Fake playtest invites are targeting Steam users again in latest phishing scam

Scammers are posing as developers of Sand, sending out fake playtest invites in an attempt to steal Steam login credentials. Reports from users on Reddit warn that these fraudulent invitations lead to phishing sites disguised as official Steam pages, tricking players into entering their account details.

3

The scam relies on a common tactic - using a fake domain that looks like Steam but isn't. Instead of directing users to steampowered.com, the links send them to addresses like store.steampowered.invite948190.com, where "steampowered" is just a subdomain, not the actual website. This tricks users into believing they're on an official Steam page when, in reality, they're handing over their login details to scammers.

To make matters worse, some of these phishing attempts use homograph attacks, swapping English letters with nearly identical-looking Cyrillic characters to make the URLs appear even more convincing.

Developers Hologryph and tinyBuild Games have confirmed that there is no active playtest for Sand, and any invite received through DMs or external links is fraudulent. They advise players to ignore these messages and report them immediately.

3

This isn't the first time scammers have used this tactic. Earlier this year, Subnautica 2 developers Unknown Worlds issued a similar warning after fraudulent playtest invites for their game began circulating. Like the Sand scam, those messages attempted to lure players into entering their Steam credentials on fake login pages.

This scam isn't exclusive to these two titles. Bad actors frequently rotate game names, targeting players excited for beta access - particularly around the launch time for real playtests. Real Steam playtest invites will always appear in your Steam notifications, never through direct messages or random links. If you receive an unexpected invite, double-check the source before clicking anything.