Feb 17, 2011 16:58 GMT  ·  By

Security researchers from Sophos warn that Steam users are being targeted in a new phishing attack which produces fake emails threatening them with account suspension.

The emails bear a subject of "Warning! Your Steam account will be suspended?" and have a forged "From" field to appear as if they originate from [email protected].

The attackers are probably abusing a legit Steam email template, because the body has a well designed header and footer, displaying the Steam and Valve logos.

The lure used in this phishing attack is a traditional one, the threat of something happening with the recipient's account. The contained message reads:

"We recently determined that different computers connected to your Steam account; multiple password were present before the opening session.

"We now need you to reconfirm your account information to us. If not completed before February 11, 2011, we will be forced to suspend you account indefinitely."

The poor wording should be enough indication that these emails are fake, however, non-English speaking users might not be so quick to spot the fraud.

The link included to "reconfirm" the account appears to point to a location on the http://support.steampowered.com website, but in reality take users to a phishing page that tries to steal their login credentials.

Steam is the largest gaming digital distribution platform with over 30 million monthly active users and over 1,200 games available for purchase and download.

Steam accounts can be valuable to cybercriminals because, just like iTunes, they can be associated with payment information. They can also be used to buy game licenses to send to others as gifts.

Steam users who have reason to believe they fell victim to phishing should follow the security recommendations laid out by the company on its support site. They should also change their password on any other website where they might have used it.