Online gamers are being cautioned about a sophisticated scam targeting Steam accounts, utilizing counterfeit FACEIT verification pages that appear strikingly authentic. These fraudulent sites boast official branding, functional links, and a convincing Steam login interface, leading many unsuspecting victims to believe they are engaging with a legitimate service by the time they are prompted for their passwords.
Why this scam targets FACEIT players
For those outside the competitive gaming sphere, FACEIT may not resonate. However, for millions of dedicated players, it represents a significant platform, making it a prime target for cybercriminals. FACEIT stands as one of the largest competitive gaming platforms for Counter-Strike 2 (CS2), where players engage in ranked matches, tournaments, and leagues, all while benefiting from advanced anti-cheat measures.
Players typically link their Steam accounts to FACEIT, which can be a goldmine for scammers. A compromised Steam account may contain:
- Hundreds or thousands of dollars’ worth of purchased games
- Valuable CS2 skins and items, some with considerable real-world value
- Wallet funds and saved payment methods
- Years of friendships, messages, and community reputation
Once criminals gain access, they can pilfer items, scam friends, or even sell the account on illicit marketplaces. The connection between FACEIT and Steam makes the fake “FACEIT verification” page a particularly effective ruse, as victims mistakenly believe they are merely updating their accounts when, in fact, they are surrendering access to their Steam accounts, which may hold significant value.
How the scam works
The scam initiates with a website that mimics an official FACEIT page, likely disseminated through the same channels gamers frequent daily—community forums, chat servers, social media, and direct messages. The site claims that FACEIT is offering free, optional identity verification to foster a more trustworthy community. It is polished, features the correct branding, and even includes functional links to FACEIT’s actual blog and support pages, all crafted to convince users they are on a legitimate site.
However, instead of the official faceit.com domain, scammers utilize lookalike addresses such as:
faceit-discord.comfaceit-clubs-verify.comfaceit-verification-clubs.com
These deceptive URLs often contain additional words like “verification” or “discord,” designed to lend an air of credibility at first glance. Many of these domains may only be days or even hours old, with scammers continuously registering new ones to evade detection. Just because a site hasn’t been flagged as dangerous doesn’t guarantee its safety.
There are subtle indicators of deceit, such as instances where the page displays both “Copyright 2024” and “Copyright 2025”—a mistake that legitimate companies rarely make. Following the verification pitch, the page claims there’s an issue with the user’s CS2 account, prompting them to update their information to prove they are not cheating or using a smurf account.
In a clever twist, the QR code presented is intentionally blurry, likely to encourage users to opt for the seemingly simpler “Sign in through Steam” button instead. This nudge guides victims toward the section of the page where the actual theft occurs.
Upon clicking the button, a Steam login window appears, appearing genuine with the Steam logo and login fields, but it is, in fact, a counterfeit. This is a classic example of a Browser-in-the-Browser attack, where the fake window is embedded within the webpage itself, misleading users into believing they are interacting with a legitimate browser pop-up.
Any information entered into this form goes directly to the scammers. If the page requests a Steam Guard code, that too is captured, granting attackers full access to the account. Some victims may even be tricked into “protecting” their items by transferring them to a friend or backup account, unwittingly sending them straight to the scammers.
How to protect yourself against this scam
Adopting a few simple habits can help safeguard against this scam:
- Check the real address bar. Always verify that you are on
faceit.com. Be cautious of similar domains likefaceit-discord.comorfaceit-clubs-verify.com. Remember, a login window embedded within a webpage can fabricate its own address bar. Trust the one at the top of your browser instead. - Be suspicious of blurry QR codes. The blurred QR code in this scam is likely designed to divert users toward the “Sign in through Steam” button.
- Treat urgency as a warning sign. Messages regarding account issues, verification, or potential loss of access are crafted to incite hasty actions. Take a moment to verify before proceeding.
- Go to the source. If you are uncertain whether FACEIT or Steam requires your attention, navigate to the official website or app directly instead of clicking links from Discord, messages, or advertisements.
- Add another layer of protection. Given that scam sites can appear legitimate, consider using tools like Malwarebytes Browser Guard to block known phishing pages and online scams before you enter sensitive information.
If you already entered your details
If you have inadvertently provided your details, it is crucial to change your Steam password immediately, ensure Steam Guard is enabled, and log out of all other devices. Review your Steam API key settings and remove any unfamiliar keys. Change the password for any other accounts where you may have reused it, and examine your account for any unauthorized trades or purchases.
Why this scam works
This scam thrives because it does not present itself as a typical scam. The branding is convincing, the narrative is plausible, and even the Steam login window appears legitimate. While most users are aware of the need to check the address bar before entering passwords, Browser-in-the-Browser attacks are specifically designed to undermine that instinct. Since the fake Steam window is integrated into the page, criminals can manipulate its address bar to display whatever they choose, including steamcommunity.com.
The most prudent approach is to remain skeptical of any login window that appears within another website. If in doubt, close the page and log in to Steam through the official app or by entering the address manually. That brief moment of hesitation, that refusal to follow the convenient shortcut being presented, is often all it takes to keep your account secure.
Stop threats before they can do any harm.
Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser →
