Known as “Knife Cheating”, tactic uses promise of rare skins and phishing to steal victims’ data

Do you have a Steam account? If so, it’s good to stay tuned! This Wednesday (27), in a blog post, the Malwarebytes warned of a new scam which can cause a lot of headaches for users of the service.

known as the free knife scam, the tactic consists of steal your account data and use all the resources that are available in it, whether they are money in the virtual wallet, in-game items, skins and other resources.

How is the knife stroke applied?

The scam works in a very simple way: the fraudster sends a message to your account through the Steam chat, in which he offers you a free skin, saying he doesn’t need it.

Malwarebytes said it doesn’t exactly know if the messages are coming from real people or machines, but the default for all scam attempts has a similar structure, with phrases like the ones listed below:

note that all messages are accompanied by a link… And that’s where the danger lies. When you click, you will be taken to an exact replica of the Steam marketplace, with the same features, appearance and distribution. This tactic is known as phishing.

If the user proceeds with their data, in an attempt to validate the transaction, they will have the access tray handed over to the criminals, who will be able to log into the account and clear the inventory of items, skins (see the irony) and the balance available in the wallet. This may seem harmless to someone who doesn’t save resources or has few items there, but the reality is that many players have real fortunes, especially when we put Counter-Strike weapon skins into the equation.



Once the account has been stolen, you will need to contact Steam support to attempt recovery (with possible request to present documents proving ownership or identity). As Malwarebytes points out, this is a stressful and tedious process.

please note that the user will be at even more risk if he uses the same email address and password for other internet logins.

How to protect yourself from the blow?

As you’ve seen, the best way to stay safe from this scam is not to trust strangers and especially not to click on links sent by random accounts from outside your friends list.

But even more important than that is enabling dual authentication. (2-factor authentication). With it, even if your data is the target of a phishing scam, criminals will hardly have access to your account, since it will be necessary to validate it with the temporary code.

Therefore, even, It is highly recommended that you do not use the same password to log in to different platforms and services. This makes it difficult for malicious people to work and keeps your accounts safe.

Furthermore, Valve itself maintains a page with several safety tips that you can adopt, both when using the gaming platform and when accessing all of your other favorite services online.

Source: Malwarebytes