Malwarebytes researchers spotted cyber scammers targeting Steam users with phishing attacks that promised free movies.
In one example, researchers spotted scammers posing as an IMBD profile offering free movies, all of which claim a free film is but a click away, according to a March 31 blog post.
Researchers noted Steam's link filter will warn users when they are about to leave the steam platform as the filter is in place to help deter phishing attacks and similar scams. The links redirect users to a “Watch this movie” page which appears to be an embedded movie player surrounded by various pieces of movie-related text scattered across the page.
“One of our links took us to a survey page, which asks the visitor to fill in personal info on offers in return for “something,” Malwarebytes researcher Christopher Boyd said in the blog. “It's fair to say we'd be very cautious about doing this, as more often than not you never receive the desired prize(s) after handing over a bunch of PII.”
Researchers spotted another link which redirected users to a movie site which prompts victims to a supposedly free registration page that asks users to pay a monthly billing fee to continue their membership. Boyd said they looked for a Terms & Conditions page but still weren't able to pin down an exact payment amount.
Other malicious links lead visitors to an Ad rotator URL which leads them to several links that were described as “non-child friendly” and included various adult webcams and surveys.