Checks URLs visited by user to help prevent Steam phishing attacksSteam Sheriff helps gamers using the Steam platform by checking URLs as they are visited to see if they are potentially impersonating a 'brand'.
Malware/Phishing actors make websites that closely resemble a 'brand'. For example, the legitimate Steam website is www.steamcommunity.com. Phishers leverage 'homograph' attacks to trick you to clicking a URL that you think you trust. So, st3amcommunity.com or steamcomunity.com might look legitimate to a human, but very different for a computer.
In order to detect these attacks, Steam Sheriff uses a combination of techniques to find out the 'similarity' of a target compared to a white list. This whitelist are common websites collected from feedback from the community that have also been used in attacks in the past. The list is as follows:
'gyazo.com',
'flickr.com',
'imgur.com',
'photobucket.com',
'tinypic.com',
'dota2lounge.com',
'csgolounge.com',
'steamcommunity.com',
'csgoticket.com',
'csgojackpot.com',
'csgoskins.net',
'mumble.info',
'teamspeak.com',
'raidcall.com',
'ventrilo.com'
This list will be updated periodically as the tactics of the phishers change.
**NOTE**
There might be issues with steamcommunity and websites that use akamai where it wont load resources if its being loaded by content distribution networks (CDNs). If something breaks, please e-mail the contact e-mail listed on this extension page or the warning page.
Features:
- 'Real-time' detection of potential phishing websites
- Option menu when a website is potentially bad
- 'Continue Once' which allows the website to be visited for 5 minutes before Steam Sheriff alerts on it again
- 'Continue & Whitelist' which adds the website to a user-defined whitelist if there is a false positive. This gets cleared if Chrome browser data is cleared
- 'Get me out of here!' Redirect to google.com
Upcoming Features:
- Reporting mechanism
- Configuration page to edit whitelists and blacklists
Reporting:
-If there is ever a false positive, you can report it to
[email protected]. A false positive results from Steam Sheriff thinking that a legitimate website is a bad website.
-If there is ever a false negative, you can report it to
[email protected]. A false negative results from Steam Sheriff *NOT* alerting on a bad website and thinking its a legitimate website.
DONATION!
Please visit https://hackandflash.com/?page_id=110 to donate and help me pay for hosting feeds, app dev time and also paying the my amazing designer/UX friends who help make Steam Sheriff look professional and clean.