Fake FACEIT pages steal Steam logins via fake pop-ups
Scammers use lookalike FACEIT pages and embedded fake Steam login windows to capture Steam credentials and Steam Guard codes, then access and exploit accounts.
Scammers are luring FACEIT players to counterfeit verification pages that harvest Steam usernames, passwords and Steam Guard codes. The pages present a blurry QR code and a prominent “Sign in through Steam” button; clicking the button opens a fake Steam login window rendered inside the webpage. Anything entered in that window is captured by attackers.
The fraudulent sites copy FACEIT branding and include working links to real support content to appear legitimate. They are shared on community forums, chat servers, social posts and direct messages. Researchers identified lookalike domains such as faceit-discord.com, faceit-clubs-verify.com and faceit-verification-clubs.com. Many of the domains were registered days or hours before use. Small site errors, including inconsistent copyright years, can indicate a fake page.
The attack uses a Browser-in-the-Browser technique that embeds a counterfeit login window on the site and can reproduce an address-bar image. Security analysts say users must check the browser’s real top address bar rather than any login window shown inside a page. Entering a Steam Guard code on the fake window gives attackers immediate access to the account.
After gaining control, criminals can remove and sell in-game items, withdraw wallet funds or use the account to contact friends and commit fraud. Competitive Counter-Strike 2 players are a target because many linked Steam accounts contain purchased games, wallet balances and high-value skins.
Stefan, a Malwarebytes security specialist involved in analyzing the attacks, warned: “The fake window is built into the page and can impersonate the address bar, so users should trust the browser’s top bar and not any image inside the site.”
Security advice for affected users includes typing faceit.com or steamcommunity.com directly into the browser or opening the official apps instead of following links, checking the browser’s real address bar, avoiding blurry QR-code scans, enabling Steam Guard, changing a compromised password immediately and signing out of all other devices. Users should remove unrecognized API keys and review recent trades and purchases. Security providers recommend using browser phishing protection to block known fake sites.
Because attackers register many short-lived lookalike domains, the fraudulent pages can appear and disappear quickly. Players who link third-party services to Steam and FACEIT should verify any identity or verification request on the official FACEIT or Steam sites before providing credentials.
Articles by this author
