<ul><li>A researcher uncovered a phishing campaign targeting gamers through Twitch, a fake Facepunch-branded site, and a Telegram bot.</li><li>Upon clicking 'Vote Now' on the site, redirection to a newly registered domain with Facepunch branding occurred.</li><li>The phishing site contained obfuscated JavaScript controlling redirection logic, potentially compromising Steam sessions without needing user credentials.</li><li>The researcher was able to capture and monitor the attacker's bot traffic in real time, exposing ongoing phishing attempts.</li></ul>

Twitch Bait and Switch: How I Uncovered a Steam Phishing Operation

Discover more