We wanted to alert you this week of a hoax that is going around online involving Steam skins. There’s a fake Steam skins giveaway making the rounds, but be careful because this is a scam that will be used to steal your Steam credentials. We have all of the latest details about this fake Steam skin giveaway so keep reading to learn more about how to avoid this scam.
New Fake Steam Skin Giveaway Actually Steals Steam Credentials
There’s a new phishing website that was found this week which is aimed at getting you to believe you’ve won a Steam skin in a giveaway. This giveaway website says that it will be giving away various Steam skins each day, but in reality, it’s a scam designed to just steal your Steam credentials. This fake Steam skin giveaway website was discovered by a researcher known as “nullcookies” and now we are warning you of this issue.
What’s even worse is that this researcher found that these fake Steam skin giveaways are even being promoted through the official Steam site. You can find some of these scam messages on Steam profiles and it seems that Steam hasn’t removed these scam comments from profiles.
If you head to Steam you can do a search and see for yourself just how many of these fake Steam skin giveaway messages are out there on the official site. Most of these scam comments say something similar to “Your SteamID was selected as a winner of our Weekly giveaway” and then a website is listed to claim your reward.
Steam Scam Promoting Skin Giveaway is Hoax & Here’s How to Spot It
As mentioned above, these fake skin giveaways are showing up on Steam profiles with a particular type of message. If you click the link provided within the message you are taken to a website where it looks like a promotion is going on. The promotion usually uses Counter-Strike: Global Offensive as the game for the fake skin giveaways. This is a phishing website and landing page that will look pretty legit, even having a chat section on the left.
So here’s where things get interesting and where the scam really comes into play. This website will tell you that you need to use your Steam credentials in order to claim the free skin. It will tell you that once you log in using your Steam credentials there will be a certain message in the chat you need to look for. The message is “Skin Rain” and when you see this in that chat window you need to click on it in order to get the free skin.
Even worse is that this phishing website claims to have sponsorship by companies such as FaceIt, Handouts, and G2A. Obviously, this is all a lie and this website is a phishing site just to steal your login credentials to Steam.
Fake Steam Login Page Used to Steal Credentials in Steam Skin Giveaway Hoax
The craziest part here is that if you go to try to login using your Steam credentials in order to claim the free skin, it actually will look like the real Steam page. The fake Steam page is loaded up and it looks identical to the real one, but the login section is fake and being monitored by the scammers. If you enter those Steam credentials into this fake page, the hacker is going to get your login credentials to Steam and a real Steam Guard request is also part of this scam.
As you might figure, once the scammer has your Steam login credentials, anything can happen. Your Steam account could end up hijacked and malicious activities could be performed using your account. This fake website is hosted by Cloudflare and so many reports have happened that Cloudflare is popping up an alert to tell you that it’s a suspected phishing website.
The best way to prevent your credentials from being hacked is to never login to Steam from a third-party website. If a website is offering free items you should be leery of it and only use verified websites to login to any account. As with most things in life, if it looks too good to be true, then it probably is.