Phishers are still using look-alike domain names to steal Steam credentials from unsuspecting victims, which suggests that this approach is proving rather successful for the criminals. These types of attack are effective if carried out within Steam's own browser, which lacks the protective features seen in most mainstream browser software.