A new phishing campaign is doing the rounds on the Steam game distribution platform, attempting to trick people into handing over their credentials via a roulette-style game promising free keys.
The fraudsters funnel the Steam users to the phishing websites with the help of a redirector domain which is hidden behind a URL shortened using t.co, Twitter's link-shortening service.
The phishing sites are promoted on the Steam platform using already hijacked accounts which deliver the shortened URLs to their friend list using the Steam chat.
Phishing message in Steam chat
A recent Steam phishing campaign caught our eye, but looking deeper, we found it's been around for a few months. We investigate the phish to show users how to spot the telltale signs of social engineering.