Enjoy your Steam: how criminals make money on gamers

Much like the general population, cybercriminals have areas of expertise. Some grift people on social networks, other spread malware via emails and then there are the ones who know how

Much like the general population, cybercriminals have areas of expertise. Some grift people on social networks, other spread malware via emails and then there are the ones who know how to turn gamers items and accounts into money.

The main playgrounds for these types of criminals are the big gaming platforms like Steam, Origin or Battle.net. Typically, the fraudsters profile or target new users to the site along with others who know little about cybersecrutiy. As new gamers sign up in droves on a monthly basis, cybercriminals experience no shortage of potential victims, especially with the rise of multiplayer online games.

Forewarned is forearmed. With that in mind, we’ve decided to make a list of the most widespread Steam scams and share it with you, so that you would not fall for such tricks.

1. Phishing is just as efficient on Steam as it is on social networks and the greater Internet. Fraudsters often analyze victims profile to tilt the odds into their favor or to clone the accounts of their friends.

The criminals will then send a private message where they ask for “help,” offer access to an “amazing game guide,” exchange some items or something else. Regardless of the text, the sole purpose of the contact is to make the user click the fake link in the message. It leads to a malicious site, which looks similar to Steam and requires victim’s login information. When the deceived users authenticate on this site, they risk losing their Steam accounts forever.

To prevent this kind of scum Valve has invented the Steam Guard – and we highly recommend you to turn it on and use the Steam variant of two-factor authentication: either via a mobile app (which is preferred) or via email. You should always check if you are on the real site each time when you enter your login and password. If you see a misprint in the site’s URL, a spacebar or some other excessive symbol, then you can be sure: this is a fake. Don’t do anything with fakes.

2. If the criminals fail to draw in victims via the social engineering, they will look to draw in easy prey from outside of Steam. To do that, the fraudsters write articles and publish videos on YouTube that “reveal” how to get something for free: gain extra experience, copy an item, find “secret” cheat codes, etc.

Tips given in fraudsters’ content are mostly copied and pasted from other web resources. But throughout the text or the video fraudsters obtrusively offer to download some software or an extension that will boost victim’s game character to the unbelievable levels. If a deceived user downloads the malware the most interesting part begins: nobody knows what’s exactly is inside. One can lose his/her Steam account or become a victim of some powerful ransomware. The best way to protect yourself from such threats is to install a reliable security solution. You should also be very attentive and check twice before opening links and downloading files on the Internet.

3. Sometimes people pay for the items not on Steam, but via PayPal, WebMoney or other e-currency services instead. For the Steam system such bargains look like pure heart gifts, as the website does not monitor your wallets all over the world.

So, you can get real money for your items, but sometimes fraudsters pay for the purchase and then write a tearful letter to the support team of their e-currency service where they ask to freeze the transaction and bring money back. To prove their story they can even send a fabricated Skype screenshot, in which the victim looks like a fraudster.

If the support representatives believe the story (and it’s quite possible that they will, as the real victim is unaware of what’s going on and remains silent), then the users are left without both the money and items, given away as a “gift.” And there is no way to return it. That’s why you should not make bargains outside the Steam trade window.

4. Sometimes people try to befriend you or say that they are your old friends – that’s just you know, a second account they are using right now. In the end they ask to “try on those cool items” on the pledge of, “I’ll give it back, cross my heart and hope to die!”

Of course, you should not believe them. Even while there is a small chance they can actually be your friends. If you suspect that you really know this John or Jane, check them: call them or write a Skype or Viber message. Just remember: if you give an item to a fraudster, it’s never going back.


5. Fraudsters don’t limit themselves with the roles of “friends.” Sometimes they present themselves as Steam employees and try to pull a fast one: accuse users of a fraud and force them to give some of their game items for a “scan” and a “check.”

Of course, they don’t work at Valve Corporation. No Steam employee will ever ask a user to share items with anybody else. So you can freely report these scammers.

6. Fraudsters can ask you to send them an email letter with the confirmation link or the link itself. Don’t ever do this, no matter how they explain it! As when they have the link, they can finish the bargain without your real approval. You certainly won’t like the results.

7. In the majority of scams fraudsters will try to hurry or rush you. This is no accident: for example, they can offer you an item, which looks like a valuable one, but in reality it’s not. Moreover, the less attentive the victims are, the bigger are the chances that they will fall for this or that fraudsters trick.

So never yield to pressure and check twice and thrice what you are trading for what before you confirm the bargain.

Remember: according to Steam policy, you cannot return the items that were given away due to scam. All you can do is report a fraudster to the Steam support service.

For this you need:

  • open the fraudster’s account;
  • click the More drop-down button in the upper right corner of the page;
  • choose Report Violation;
  • select the violation (for example, Attempted Trade Scam);
  • click the Submit Report button.

Don’t hesitate to do it: if nobody teaches those bastards a lesson, they will continue their money grab activities.