing. This means that, with a bit of prep and a solid security solution, it’s not very hard to keep your account safe.
We all know Steam as the ubiquitous storefront for publishers and indie developers, but it's a micro-economic cosmos. When used as intended, it can even generate some profit for its users. Unfortunately, new types of fraud will inevitably appear whenever criminals have the slightest chance to profit.
Steam has been around for a very long time, meaning that criminals have changed their vector of attack numerous times as the platform grew more secure. Now, criminals have to try to go after the next weak link - Steam users.
One of the more widespread frauds on Steam that continues to claim victims even today is based exclusively on social engineering. Criminals contact potential victims through third-party channels like Discord and inform them that they have reported them by mistake to Steam. They wanted to report a scammer but got the Steam username wrong.
The scammers talk nicely and respectfully, they apologize profusely, and they want to "make things right." This is where the scam may vary slightly, but they generally offer to put you in contact with yet another person, supposedly a Steam admin.
The "Steam admin" is sympathetic and wants to help. But to help, he needs to verify the account somehow, which usually involves the victim logging out and providing the attacker with the login credentials and the SteamGuard code. The criminal then proceeds to purchase gifts through Steam or persuades the victim to buy Steam Cards from third-party websites, promising to return the money once the account has been "verified."
Other attack vectors include direct contact through emails, Steam or even by phone. Some criminals pose as Steam employees, and ask for various items in trades to "validate" the account. Of course, the items they're after would be expensive, and they won't return them as promised.
In other situations, criminals posing as government agents call people on the phone, threatening to take action due to unfilled taxes or other reasons. They try to persuade victims to purchase Steam Gift Cards to cover the infraction.
One of the most common types of fraud involves Steam target trades. On this platform, people are free to trade all kinds of gaming rewards, skins and more, including some items that can be really expensive. Some people trick users into engaging in fake or malicious trades.
People might receive trade requests from people already on their friend list, not knowing that their friend's account was compromised. In other situations, criminals redirect Steam users to third-party websites that copy the trading functionality in the app and request money instead of items. Attackers might even offer CD keys as a trading currency.
And let's not forget about phishing or password reset attempts that can also be used. Some attackers may take over an account only to ask for a ransom.
Steam will always be a target for scammers, fraudsters and other criminals. Users should always be on the lookout and follow a few simple rules. Never engage with people outside the official platform; always be wary of trades initiated by people on the friend list.
Also, don't click on links involving Steam services received from unknown people, don't follow any instructions from phone conversations, and always run a security solution, like Bitdefender Ultimate Security on your device. The security solution will pick up malicious links before they can cause any harm.
Lastly, if a trade seems too advantageous for you, be suspicious. Trades are some of the sought-after frauds, and you should always check the validity of trades before engaging in them.