
Fake Window, Real Loss: Browser-in-the-Browser Steam Phishing
A Counter-Strike 2 player on the community team at Voltline Interactive clicks a phishing email offering a free in-game case from the Navi esports team. The link leads to a scam site that paints a fake browser pop-up, complete with a fake Steam URL bar, entirely in HTML. The victim types their Steam credentials into the fake window and the browser sends them to a harvesting host. Walk the email gateway and proxy logs step by step from the lure, through the dedicated host IP and reused page fingerprint, to the credential POST.
Launches tomorrow
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever