facebook rss twitter

Scammers using new technique to bypass Valve's Steam Guard

by Mark Tyson on 18 April 2014, 11:30

Tags: Valve

Quick Link: HEXUS.net/qacdhj

Add to My Vault: x

The Malwarebytes security blog has highlighted a new method that scammers are using to 'phish' Steam user's accounts. We've all has phishing emails which pretend to be from banks, government departments and e-commerce sites but it looks like scammers are also interested in your Valve Steam account and have a new method to relieve you of its ownership.

Valve has in place a protection mechanism for stopping strangers using your account but this new phishing method bypasses its so-called 'Steam Guard'. You will see Steam Guard employed when you log into a PC you haven't used before with your Steam account. If you haven't seen it before all it does it pop up a window to input a verification code which it has sent your registered email address. No code – no logging to Steam from your new computer, in theory.

However, as Malwarebytes discuss, some enterprising scammers have found a way to get around that protection. From the phishing site you have been directed to, the scammers pop up a window which looks very similar to the official Valve Steam Guard window. The significant difference is that this window has a file upload field where it asks you to navigate to your Steam folder to upload your 'SSFN' file – "As an added account security measure".

Well it turns out that any user can skip Valve's Steam Guard protection on a new, or any, computer just by copying the SSFN file. The file is in your Steam home directory, usually C:\Program Files\Steam, and is named 'ssfnX' – where X is a 19 digit number. The Malwarebytes blog indicates that users have been seeing this particular phishing technique dangled in front of them for the past month or so.

It is suggested that your Steam account may be of interest to others as they can; play all your games for free, change user email address and password, and even make money from selling off any rare in-game items from your various game inventories. However the scammer would also need your credit card 3-digit security code to make additional purchases.

Please see below for an example of how someone was targeted with this particular phishing email and the result. Valve is said to be aware of the issue but we aren't sure if anything more than telling users to be careful will be done.

HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by KeyboardDemon - Fri 18 Apr 2014 12:22
I'm surprised by this! Not that scammers have found a vulnerability, more that it has taken so long for it to happen. I know people have been tricked into giving out account details or some have had accounts hacked because they hadn't used particularly secure passwords, but scams like this one are quite a lot more sophisticated and I can see how many people would be fooled by such methods. I certainly hope Steam do more then warn users to just ‘be careful’ though.
Posted by Rykonnen - Fri 18 Apr 2014 13:13
Considering how many people get fooled by way simpler methods.. there should be way more awareness about phishing. I see a lot of people who only learn after this has happened to them.
Posted by Steve - Fri 18 Apr 2014 13:16
Bit of a shame that the SSFN file isn't hashed against some system-unique ID.
Posted by Heisenberg - Fri 18 Apr 2014 14:26
TL;DR Don't upload your SSFN file?, I completed agree with Steve ^, this seems like such a sensitive file, Valve need to sort this.
Posted by pvee - Sun 20 Apr 2014 01:09
now im worried coz ive been purchasing games and items under steam.

SEE NEWER »