Picture-in-Picture Phishing Campaign Goes After Steam Credentials

Phishing attacks are nothing new, especially when it comes to spam e-mails sent in the hope of reaching the perfectly gullible victim who would click on a maliciously crafted link or open a malware dropper script disguised as an attachment.

That being said, a security researcher from San Francisco, CA, using Aurum as an online handle, has found a phishing campaign targeting Steam users using an unorthodox technique of spoofing legitimate login pages.

He found the phishing scam site,, after a discussion with one of the scammers behind this phishing campaign and he noticed that the phishing website was an almost identical copy of, a legitimate Steam trading site.

From here on out things got very interesting seeing that the scammers went through the trouble of hosting their phishing site on CloudFare and even chose to use a CloudFare SSL certificate to make i… (read more)

This post has been read 36 times!

You Might Also Like