Scammers use fake FACEIT pages to steal Steam accounts

Scammers are deploying fake FACEIT verification pages that mimic FACEIT branding and sometimes include links to real FACEIT pages to appear legitimate. The fake sites use lookalike domains such as faceit-discord.com, faceit-clubs-verify.com and faceit-verification-clubs.com. Pages present an optional identity check or warn of account problems to prompt users to sign in.

Sites often show a QR code that is difficult to scan and then present a visible Sign in through Steam button. When users click that button the page displays a Steam login window inside the site rather than opening the real Steam page. Security researchers call this a Browser-in-the-Browser attack; the fake window can include an image of an address bar that appears to be steamcommunity.com while the browser’s real address bar remains unchanged.

Anything entered into the embedded window, including Steam Guard one-time codes, is sent to the attackers. After gaining access, criminals can transfer Counter-Strike 2 skins and items, remove wallet funds, use the account to scam others or sell the account on criminal marketplaces.

The scam is spread through gaming forums, Discord servers, social posts and direct messages. Many of the fraudulent domains are registered only days or hours before use and are replaced frequently after they are reported or blocked.

Players can reduce their risk by checking the real browser address bar and by opening faceit.com or steamcommunity.com directly in a new tab or in the official apps instead of following links. Avoid entering credentials into login windows that appear inside other websites and be cautious of messages that insist on immediate verification.

If credentials have already been entered, affected users should change their Steam password, enable and verify Steam Guard, sign out of all other devices, remove any unfamiliar API keys, change reused passwords on other sites and review recent trades and purchases for unauthorized activity.

FACEIT requires many players to link Steam accounts for ranked matches, tournaments and anti-cheat functions. Steam accounts often contain purchased games, saved payment methods, wallet balances and cosmetic items, which makes them targets for account theft.