Malwarebytes: 'Typosquatters' Build Fake Steam Community Site to Scam Unsuspecting Visitors

July 3, 2014 - GamePolitics Staff

Anti-virus and Internet security research company Malwarebytes points out a common scam used to trick Internet users into thinking that they are visiting a legitimate site when they are in fact at a scam site just itching to steal their personal information or to infect them with some form of nefarious software. The example they use is a site that takes advantage of typosquatting.

These sites anticipate the names that might come out of a user inadvertently typing in the wrong URL due to spelling errors. In this example, a user might accidently type in "sleamcummunity.com" thinking that they are heading to Steam's community site (www.steamcommunity.com). But because the scammers have built a site that looks identical to Valve's Steam community portal, users get tricked into logging in.

As Malwarebytes points out, clicking the “Sign in” button or the “Login” link at the upper right corner of this fake page directs users to the phishing page, which is a "pixel-by-pixel copy of the legitimate one."

Malware intelligence analyst, Jovi Umawing of Malwarebytes has more information on this scam over at the official Malwarebytes Blog.

But the best way to avoid scams like this is to always look at your address bar and make sure you have typed in the proper URL. If it seems off, then it probably is, no matter how authentic the page you are on might look.

As it turns out, when Malwarebytes did a Whois lookup on the domain it found that it was registered by someone in Russia.


Comments

Re: Malwarebytes: 'Typosquatters' Build Fake Steam Community ...

It doesn't matter if they can or cannot get into a person's steam account.

They have a username and password they can try using on other sites because a large portion of the population reuses them on multiple sites.

Re: Malwarebytes: 'Typosquatters' Build Fake Steam Community ...

Why?

Have you ever tried to log onto your steam account from a friends house? As soon as you do it sends you an email with an activation code for the new machine/ip. If you don't go get it, your account is flagged as suspicious.

This sounds like a stupid idea entirely.

And it's so easy to catch. All Steam has to do is go to that site, enter some phony account/passwords, and then wait for someone to use them.....

Horrible idea.

Re: Malwarebytes: 'Typosquatters' Build Fake Steam Community ...

Steam Guard is partially optional, and only enabled when you verify your email address. Additionally, some people go the extra step of disabling it.

https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519

----
Papa Midnight

Re: Malwarebytes: 'Typosquatters' Build Fake Steam Community ...

In my case someone busted into my email to circumvent it.

 
Forgot your password?
Username :
Password :

Poll

Have you visited a video game arcade in the last year?:
 

Be Heard - Contact Your Politician