We recently flagged a misspelled URL of a domain claiming to be the real CS:GO Lounge, a highly popular site where Steam users can trade in or bid on items specifically for Counter-Strike: Global Offensive (CS:GO) and place bets on group stage matches. Below is the URL in question:
Just like any other phishing campaign, the fake page appears much like the real one, with noticeable differences that I'd pointed out below:
- The real CS:GO Lounge (csgolounge.com) page has an ad at the right side of the screen just below its social network links.
- The real Lounge only has five (5) menu options at the right-hand site, specifically Forum, Reddit, User's guide, Rules, and Contact. The fake Lounge has an extra option, which is Bot status.
- The real Lounge has a Search feature at the top of the page.
The fake CS:GO Lounge page, however, directs to another page within its domain that appears to look like the Steam Community page, as you can see below:
Previous phishing attempts using CS:GO Lounge as bait has been reported or documented by users before. Below are other misspelled URLs that were used by phishers:
- csgoIounge[dot]com (that is a capital "i", not a small "L")
We believe that the less likely one is keen on spelling, the higher the probability that one would actually fall for scam sites.
Lastly, avoid clicking links from chat messages offering trades or wanting to add them as a contact but couldn't because of "an error".
Ask for the interested party's handle in the Lounge instead so you, the user, can search for him/her and check out their offers yourself. This way may not be as straight-forward and convenient as simply clicking a link, but it's a lot safer.