IF YOU TYPE YOUR DETAILS IN HERE YOU WILL LOSE SHIT FROM YOUR ACCOUNT. YOU HAVE BEEN WARNED. This was the link I received. As you can see, it's very similar, just missing an M out of community. It's also quite a well made site, has a SteamGuard interface and everything. Be careful out there friends, obviously my Common Sense 2014 needs updating, I just found out the hard way.
Whoever doesn't have it, check the Steam Community Suite. Seriosly, this thing doesn't have major downsides and I'm willing to trade a tiny little bit of load time against a real security improve. Here would be an alternative for Chrome users but I don't think it is as good as the Suite. But please not that scammers come up with new stuff and the Suite may not be updated for it. So, take your time double checking the url before entering something.
Valve will always force you to login to Steam via HTTPS. Always look at your address bar before sending your credentials to a website. I'm sorry that you got phished Dan. Change your passwords and contact Steam Support ASAP to recover your account if it got compromised (Did you have Steam Guard enabled?).
I know, I know, I'm just dumb and I wasn't thinking. Already done and done. Just waiting on a response. I'm not sure what I'm most angry about. Being dumb enough to fall for this, or the fact that you can't change your password online.
The best antivirus is common sense. You need absolutely nothing else. But I do feel for you getting all your shit fucked etc <3
'Safe' site you use gets hacked. You visit site as per usual and get infected. For example, in the past, fpsbanana and the minecraft wiki. I visited fpsbanana during this time, fortunately, firefox was not affected by the flaw that had been exploited and even if it was, my antivirus at the time was shown to be capable of detecting and preventing it. I also visited the minecraft wiki when its advertisements were hijacked. It had been reported as unsafe, so firefox prevented me accessing it without checking I wanted to proceed first. The best anti-antivirus is a lack of common sense though.
Or being paranoid like I am and using 4+ browsers + NoScript on my main browser. Makes browsing sites a pain in the arse sometimes because it blocks every single tiny little snippet of Javascript that I do not allow manually
Someone else tried to hit me with one of these. Thought I'd share, as soon as he said, "my friend can't add you cause of steam error" I knew what was up. I tried to troll him a little, but he didn't want to play along.
Actually I reported them to Steam Rep. Though for the first guy, the guy that actually got stuff out of my account - I don't actually have any evidence that it was him apart from him telling me, YOU SUCK, after I logged back in, so I'm not hopeful. Kind of sucks.
phishing is getting more sophisticated, they request the steam guard code under their own machine key shit valve could easily fix 99% of phishing by changing to a link sent by email and checking the key both before and after
there's no point in blocking javascript as it won't protect you against anything but javascript-based 0days, which are so incredibly rare and short lived (especially compared to flash, java or adobe reader) that it's not even close to worth the hassle it brings that being said, some of noscript's features can be useful such as the clickjacking detection, so if you turn off the global javascript blocking it's still worth keeping for the other features and there's not much point in hassling yourself with multiple browsers for anything other than development purposes, just use firefox's profiles feature or private browsing in chrome or firefox if you want to sandbox cookies/sessions/etc
Targets are almost always harvested from public Steam groups. If you keep your groups relevant and sensible (i.e. not accepting every single group invite that you get), you will very, very rarely see them.