A new phishing scam is trying to steal Steam credentials by promising a free month of Discord Nitro worth a whopping $999
But it's a trick, Jovi Umawing of Malwarebytes said in a blog post yesterday (November 2): the fake Steam sign-in popup on the Discord page takes away your Steam username and password It does nothing except
In case you don't know what I'm talking about, Steam is a very popular online platform for selling PC (and Mac and Linux) games, and Discord is a very popular messaging platform among online game players Discord is basically free, but there is also a subscription tier called Nitro for $999/month or $9999/year
Umawing explained that Discord users are promised a free month of Nitro when a random direct message pops up in their feed
Steam and Discord are separate companies and would not normally give away each other's stuff; according to Umawing, clicking on the embedded link brings up what looks like a real Discord page, with a big purple "Get Nitro" in the middle button
This results in what looks like a Steam sign-in window, but as Umawing points out, "it's not really a separate window, but part of the website itself"
If you log in to the fake Steam sign-in window, the login fails and you are told that "the account name or password you entered is incorrect" The scammers have your Steam username and password, so they can do whatever they want
The links to these phishing pages look legitimate, such as discord-nitrocom, appnitro-discordcom, and discord-steam-promocom According to Umawing, such fake According to Umawing, more than 100 such fake web addresses exist and are waiting to lure online gamers
We tried one of these malicious URLs and were redirected to a site that asked us to install a Chrome browser extension to continue Dodgy extensions are among the most dangerous things to install on a browser, stealing passwords, spying on browsing history, etc
To avoid falling for this and similar scams, the first step is to enable two-factor authentication in your Steam account; Steam does this through the Steam mobile app, which has a one-time passcode generator called Steam Guard It includes a one-time passcode generator that must be used when logging into Steam from a new device
Make sure your Steam password and Discord password are long, strong and unique Click here to learn how to create strong passwords Also consider using the best password management tools to keep track of all your passwords
Comments