You may be in too many "large Steam groups" that are targeted by such scammers.
Perhaps you may drop large groups which are not necessary or contributive to your online experience.

NEVER click on SteamCommunity links from strangers.

Avoid inputing your login / password into third party websites; log in into the Steam Store via browser and then proceed to use third party websites that require Steam API for logon. This way you will not need to input your login / password again and limit phishing opportunities (You will simply have to click the "sign in" green button).

Ignore / Block the bot adds. Once you block em, you wont hear from that bot again.

Utilize Two Factor Authentification for your Steam login / password, or any login / password you value for that matter. I highly recommend Authy for this endeavor outside of Steam. (Of note, Valve provides Steam's own 2FA). https://authy.com/

2FA is the single biggest thing you can do to defend yourself IMHO. Secondly, dont click on suspicious links from strangers or use your login / password directly on third party websites. With those 2 things and some minimal common sense the odds of losing your account are minimal / almost negligible.

How to Report a Scammer, Hijacker or Phisher:
https://support.steampowered.com/kb_article.php?ref=1927-RTSV-6909

if you dont do trading, inventory to friends only.
if you do trading, use other accounts.

there is not much more that Valve can do other then reacting to reports. usable Steam accounts are basicly free

Not sure if it's affecting automated bots, but set your inventory to non-public. If a scammer (or an automated bot) sees something worth scamming then your decision to show-off bling-bling just made you a mark.

Your inventory is public. After I set my inventory to friends only, the bot invites dwindled and eventually stopped for the most part.

Originally posted by BossGalaga:

Your inventory is public. After I set my inventory to friends only, the bot invites dwindled and eventually stopped for the most part.

Good call, my inventory is always set to private and for the most part, my account/s is/are set to friends only anyhow, to prevent weirdo's and stalkers and trolls lurking on my profile.

Banning scammers.
Steam authenticator.
Steam trade holds.
Trade window warnings.
Restrictions on limited accounts.
Restrictions on sending invites.
Filtering malicious links.
Privacy settings.

There's lots of tools in place to deter scammers and account thieves or to warn users they might be targeted by a theft attempt.

Still as long as there's something worth taking there's going to be someone trying.

Originally posted by Tito Shivan:

Banning scammers.
Steam authenticator.
Steam trade holds.
Trade window warnings.
Restrictions on limited accounts.
Restrictions on sending invites.
Filtering malicious links.
Privacy settings.

There's lots of tools in place to deter scammers and account thieves or to warn users they might be targeted by a theft attempt.

Still as long as there's something worth taking there's going to be someone trying.

These tools don't seem to work against the endless waves of bots that spam people's invites apart from privacy settings. Even then, a privacy setting is more of a workaround than a solution.

Originally posted by Lewis:

Originally posted by Tito Shivan:

Banning scammers.
Steam authenticator.
Steam trade holds.
Trade window warnings.
Restrictions on limited accounts.
Restrictions on sending invites.
Filtering malicious links.
Privacy settings.

There's lots of tools in place to deter scammers and account thieves or to warn users they might be targeted by a theft attempt.

Still as long as there's something worth taking there's going to be someone trying.

These tools don't seem to work against the endless waves of bots that spam people's invites apart from privacy settings. Even then, a privacy setting is more of a workaround than a solution.

Then maybe you should tell what Valve should do about it.

Restricting sending too many friend requests probably wouldn't work. We don't know how many the bots will send, and if it's low enough then this kind of restriction would affect legitimate users. The scammer's solution how to bypass this is to just add more bots so that a bot's workload decreases.

At the moment can't think of anything else that could potentially, on paper, solve this issue. Other than hiding your inventory, of course.

Originally posted by Lewis:

These tools don't seem to work against the endless waves of bots that spam people's invites apart from privacy settings. Even then, a privacy setting is more of a workaround than a solution.

They do. They really do.
You aparently weren't around to see how things where before all these things were implemented.
You're getting 4-5 bot account invites a day? Before people were getting them by hundreds. Daily. Think about having in your inbox anywhere between 100 and 500 friend requests from bot accounts. Every day. That was an 'endless wave of bots'...not 4 or 5 invites.

Spam levels have decreased by multiple orders of magnitude since.

Originally posted by Tito Shivan:

Originally posted by Lewis:

These tools don't seem to work against the endless waves of bots that spam people's invites apart from privacy settings. Even then, a privacy setting is more of a workaround than a solution.

They do. They really do.
You aparently weren't around to see how things where before all these things were implemented.
You're getting 4-5 bot account invites a day? Before people were getting them by hundreds. Daily. Think about having in your inbox anywhere between 100 and 500 friend requests from bot accounts. Every day. That was an 'endless wave of bots'...not 4 or 5 invites.

Spam levels have decreased by multiple orders of magnitude since.

Originally posted by Gekkibi:

Originally posted by Lewis:

These tools don't seem to work against the endless waves of bots that spam people's invites apart from privacy settings. Even then, a privacy setting is more of a workaround than a solution.

Then maybe you should tell what Valve should do about it.

Restricting sending too many friend requests probably wouldn't work. We don't know how many the bots will send, and if it's low enough then this kind of restriction would affect legitimate users. The scammer's solution how to bypass this is to just add more bots so that a bot's workload decreases.

At the moment can't think of anything else that could potentially, on paper, solve this issue. Other than hiding your inventory, of course.

How about having links on profiles moderated, or at least filter out misspellings of steamcommunity (or better yet buying the domains of the misspellings)? How about a method to stop users sending chain mail?

Originally posted by Lewis:

How about having links on profiles moderated, or at least filter out misspellings of steamcommunity (or better yet buying the domains of the misspellings)? How about a method to stop users sending chain mail?

How about reporting them properly?

https://steamcommunity.com/discussions/forum/0/1696045708658861811/?tscn=1525218831#c1696045708659007024

Originally posted by Tito Shivan:

Originally posted by Lewis:

These tools don't seem to work against the endless waves of bots that spam people's invites apart from privacy settings. Even then, a privacy setting is more of a workaround than a solution.

They do. They really do.
You aparently weren't around to see how things where before all these things were implemented.
You're getting 4-5 bot account invites a day? Before people were getting them by hundreds. Daily. Think about having in your inbox anywhere between 100 and 500 friend requests from bot accounts. Every day. That was an 'endless wave of bots'...not 4 or 5 invites.

Spam levels have decreased by multiple orders of magnitude since.

Perhaps Steam should start enforcing laws on bot spammers for being disruptive. China just cracked down on a hacking group that stole login information and likely used it for bots.

http://www.bbc.com/news/technology-43949292

Originally posted by 999999999:

Originally posted by Lewis:

How about having links on profiles moderated, or at least filter out misspellings of steamcommunity (or better yet buying the domains of the misspellings)? How about a method to stop users sending chain mail?

How about reporting them properly?

https://steamcommunity.com/discussions/forum/0/1696045708658861811/?tscn=1525218831#c1696045708659007024

I've reported every single one.

Originally posted by McFlurry Butts:

Originally posted by Tito Shivan:

They do. They really do.
You aparently weren't around to see how things where before all these things were implemented.
You're getting 4-5 bot account invites a day? Before people were getting them by hundreds. Daily. Think about having in your inbox anywhere between 100 and 500 friend requests from bot accounts. Every day. That was an 'endless wave of bots'...not 4 or 5 invites.

Spam levels have decreased by multiple orders of magnitude since.

Perhaps Steam should start enforcing laws on bot spammers for being disruptive. China just cracked down on a hacking group that stole login information and likely used it for bots.

http://www.bbc.com/news/technology-43949292

If that's possible they should by all means