Spam and directed phishing attacks are a major problem on the Steam platform, and Valve announced a major step over the weekend to help curb the growing trend. A new Steam policy expected to roll out to all users soon will require all accounts to have spent at least $5 USD before many community features of the platform can be used, such as group chats, and voting on Steam Greenlight.
“Malicious users often operate in the community on accounts which have not spent any money, reducing the individual risk of performing the actions they do,” Valve said. “One of the best pieces of information we can compare between regular users and malicious users are their spending habits as typically the accounts being used have no investment in their longevity. Due to this being a common scenario we have decided to restrict certain community features until an account has met or exceeded $5.00 USD in Steam.”
One of the more common ways of phishing on Steam, as it is anywhere else, is to send a malicious link through the Steam chat, often times alongside a seemingly innocent message. Something along the lines of “my friend wants to talk to you, but he can’t add you,” with a slightly altered URL that looks like it’s taking you to a Steam profile page. In reality, it takes you to a dummy page that requires you to enter your login credentials, which are then used to compromise your account.
This new Steam policy will prevent spammers and phishers from sending out these message en masse via group messages, and taking away web and mobile messaging could make it more difficult for them to create bots to do their bidding.
All told, any account that has not spent at least $5 will be unable to perform the following Steam community actions:
- Send friend invites
- Open group chat
- Vote on Greenlight, Steam Reviews and Workshop items
- Participate in the Steam Market
- Post frequently in the Steam Discussions
- Gain Steam Profile Levels (Locked to level 0) and Trading Cards
- Submit content on the Steam Workshop
- Post in an item’s Steam Workshop Discussions
- Access the Steam Web API
- Use browser and mobile chat
A large majority of users will likely never even know the difference as they already sunk hundreds of dollars into the last Steam winter/summer/fall sales. Even with these new measures in place, it’s also a good idea to keep an eye out for suspicious looking links in Steam chats, and never enter your credentials outside of the platform. Valve also has a two-factor authentication system currently in beta, which will also be very important to use if you want to keep your account even safer.Source: Gamespot