Week 9: Phishing scammers targeting gamers

05.03.2024 - Phishing attempts are among the most frequently reported cyberincidents at the NCSC. Cybercriminals use social engineering methods that they tailor to their target groups. For instance, players of the popular video game "Counter-Strike 2" are currently being asked to take part in a fake vote.

Players of Counter-Strike 2 (CS2) are being contacted online by scammers claiming to be female CS2 players. The use of women as bait is probably no coincidence. The female players ask potential victims to vote for their teams via a website. However, this website is a phishing site. Clicking on the voting link opens a new window that looks like it comes from the game’s official Steam platform – at least that is what the fake URL suggests. Victims are then prompted to enter their Steam user name and password.

Voting page with login prompt
Voting page with login prompt

The sneaky thing is that it is not a new browser window: it is only designed to look like one, address bar and all. In reality, it is a kind of pop-up. The victim is actually on the scammers’ website.

A web page overlaid with a fake browser window
A web page overlaid with a fake browser window

Technically, the pop-up is part of the underlying phishing site and is not actually a new window. Rather, it is a 'DIV section' that has been designed using HTML so that it overlays the page like a new window and can even be moved or closed like one.

Users who enter their login details here think they are on the steamcommunity.com domain, but in reality, they are sharing their information on a domain controlled by scammers. Because very valuable skins are sometimes stored in players’ profiles, having access to these profiles can be highly lucrative for the phishing scammers. Skins are used to change the look of a player’s weapons. They are traded on online marketplaces and some of them are sold at high profits. Rare skins often sell for hundreds or even thousands of francs.


  • Beware of suspicious requests. Do not give out any information on websites that you visit through a link sent to you by a stranger.
  • If you have entered a password on a phishing site and use the same password for other services, change it immediately for all the services you use.
  • If it is an email password, also reset all passwords for any services associated with that account. This will prevent scammers from resetting your passwords.
  • If you have entered your credit card details on a phishing site, contact your credit card provider immediately. They can cancel your card. If your card has been charged, the NCSC recommends that you report the incident to the local police.
  • Activate two-factor authentication: Using two-factor authentication adds an extra layer of security to your online accounts. It makes unauthorised access more difficult – even if your password is stolen. Many email providers now offer two-factor authentication, as does the Steam platform mentioned in this article.

Last modification 05.03.2024

Top of page