Steam Phishing: popular as ever

A phishing campaign targets Steam users via friend messages linking to lookalike domains of steamcommunity.com that redirect to a fake “Summer Gift Marathon” login page to steal credentials and potentially inventory items. The report enumerates many typosquatted domains used in the campaign and advises defenses such as only logging in at https://steamcommunity.com/, bookmarking the legitimate site, treating unsolicited links from friends as suspicious, and checking URLs with services like URLscan.io and VirusTotal.