If your Steam profile has recently been changed and includes a VAC image and/or a message stating that your account has been VAC and/or tradebanned or has been reported for some type of fraudulent activity and you have 24 hours before the ban takes effect and it encourages you to move your items to another account, trade with someone you know or give the items to a moderator or admin to verify them, then you have been scammed.

Alternatively, you may received a comment on a screenshot, artwork or other item you have posted to the Steam Community with a similar message. They may also tell you to put money in your Steam Wallet to "remove the ban."

This is a scam. Valve will not "warn" you that you are about to be VAC or tradebanned and encourage you to trade your items before they become locked. They will not tell you that you need to pay money to be unbanned nor will any Valve staff, admins or moderators tell you they need to verify your items. This scam has been targeted towards Dota 2 players particularly but users may be targeted with this scam regardless of what games they own or play.

If your account has otherwise been hijacked and you have no control over it at all and are unable to login, follow the remedial steps below.

The most common ways to become a victim of this scam are by clicking on links on a user's profile, typically disguised as trade links or a "link to my main account" (which is another scam link) or clicking on any random link from some random person or even a friend, whose account may have been compromised as well. This is typically accompanied by some super "fabulous" trade offer.

A valid trade Steam profile link will never take you outside of Steam. If you click on a trade or profile link and you receive a Steam warning, indicating that you are about to leave the Steam website then it is a scam.

Never enter your username and password into any website other than the verified Steam website.

Protip: If it sounds too good to be true (e.g. someone wants to trade you an Arcana for your loading screens) then it's probably a scam.

The link typically leads to a phishing website, asking you to login with your username and password or may be a link to malware or a trojan/rat (remote access tool) virus.

Once your computer is infected, the scammer can control your computer as if they were sitting in front of it themselves. This means they can edit your Steam profile, change your avatar, remove friends from your Steam account and add impersonated accounts to your friends list.

Scammers will often approach users after the scammer has told the user their account has a pending ban and tell them to send their items to them (to verify or clean them, which is not a real thing) or to a friend's account, which they may be impersonating.

Due to many accounts having Steam Guard and/or Mobile Authentication enabled, the next step typically involves the scammer waiting for you to trade your items to another Steam account, at which time the scammer intercepts the trade by creating an API key which allows them to remotely intercept and modify trade offers sent from your account and sends your trade to their own Steam account. If you confirm this trade, you will have effectively given your high value items away to a scammer.

What to do once your account has been compromised:

1. Scan for malware/viruses.

Free Malware scanning/removal tool:
https://www.malwarebytes.com/

Free Anti-Virus:
https://www.avast.com

2. From your account settings, deauthorize all other devices.

https://store.steampowered.com/twofactor/manage

3. From a secondary device that hasn't been compromised, such as a mobile device, change your account password. If you change your password on the compromised computer/device, it could be keylogged.

https://store.steampowered.com/account/

It is also recommended that you revoke any existing API keys. Scammers can use this key to remotely manipulate your account and trades.
https://steamcommunity.com/dev/apikey

If you do not see a button/link for "revoke my Steam Web API key" then it has not been compromised. Go to the next step.

4. Additionally, you may need to generate new backup codes if you have mobile authentication enabled and have potentially compromised your recovery code.

https://support.steampowered.com/kb_article.php?ref=8625-wrah-9030#backup

5. If you have not activated Steam Guard on your account then you should do so after completing the steps in this guide. Steam Guard has two levels of authentication, standard Steam Guard which uses email authentication and Steam Guard mobile which uses mobile authentication. At a minimum, you should have standard Steam Guard enabled.

6. If you are unable to access or login to your Steam account at all, then follow the steps in the below guide. Ensure that you provide all of the required information to recover your account. Supplying this information in your initial support request will ensure speedy recovery of your account.

https://support.steampowered.com/kb_article.php?ref=2347-QDFN-4366

7. Additionally, you should revert and change any vandalism that has been done to your Steam profile, such as your profile avatar being changed, name/info, comments, any artwork/screenshots not uploaded by you, etc.

Account Recovery:
https://support.steampowered.com/kb_article.php?ref=2347-qdfn-4366

Steam Item Restoration Policy: (tl;dr: Your items won't be returned)
https://support.steampowered.com/kb_article.php?ref=6633-TANM-9707

Trade Scam FAQs:
https://support.steampowered.com/kb_article.php?ref=3415-WAFH-6433

https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

SteamRep - About Account Hijacking:
https://forums.steamrep.com/pages/hijacking/

Basic Computer Security:
https://www.fbi.gov/scams-safety/computer_protect
https://familysearch.org/blog/en/phishing-scams-viruses-trojan-horses-how-to-protect-computer/

Other Guides:

https://steamcommunity.com/sharedfiles/filedetails/?id=631795003

https://steamcommunity.com/sharedfiles/filedetails/?id=630339657

https://steamcommunity.com/sharedfiles/filedetails/?id=423565666