When Steam Guard was introduced by Valve back in 2011, it was more of an extra layer of security ensuring that no unauthorized personnel get into someone’s account. However, a new phishing scam has enabled certain hackers to breach the security system and claim accounts of users as their own.
What actually happens is that when you are using Steam and the Steam Guard is activated, the system picks up the location that you log in from and your regular computer is regarded as safe by default. When you or someone else tries to log in from a different location, the security system sends a code to your primary email and prompts you to enter it in order to gain access to the Steam account.
The scam in question requires people to enter a username and password for Steam and prompts the owner of the account that an SSFN file needs to be downloaded from their computer. The file, located in the Steam folder tells Steam Guard that the security check is not required for this computer.
If the file gets uploaded, as the phishing hacker asks you to, it means that they don’t get asked for the code when they try logging in from the new location – and you would have already given the password and username to them.
This phishing scam has been active for a couple of weeks and people need to be aware of it. The Steam Guard security breach is not something nominal. Make sure you don’t fall into the trap and inform your friends about it too.