A sophisticated phishing campaign is targeting competitive gamers through fake FACEIT verification pages designed to steal Steam accounts containing valuable games, in-game items, and payment information. The scam specifically targets users of FACEIT, one of the largest competitive gaming platforms for Counter-Strike 2, where millions of players connect their Steam accounts for ranked matches and tournaments. Attackers distribute fraudulent pages through gaming community forums, chat servers, social media, and direct messages, exploiting the trust gamers place in account verification processes.
The attack relies on lookalike domains such as faceit-discord.com, faceit-clubs-verify.com, and faceit-verification-clubs.com that mimic the legitimate faceit.com website. These fraudulent pages feature authentic FACEIT branding, working links to real FACEIT resources, and claims about optional identity verification to build community trust. Security researchers have identified that many of these domains are registered just days or hours before use, allowing scammers to stay ahead of blocklists. Small inconsistencies like duplicate copyright notices (both 2024 and 2025) provide subtle clues to the pages’ fraudulent nature.
The technical core of the scam involves a Browser-in-the-Browser attack that presents victims with what appears to be a legitimate Steam login window. After users encounter a deliberately blurred QR code and click the “Sign in through Steam” button, a fake login window appears with convincing Steam branding and a spoofed steamcommunity.com address bar. This window exists entirely within the fraudulent webpage, allowing attackers to control all displayed elements including the address bar. When victims enter their credentials and Steam Guard codes, this information goes directly to the criminals rather than to Steam’s authentication systems.
Stolen Steam accounts represent significant value to cybercriminals, often containing hundreds or thousands of dollars in purchased games, valuable Counter-Strike 2 skins worth real money, wallet funds, saved payment methods, and years of social connections. Once attackers gain access, they can steal items, conduct scams targeting the victim’s friends list, or sell the compromised account on criminal marketplaces. Some victims are further manipulated into transferring items to what they believe are protective backup accounts, which are actually controlled by the scammers.
Security professionals recommend several protective measures for gaming communities. Users should verify the actual browser address bar rather than trusting any address displayed within a webpage, as embedded login windows can fake their own address bars. Treat any urgent messages about account problems or verification requirements as potential social engineering attempts. When uncertain about authentication requests, navigate directly to official websites or applications rather than following links from messages or forums. Users who have already entered credentials on suspicious sites should immediately change their Steam password, enable Steam Guard, sign out of all devices, review Steam API key settings, and check for unauthorized trades or purchases.
Source: https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-verification-pages-are-stealing-steam-accounts-from-players