A convincing fake FACEIT verification page is using a copied Steam sign-in window to steal gamer accounts, Steam Guard codes, and valuable CS2 items. Malwarebytes reported the campaign on June 12, 2026, after finding lookalike verification domains that push players toward a fake “Sign in through Steam” flow instead of the real Steam login page.[1]
The practical risk is simple: if you typed a Steam password, scanned a QR code, entered a Steam Guard code, or approved a trade after visiting one of these pages, treat the account as compromised until you secure it.
How the fake FACEIT verification works
The scam copies the normal pattern competitive players expect: a FACEIT-style verification page, a claim about trusted CS2 play, and a Steam login step. Fake FACEIT-style events, pages, hubs, clans, and organizer pages can use counterfeit login prompts to steal FACEIT or Steam credentials.
| Scam step | What to check |
|---|---|
| Lookalike FACEIT domain | Malwarebytes observed domains such as faceit-discord.com, faceit-clubs-verify.com, and faceit-verification-clubs.com. The official FACEIT site is faceit.com. |
| Blurry QR or failed QR flow | The page may make the QR path inconvenient so the player clicks the easier fake Steam login button. |
| Fake Steam pop-up | The “Steam” address bar is drawn inside the page. In a Browser-in-the-Browser attack, the real browser address bar still shows the phishing site. |
| Steam Guard or trade pressure | A stolen Steam Guard code can let attackers finish a login. Follow-up pressure to move items to a “safe” account is a trade scam pattern. |
Warning signs before you sign in
- The main browser address bar is not exactly
faceit.comor a normal Steam domain you typed yourself. - A login window appears inside another website, and you cannot move it outside the current browser tab.
- The page says verification is urgent, free, optional, or needed to prove you are not cheating.
- Copyright years, language, support links, or visual details do not quite match.
- The site was shared through Discord, Steam chat, a tournament invite, a community post, or a direct message from a new contact.
When in doubt, close the page. Open FACEIT or Steam from a bookmark, the official app, or a manually typed address. You can also check a suspicious domain with the Gridinsoft Online Virus Scanner, but a clean reputation result is not proof that a new phishing domain is safe.
If you entered your Steam details
- Do not approve new Steam Guard prompts or trade confirmations that appeared after the visit.
- Open Steam from the official app or by typing the address manually. Change the password and review authorized devices; Steam recommends signing out everywhere if account activity looks suspicious.[2]
- Check email, phone number, Steam Guard mobile authenticator, recent login history, and pending trade offers.
- Visit
https://steamcommunity.com/dev/apikeywhile signed in. If an API key exists and you did not create it, revoke it. Steam’s trade-redirection guidance warns that an account API key should not be shared.[3] - Warn friends if your account sent links or trade messages. Scammers often use a compromised gaming account to phish the next victim.
- If you downloaded anything from the page, scan Windows before logging back into sensitive accounts. A second-opinion scan with Gridinsoft Anti-Malware is useful when a scam page also pushed an installer, browser extension, or “verification” tool.
If you cannot access the account, use Steam Support’s account recovery path from a clean browser session. Do not negotiate with anyone claiming they can restore items or stop a ban through chat.
Why this scam works on gamers
Steam accounts can hold purchased games, wallet funds, friends, market reputation, and CS2 skins. That makes a fake FACEIT verification flow more convincing than a random bank phish: the story fits the player’s normal workflow. The scam also exploits a habit many users learned correctly, which is checking an address bar. In a fake browser window, the attacker controls the address bar you see inside the page.
The safer habit is to distrust embedded login windows. If a competitive platform needs Steam authentication, start from the official platform site or the Steam client, not from a link in chat.
FAQ
Can a fake FACEIT page steal my Steam account if I only opened it?
Opening the page alone is usually not the same as giving up the account. The high-risk actions are entering your Steam password, scanning a login QR code, typing a Steam Guard code, approving a device, or confirming a trade after the visit.
Is the Steam login window safe if it shows steamcommunity.com?
Not when that address appears inside a window drawn by the webpage. Check the real browser address bar at the very top of the browser, or close the page and sign in through the official Steam app.
Should I move my CS2 skins to a friend after a warning?
No. “Move items to a safe account” is a common pressure tactic. Secure the account first, review pending trades, revoke unknown API keys, and avoid approving any trade confirmation created after the suspicious login.
References
- Stefan Dasic. “Fake verification pages are stealing Steam accounts from players.” Malwarebytes Labs, June 12, 2026. Accessed June 12, 2026. https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-verification-pages-are-stealing-steam-accounts-from-players
- Steam Support. “Account Security Recommendations.” Valve, accessed June 12, 2026. https://help.steampowered.com/en/faqs/view/6639-EB3C-EC79-FF60
- Steam Support. “Scam: Trade Redirection.” Valve, accessed June 12, 2026. https://help.steampowered.com/en/faqs/view/7F4E-1D40-43D0-73FD
