They have been doing this for the past 10 years. Not exactly new.

I see you have been to a few of those sites and logged into the fake login screen. Your account is spamming out the same thing under a different site name on your friends profile comment sections.

Stop trying to use those sites.

So you login to some shady csgo trading website with steam and get hijacked.

typical, haven't you ever been told to not click every link you see?

Originally posted by GlerkTheFlurp:

So you login to some shady csgo trading website with steam and get hijacked.

typical, haven't you ever been told to not click every link you see?

Actually in this case it's more important to say

DO NOT USE YOUR STEAM USERNAME AND PASSWORD ANYWHERE OTHER THAN AN ACTUAL STEAM SITE. ALWAYS CHECK THE SPELLING OF THE WEBPAGE'S ADDRESS, BEFORE YOU TYPE IN YOUR USERNAME AND PASSWORD.

Originally posted by Quint the Pondering Ghost:

Originally posted by GlerkTheFlurp:

So you login to some shady csgo trading website with steam and get hijacked.

typical, haven't you ever been told to not click every link you see?

Actually in this case it's more important to say

DO NOT USE YOUR STEAM USERNAME AND PASSWORD ANYWHERE OTHER THAN AN ACTUAL STEAM SITE. ALWAYS CHECK THE SPELLING OF THE WEBPAGE'S ADDRESS, BEFORE YOU TYPE IN YOUR USERNAME AND PASSWORD.

Which should also be obvious.

Originally posted by colin:

(By the way the website was secure so I thought it'd be safe, but it wasn't).

First understand what a sign actually says, before following it. And even then, make also sure it makes sense, not that for example a bird played with it and moved it .......

Actually, signing into a web site through Steam is safe, even if the web site is dodgy. Whats not safe is to input your account credentials on a form hosted on that web site. That, girls and boys, is phishing and thats literally decades old.

Originally posted by EgN| Quake:

There have been multiple scams going around recently, one of which called "csgoknow". If you see a comment on your profile with a sentence along the lines of "Trade Your CS:GO Cases For Keys! 4 Cases = 1 Key!" It will lead you to a website, in which you login with steam, and it says "Technical works. We'll come back soon!" But what it does is it spams that comment on everyone on your friends list with that. I don't want anyone falling for it like how I did - so stay safe! Don't click on any suspicious links!

(By the way the website was secure so I thought it'd be safe, but it wasn't).

If I see a comment on my profile like "Trade Your CS:GO Cases For Keys! 4 Cases = 1 Key!" the first thing I'd do is delete it and block the person.

Originally posted by ♥ Miss♕Taxi ♥:

Originally posted by EgN| Quake:

There have been multiple scams going around recently, one of which called "csgoknow". If you see a comment on your profile with a sentence along the lines of "Trade Your CS:GO Cases For Keys! 4 Cases = 1 Key!" It will lead you to a website, in which you login with steam, and it says "Technical works. We'll come back soon!" But what it does is it spams that comment on everyone on your friends list with that. I don't want anyone falling for it like how I did - so stay safe! Don't click on any suspicious links!

(By the way the website was secure so I thought it'd be safe, but it wasn't).

If I see a comment on my profile like "Trade Your CS:GO Cases For Keys! 4 Cases = 1 Key!" the first thing I'd do is delete it and block the person.

I'd delete it, block the person, and report them as a suspected hijacker.

Originally posted by ReBoot:

Actually, signing into a web site through Steam is safe, even if the web site is dodgy. Whats not safe is to input your account credentials on a form hosted on that web site. That, girls and boys, is phishing and thats literally decades old.

So, the more legit sites that do "sign in through Steam" actually have you sign in via clicking a button that says to share one's profile with that site (steamgifts for example):

Sign into www.steamgifts.com using your Steam account
Note that www.steamgifts.com is not affiliated with Steam or Valve


By signing into www.steamgifts.com through Steam:

* Your Steam login credentials will not be shared.
* A unique numeric identifier will be shared with www.steamgifts.com. Through this, www.steamgifts.com will be able to identify your Steam community profile and access information about your Steam account according to your Profile Privacy Settings.
* Any information on your Steam Profile page that is set to be publicly viewable may be accessed by www.steamgifts.com.

By clicking "Sign In" you agree to this data being shared.

On the left, it says

Quint the Pondering Ghost
{login name redacted}
[Not You?]

HOWEVER, I've seen actual phishing sites use ALMOST the same interface, BUT it replaces that bit on the left with a space to enter username and password.

It'd help if Steam came up with a term for doing the legit thing that didn't sound basically the same as doing the non-legit thing, so it'd be less easily confused. But aside from that, one really does need to pay attention to the spelling.

Just log in on steam, legit sites wouldnt need details again. As always, use your own link, do not click. Do not trust buttons.

That simple.

Originally posted by Quint the Pondering Ghost:

Originally posted by ReBoot:

Actually, signing into a web site through Steam is safe, even if the web site is dodgy. Whats not safe is to input your account credentials on a form hosted on that web site. That, girls and boys, is phishing and thats literally decades old.

So, the more legit sites that do "sign in through Steam" actually have you sign in via clicking a button that says to share one's profile with that site (steamgifts for example):

Sign into www.steamgifts.com using your Steam account
Note that www.steamgifts.com is not affiliated with Steam or Valve


By signing into www.steamgifts.com through Steam:

* Your Steam login credentials will not be shared.
* A unique numeric identifier will be shared with www.steamgifts.com. Through this, www.steamgifts.com will be able to identify your Steam community profile and access information about your Steam account according to your Profile Privacy Settings.
* Any information on your Steam Profile page that is set to be publicly viewable may be accessed by www.steamgifts.com.

By clicking "Sign In" you agree to this data being shared.

On the left, it says

Quint the Pondering Ghost
{login name redacted}
[Not You?]

HOWEVER, I've seen actual phishing sites use ALMOST the same interface, BUT it replaces that bit on the left with a space to enter username and password.

It'd help if Steam came up with a term for doing the legit thing that didn't sound basically the same as doing the non-legit thing, so it'd be less easily confused. But aside from that, one really does need to pay attention to the spelling.

There's no way to be confused if you're following basically 2 simple rules:
1. ALWAYS check the URL. Legit Steam login is a new frame from steamcommnity.com and fake ones aren't. Remember that URLs can be spoofed via punnycode, so check the certificate as well, it has to be for Valve corp, not just any certificate like some fools believe.
2. Log into steamcommunity.com, let your browser remember the login. This way, there's no way at all to get to an input field on a legit site as a legit site redirects to Steamcommunity.com where you are logged in already. Fake sites OFC can't do that as they're fake.

At the end of day, rule #1 is the one and only true rule. Rule #2 is a little helper, but you're perfectly safe when following rule #1 only.

As I said, that's really vanilla phishing. It has been around for 2 or so decades.