A new type of steam scam that involves the use of a Phishing site asking users to cast votes for their friend’s CSGO team to get invited for the tournament. This type of scam has been making rounds since 2018, but since last month i.e. September this type of scam has become more common and has easily tricked many innocent Steam users in losing access to their account.
How does it work?
- You will receive a message from a friend on your list asking you to “vote for his/her csgo team” on a site called ultracup(dot)fun such as they can get invited to a $30,000 CSGO Tournament called Ultracup Tournament/League.
- As soon as you click on the link, you will be redirected to a site that on the first will appear genuine as they won’t be asking any login info other than a user name.
- But as soon as you visit the site, a script starts in the background which will run malicious code and allow scammers to inject a virus on your PC to gain remote access over it.
- Once the scammers gain access to the PC, they hijack the Steam account and trade away the items in inventory and further perform other malicious activities such as messaging others on your friend list.
To make it look legitimate, the site also contains a fake chat screen running on the left-hand side of the page and a vote share screen in middle with the names of random teams. Furthermore, the site will be plastered with the names of the sponsors like G2A, Bitskin, Kinguin, and FaceIt.
Other scam types to look out for-
Steam wallet scam.
Fake gambling site
Item buying/selling scams.
Steam’s official guidelines and Stance on scam items-
Additional Security measures to follow-
- Enable Steam Guard two-factor authentication
- Never click on any link however genuine it might look
- Use an anti-virus program with internet security and firewall protection
- Always keep anti-virus, browsers, window, etc. updated
- Avoid logging in to Steam on insecure or shared computers
- Never save login credentials in a text file.