Updated Steam phishing scam automates SSFN upload

The Steam Summer Sale is in full swing and so too are efforts to bypass the security of Steam Guard and compromise the security of your account. The latest phishing scam is actually an update of one that came to light back in April that largely automates the process, making it easier than ever to give up all your hard-earned stuff to the bad guys.

The previous iteration of this scam suffered from a fundamental flaw: Its success depended on taking advantage of PC users who weren't savvy enough to recognize it as a fraud but had enough technical know-how to manually upload their SSFN file, a central component of Steam Guard security, to a remote server. It's not brain surgery, but it's tricky enough to be a real obstacle.

The updated version goes a long way toward getting around, however, that by largely automating the SSFN upload process. As explained by Malware Bytes , victims are lured in by a fake Steam profile loaded with rare items for trade, which leads to a fake login page. At this point, a download link pops up along with a window claiming that the user is logging in from a new computer and must therefore enable Steam Guard.

"As an added account security measure you'll need to grant access to this browser by running the special tool (SteamGuard) we just sent to your computer," the message states. "To complete the login you should click to open tool, then authentication is automatically completed."

Obviously, that's not what actually happens. Instead, the program locates the Steam folder and the SSFN, then uploads it to the phishing site. With that in hand, the phishers have ready access to your account and all those sweet trading cards you've so painstakingly collected. In other words, running that program is an extremely bad idea, so don't do it.

Andy Chalk

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.