This legit-looking Steam phishing scam could steal your login credentials in seconds

Phishing scams are becoming increasingly common. Now, a new one is spreading across Steam, using fake playtest invitations to trick users into revealing their login credentials. Reports on Reddit are discussing an instance involving a supposed Mafia: The Old Country playtest (although the game could vary over different phishing attempts). The invitations include links mimicking official Steam URLs but redirect to fake pages that ask users to log in, stealing their credentials. Take a look at this fake playtest invite below:

Similar phishing attacks have targeted platforms like Facebook, Netflix, and PayPal in the past. For instance, users received fake emails from Netflix requesting billing updates, leading them to fraudulent websites. Delivery scams posing as companies like FedEx also surged during the pandemic, especially due to the rise in online shopping during that time.

To avoid falling victim, users should always verify URLs, making sure they match official domains like store.steampowered.com. Remember, Steam explicitly prompts you if a URL tries to open an external browser page. Tools like VirusTotal or URLScan can further help check links safely. It’s also vital to enable two-factor authentication. In the comments on the Reddit post, Steam users are urging Valve to address the issue by flagging malicious links and increasing awareness through platform-wide alerts. Community members were especially emphasizing the importance of reporting suspicious links to protect others.

As phishing attacks continue to evolve, they will target not just gaming platforms, but also everyday services. Staying cautious, scrutinizing links, and practicing good digital hygiene will be essential to staying safe online.