A new phishing method to take over Steam accounts is gaining popularity this year. Steam Guard ensures that access to e-mail account is required to access Steam in addition to login and password. Never telling other people your password is important for security and confirmation codes can save you in case of accidental password leak. Phishing websites are very dangerous – they copy the design of actual Steam web page and use a very similar URL to make you give up your details. Before logging in on Steam web page, always check if it has the valid security certificate from Valve Corporation. If it does not – do not input your password, that site might look like Steam, but it is a fraud.

The new phishing tactic is quite stealthy and can easily trick people not familiar with Steam’s technical details. Instead of asking for confirmation code, they claim that new security measures require ssfn* file from your Steam directory. That is a ruse – Valve will never ask you to upload that file. It contains the information that tells SteamGuard to trust your computer and do not ask for Steam Guard confirmation on every login. If you give that file to somebody else, the attackers will be able to bypass Steam Guard and if they have the password as well – they will be able to get a full access to your account. Once again, Valve generates your security keys and they will never ask you to upload any files for login.

If you see some site asking to upload ssfn* file, immediately leave that site and change your password. Always be vigilant with your login details and always check if you are on an actual site when using Steam and other internet services.