Steam was the most impersonated brand in phishing attacks during the first quarter of 2025, according to a new report from Guardio. The researchers note that the gaming platform’s surge to the top comes as “a bit of a shock.”
“Historically, the #1 spot has been dominated by the usual suspects - big tech companies like Meta, Microsoft, or even USPS,” Guardio says. “But this quarter, it’s Steam, and by a significant margin.
Scammers have been targeting the massive gaming community by impersonating Steam to warn users about supposed account issues, like payment failures or suspicious login attempts. These fake messages are designed to trick victims into entering their login credentials on counterfeit websites, which then steal their account information.
The report also found that three different road toll companies made it into the top ten most impersonated brands, with toll scams surging by more than 600% since the beginning of the year.
“Toll fee scams have surged dramatically in Q1 2025,” the report says. “Scammers have been sending out text messages claiming you have an unpaid toll fee, directing victims to fake websites designed to steal sensitive information. Guardio detected a staggering 604% increase in toll fee scam texts since the start of the year, with March seeing a 98% jump in scam activity from the previous week alone.
These scams are particularly dangerous as they exploit the urgency of unpaid tolls, tricking victims into entering payment details on fraudulent sites without thinking twice. Always verify toll notices through official channels, and never click on suspicious links.”
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Guardio has the story.
