Often times account hijackers rely on deceiving or tricking users into handing out their account credentials. This method is commonly known as phishing, and can be easily avoided by taking a few moments to double check the URL of the webpage you're visiting.Valve
operates the following websites for Steam. If you are prompted with a login page, the first part of the URL within the browser will always
be one of the following domains:
Additionally, all official Steam login pages are secured with an Extended Validation SSL Certificate[en.wikipedia.org]
. Most modern web browsers will display this in the form of a padlock icon with a green highlight and the text "Valve Corporation [US]
" to the left of the address bar.
The most common phishing scams lure victims in with the promise of free items and games. When the user clicks on the link they are greeted with a perfect replica of a Steam website which prompts them to login to continue. Often times the only way to verify their legitimacy is to look at the way the website address is spelled in the address bar. If the URL spelling is not accurate, or it points to a different site entirely, it exists only to steal your account credentials. Additionally Steam will never ask you to upload files from your computer during login. Uploading specific Steam files can allow an account thief to sidestep Steam Guard entirely once they have your credentials.
You can view examples of how the official Steam website URLs look in some of the most common web browsers below.
Some websites offer services which allow you to sign in through Steam. Whenever a website offers this service, the URL of the login page will always
be one of the official Steam addresses.If you're ever uncertain about the webpage you're on, don't type in your credentials. It's better to be safe than sorry.