Today, I was contacted by a friend on Steam requesting I ‘vote’ for him in an upcoming CSGO tournament. I found this weird as the friend in question wasn’t an avid CSGO player. Wanting to help out a friend I navigated over to a convincing tournament website:
Phishing link sent by friends Steam account.
Fake website mentioning ESL and CSGO specifically.
Two things did stand out on the website; the first was
teams?r=gamescsgo but no further indication of a ‘Games’ section or drop down. The second was the mention of ESL (which is a legitimate CSGO league and where this privacy bar was stolen from). Clicking on his ‘Team’ requested me to login via Steam, this is not uncommon as a lot of services request access to Steam to validate single entries.
Update – After doing further digging, the website in question is stolen from United.gg. I have contacted them so they are aware.
Suspicious ‘Sign in through Steam’ box on a different domain when clicking vote.
Fake ‘popup’ mentioning ESEA.