Skip to main content
Fake Window, Real Loss: Browser-in-the-Browser Steam Phishing operation cover
COMING SOONBeginner

Fake Window, Real Loss: Browser-in-the-Browser Steam Phishing

A Counter-Strike 2 player on the community team at Voltline Interactive clicks a phishing email offering a free in-game case from the Navi esports team. The link leads to a scam site that paints a fake browser pop-up, complete with a fake Steam URL bar, entirely in HTML. The victim types their Steam credentials into the fake window and the browser sends them to a harvesting host. Walk the email gateway and proxy logs step by step from the lure, through the dedicated host IP and reused page fingerprint, to the credential POST.

25m
6 tasks
25 points
Free

Launches tomorrow

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

EmailSIEM

What you'll investigate

6 objectives unlock when this operation goes live.

1Brief: a free case that cost an account
2Trace the lure to its sender
3Find where the scam domain really points
4Fingerprint the scam page
5Find where the stolen password was sent
6Classify the deception technique

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever