This guide will provide you information on commonly used scam techniques and how to better prepare yourself to avoid them. Dishonest users are always coming up with new ways to scam people. Always be vigilant; if something seems too good to be true, it probably is.
Often times account hijackers rely on deceiving or tricking users into handing out their account credentials. This method is commonly known as phishing, and can be easily avoided by taking a few moments to double check the URL of the webpage you're visiting.
Valve operates the following websites for Steam. If you are prompted with a login page, the first part of the URL within the browser will always be one of the following domains:
Additionally, all official Steam login pages are secured with an Extended Validation SSL Certificate[en.wikipedia.org]. Most modern web browsers will display this in the form of a padlock icon with a green highlight and the text "Valve Corporation [US]" to the left of the address bar.
The most common phishing scams lure victims in with the promise of free items and games. When the user clicks on the link they are greeted with a perfect replica of a Steam website which prompts them to login to continue. Often times the only way to verify their legitimacy is to look at the way the website address is spelled in the address bar. If the URL spelling is not accurate, or it points to a different site entirely, it exists only to steal your account credentials. Additionally Steam will never ask you to upload files from your computer during login. Uploading specific Steam files can allow an account thief to sidestep Steam Guard entirely once they have your credentials.
You can view examples of how the official Steam website URLs look in some of the most common web browsers below.
Some websites offer services which allow you to sign in through Steam. Whenever a website offers this service, the URL of the login page will always be one of the official Steam addresses.
If you're ever uncertain about the webpage you're on, don't type in your credentials. It's better to be safe than sorry.
Never install software or browser add-ons from untrusted sources. Account hijackers often advertise free items and in-game cheats to trick users into placing viruses and malware on their system. These can take many forms such as executable (.EXE) files, dynamic link libraries (.DLL files), batch (.BAT) files, script or screensaver (.SCR) files. The intention of this is to steal credit card information, account credentials and items.
You can prevent installing malicious software and add-ons by mistake by avoiding links from people you don't know. It's common for an account hijacker to mask a website link to look innocent, however once it's clicked it redirects you to a webpage which downloads harmful content.
It's important to always keep your web browser up to date and to regularly scan your computer with an up to date anti-virus and anti-malware tool.
Scammers will often impersonate a Valve employee or a Steam Moderator to intimidate users into handing over valuable items or account credentials.
Scammers will also Impersonate users on your friends list and reputable members within the community by spoofing their name and their Steam profile to give you a false sense of trust in them. Most of the time they will request to borrow an item which will never be returned. This type of scam can be avoided by knowing who you're trading with and by not allowing users to borrow items from your inventory.
Whenever trading items with other users don't trade for anything that can't be added to the trade window, such as money or CD keys. It's common for scammers to promise payment at a later date or through other means in exchange for items which they never intend to pay for. There is no way to enforce or ensure that the other user will ever uphold their side of the trade. The only way to make sure trades are done fairly and legitimately is to only trade for items that can be placed in the trade window.
In the example below, the scammer has attempted to trick the user into believing they will receive money once the trade has been completed by typing a message into the chat window.
Another form of scamming can occur when people purchase items or Steam accounts through auction sites such as eBay. There is nothing holding users to their agreement when transactions are made through these types of websites. Not only is selling an account against the Steam EULA, the account being purchased is likely stolen.
Before clicking the "Make Trade" button in any trade, ensure that everything is in the trade window. It's important to mouse over every item in the trade window to ensure you're trading for the desired item with the correct name, description and effect. It's common for a scammer to rename an item to trick you into believing it's something else. You can easily identify a renamed item by reading the red text on the item's thumbnail. The title of a renamed item is also in quotation marks.
Additionally, every action of the trade such as item additions and removals are logged at the bottom left of the window within the chat log. In general, take your time with your trades and do not rush any decisions. Scammers will try and rush you into a trade hoping that you make a mistake and not realize that they have removed items from the window.
If you witness a user who is attempting to scam yourself or others through the Steam Communiuty, you can report them by visiting their Steam profile and clicking the "More" button near the top.
From the dropdown menu select the "Report Violation" button.
Once you've clicked on "Report Violation" the report window will appear. Click on the appropriate category and fill in a brief description of what the user was doing and why you're reporting them.
When you're done, click on the "Submit Report" button.
If somebody attempts to scam you through the trade window you can report the trade as an attempted scam by clicking the flag icon near the bottom of the trade window.
In the report window describe how the attempted scam happened and click "Report Scam".
Reports are reviewed by both Valve and Volunteer Steam Community Moderators. If action is taken against a user you've reported you'll receive an email notification.
You're also able to file a report on the community-driven website SteamRep[forums.steamrep.com] to alert other users of the scam. SteamRep keeps a database of previous trade infractions for guilty scammers.
If you've fallen victim to a scam and you've lost access to your Steam account, the only way to regain access to it is to contact Steam Support directly. Steam Support is not obligated to recover any lost items.