Almost certainly scammers. Just ignore them and don't interact with them and nothing will happen.
The worst thing you can do is talk to them or add them.

"I would like to ask about games, Would you mind adding me as a friend?"
I just checked your picture and that is a pretty classic scam attempt comment, even I have gotten that exact comment word for word before on a random picture.

Ursprungligen skrivet av Emilio:

Almost certainly scammers. Just ignore them and don't interact with them and nothing will happen.
The worst thing you can do is talk to them or add them.

Thanks for letting me know, i'll ignore them.

https://steamcommunity.com/discussions/forum/0/4751948599939859942/
Here is someone else talking about it and the comment you got on your review matches one of the spam messages exactly.
So yeah 100% confirmed scammers both comments.

To elaborate a little more, what you're seeing there is called a hook. Basically, before they can initiate any scam, they need to be able to actually talk to you. Often, due to friend settings, this requires you adding them as a friend.


After they get you on their friends list and are able to message you, they might try any number of other tactics. I'll offer a small set of examples below and what they do:


This common tactic is to bait you into going to a phishing website to supposedly vote for an esports team in some contest. But to do so, you must "Log in through Steam", except you do this without actually going to Steam. Instead, the page generates a webpage element that is designed to look like a generic web browser window (within the page itself, not a real popup window) that then mimics the Steam login page. Except even if you're already logged in through the real Steam, it still asks for your Username, Password, and Authenticator code.

Once you give them all three of these, they now have access to your account and will likely set up an API key so they have access to your account going forward and can cancel and generate trade offers.


There are all sorts of variants of this, I've seen people offering "free games" or entries in a contest to get something for free, but it all boils down to phishing scams that involve giving away your login credentials.

This is usually done after they already have an API set up on your account. What they do is claim that they accidentally reported your account when they meant to report someone else. They then claim that their one bogus report is going to get you permanently banned. They then claim that they have been talking to Support through a chat service such as Discord even though the only way to contact support is through the ticket system. Then they insist the "admin" refuses to listen to them and will only reconsider if they talk to you, as if there was anything that a user could have that support wouldn't already have access to. None of it makes any sense, but they rely on fear and panic and urgency, usually pressuring you to act as fast as possible so you don't have time to think about how nonsensical it is.

The big goal here is to pressure you to initiate a trade to send all of your items away to another account under the fear that your account is about to be deleted and this is the only way to save your items. Or alternatively, the fake admin will claim you are required to trade some valuable items to them so they can "verify" them. Whatever they do, what they want is you sending a trade offer.

They will then use their API access to cancel the trade and initiate a new trade, sending your items to an account they control which has renamed itself to match whoever you were sending your items to, updating their avatar to match. After they got your items, they block you and laugh.


Just to be safe, I'd suggest confirming the security of your account:

Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.


Do each of the steps.


There is a good chance you'll find nothing in the API key, but it costs you nothing to confirm they didn't already get access to your account.

The OP doesn't need to do these things as they never engaged the scammers just pointed out their comments.

You're safe OP, I just wanted to point out before that I saw someone else mention the exact type of comment you got on your stuff.

Ursprungligen skrivet av Teksura:

To elaborate a little more, what you're seeing there is called a hook. Basically, before they can initiate any scam, they need to be able to actually talk to you. Often, due to friend settings, this requires you adding them as a friend.


After they get you on their friends list and are able to message you, they might try any number of other tactics. I'll offer a small set of examples below and what they do:

Vote for my team

This common tactic is to bait you into going to a phishing website to supposedly vote for an esports team in some contest. But to do so, you must "Log in through Steam", except you do this without actually going to Steam. Instead, the page generates a webpage element that is designed to look like a generic web browser window (within the page itself, not a real popup window) that then mimics the Steam login page. Except even if you're already logged in through the real Steam, it still asks for your Username, Password, and Authenticator code.

Once you give them all three of these, they now have access to your account and will likely set up an API key so they have access to your account going forward and can cancel and generate trade offers.


There are all sorts of variants of this, I've seen people offering "free games" or entries in a contest to get something for free, but it all boils down to phishing scams that involve giving away your login credentials.

Accidentally Reported You

This is usually done after they already have an API set up on your account. What they do is claim that they accidentally reported your account when they meant to report someone else. They then claim that their one bogus report is going to get you permanently banned. They then claim that they have been talking to Support through a chat service such as Discord even though the only way to contact support is through the ticket system. Then they insist the "admin" refuses to listen to them and will only reconsider if they talk to you, as if there was anything that a user could have that support wouldn't already have access to. None of it makes any sense, but they rely on fear and panic and urgency, usually pressuring you to act as fast as possible so you don't have time to think about how nonsensical it is.

The big goal here is to pressure you to initiate a trade to send all of your items away to another account under the fear that your account is about to be deleted and this is the only way to save your items. Or alternatively, the fake admin will claim you are required to trade some valuable items to them so they can "verify" them. Whatever they do, what they want is you sending a trade offer.

They will then use their API access to cancel the trade and initiate a new trade, sending your items to an account they control which has renamed itself to match whoever you were sending your items to, updating their avatar to match. After they got your items, they block you and laugh.


Just to be safe, I'd suggest confirming the security of your account:

Scan for malware https://www.malwarebytes.com/
Deauthorize all other devices https://store.steampowered.com/twofactor/manage
Change passwords from a clean computer
Generate new backup codes https://store.steampowered.com/twofactor/manage
Revoke the API key https://steamcommunity.com/dev/apikey
Stop using shady third party trade sites or clicking suspicious links.


Do each of the steps.


There is a good chance you'll find nothing in the API key, but it costs you nothing to confirm they didn't already get access to your account.

Thanks for the info! Im definetly only restricting myself to friending people I know, lol.