For a more detailed article, see https://support.steampowered.com/kb_art ... -OAFV-8478
What is phishing?
Phishing scams generally involve either a person directly asking for your credentials under false pretenses or directing you to a website to log in. Sometimes they will pose as some official that must "verify" your account before it is locked, or they may entice you with an offer of free games.
Sometimes the website you are directed to will be an exact replica of the Steam website, but this in no way an indication that the site is legitimate. It is very easy to make an exact copy of a website. Even the address can look almost identical, which is why you should always type it in manually. I'll give some tips on avoiding these sites.
How do I avoid these scams?
First, some important rules you should always follow:
- NEVER GIVE YOUR PASSWORD TO ANYONE, EVER! Valve employees will never ask for your password under any circumstances.
- DO NOT enter your username or password to any website after following a link. Either manually type in the address or use a bookmark.
Use only the official Steam website!- Official Steam login URLs (you should only log in at these locations):
- Do not use the same password for other websites or services. Use a strong password, preferably with a mix of letters, numbers, and symbols.
- Use virus/malware protection and always keep it up to date. Scan regularly.
If you do not have virus protection, Microsoft Security Essentials is a good free option for Windows. - Verify your Steam email (https://support.steampowered.com/kb_art ... 543#verify)
- Enable Steam Guard (https://support.steampowered.com/kb_art ... -ALZM-5519)
- Finally, always use common sense. This is the most powerful defense.
- DO NOT download any files from unknown sources.
- DO NOT follow ambiguous or shortened links. There should be no reason to use shortened links on Steam.
Here is what an official Steam site looks like in some popular browsers:
Note the website address from the list above and the "https://" prefix as well as the identification of "Valve Corporation." This is a sure sign of an official website.
If you do not see this identification, the website is not real!
I found a phishing website. What should I do?
You should report the website so it can be blocked to prevent others from falling into the trap:
FireFox: Help > Report Web Forgery...
Internet Explorer: Tools > Phishing Filter > Report This Website
Others: Go to http://www.google.com/safebrowsing/report_phish/
My account was hijacked! What should I do?
See: https://support.steampowered.com/kb_art ... -QDFN-4366
So I hope at least some of you learn something from this and that this prevents stolen accounts in the future. Knowing what to look for is the best way to avoid phishing scams. Let me know if you have any questions or if I forgot anything.
