Rule #1: don't add random people on Steam (usually they write something on your wall and also usually it's urgent). Request from private profile = instant block.
Rule #2: Valve/Steam NEVER contact you via comments on your wall, via Discord or via chat inside Steam.
Rule #3: If any page requests your credential and/or Steam Guard password when you're already logged in = 100% scam. Almost all sites with drops for CSGO/DOTA items are scams.
Comment has been collapsed.
Friends might be scammed as well, so if you'll get any link requesting your credentials / guard password => report Valve that your friend lost his account.
Comment has been collapsed.
First of all, suspect that your friend is not your friend.
If they hijack your account, they are like a puppet that has hacked brain.
And there seems to be a malicious act of doing them mechanically and in large numbers.
(I'm not going to describe the method because it might increase the number of malicious acts.)
In any case, "There's no rush, is there?" Let's say so.
If the request can't wait until you really need it, it's a scam.
Comment has been collapsed.
Never log in with your password & steam guard on third party sites. Bookmark steamcommunity.com or steampowered.com and only log in at these sites. After you're logged in reload the third party site and if you're still asked for password / steam guard it's a scam.
Comment has been collapsed.
As others pointed, urgency is the common tactic to make you click on stuff.
If it is urgent, it is 95% a scam.
Stay calm and don't click unless you are sure it is legit.
Comment has been collapsed.
if someone asked you to vote for their favorite team on a certain game, it's mostly a scam.
if someone tells you that they reported you (or something similar) and you are urged to do an action within a few hours or days, it's mostly a scam.
don't get tempted to login on any sites that other people linked to you. if they linked you a steam page and you are asked to login, open a new tab first. open the steam site on your own in that tab, and login there, then refresh the steam page that was given to you. if it still asked you to login, then it's definitely a scam.
don't get tempted on something that's too good to be true (login to this site to get this AAA game, or whatever that is). it's mostly a scam.
don't panic. if someone says that you need to act quickly to do something or else you'll lose your account, ignore it. it's mostly a scam.
if you think something is fishy. stop doing whatever you are doing. it might be a scam.
Comment has been collapsed.
As a follow-up to the other suggestions being given. Basically two-factor authentication with your friends.
If you receive a sus link from a known friend, double check with them via another source of communication. Message them on discord, text message, social media, or any other way you two communicate with each other. Until you hear from them outside of steam that it was actually them, don't trust ANYTHING by default.
Comment has been collapsed.
Some additional points:
Always verify the URL. Scammer often use URLs similar to official URLs (eg. steann instead of steam). In case it's a completely different URL, or for some unknown website, quick google search usually helps.
Never login using forms in in the 3rd party sites. Login using the official site and then grant access to the 3rd party site (if and where possible, check what permissions you are granting).
Prefer to first open the links in incognito and check the site, specially in case the shared link was URL-shortened, and hence redirects to some other site. This is simply to prevent access to cookies and stuff like that.
Been said above, but it's just too important to skip. Urgency to open the link should always raise red flags.
In case of emails, verify the sender's email address, as well as the domain (similar to first point).
Bit of extra work, but keeping some extra dummy account for all this stuff helps too. This may not be possible in every scenario but it's quite useful, specially when you are trying something new that you are not sure of.
Comment has been collapsed.
"Trust but verify"
rule no.1 on the internet is never click on unknown links. so if a friend send something odd, ask in person or call him.
There is a known scam where Hacker hijack your phone and send urgent message to your friends asking for a money transfer. and people fall for it all the time, when a simple call could solve this.
also activate 2-step verification. and never enter the password unless you typed the website yourself.
Comment has been collapsed.
Interestingly "a long standing Steam friend sending me a fishy link" has happened to me almost half a dozen times in the last 2 months, which is WAY higher than the usual rate ..
All of them were "vote" (either logos or teams)
And I knew from the get go all of them were hacked, thankfully all of them managed to get their accounts back.
Comment has been collapsed.
Another good rule. not just for steam, is to use a password manager like bitwarden to store your passwords, and then if the site is dodgy there won't be an option to auto-fill the password, as it won't recognize the domain.
Comment has been collapsed.
Ok again this happend, but this time was sended from me. Any idea how to deal with it? Luckily i didin't lose any friends, they just got this spam.
https://cdn.discordapp.com/attachments/393359588478681098/869351109150527488/unknown.png
Comment has been collapsed.
have you changed your steam password? try to remove your phone authenticator too if you want to be safe. it will automatically log you out anywhere that you have connected to. you'll get ~1 week limitation to do market related stuff after you add it again tho.
Comment has been collapsed.
264 Comments - Last post 38 minutes ago by adam1224
6 Comments - Last post 1 hour ago by steveywonder75
150 Comments - Last post 1 hour ago by Hawkingmeister
1,247 Comments - Last post 1 hour ago by WaxWorm
82 Comments - Last post 2 hours ago by GarlicToast
71 Comments - Last post 3 hours ago by LighteningOne
145 Comments - Last post 6 hours ago by seaman
9,632 Comments - Last post 2 minutes ago by CurryKingWurst
59 Comments - Last post 3 minutes ago by kiyanoosh
2,434 Comments - Last post 4 minutes ago by perfvillain
58 Comments - Last post 23 minutes ago by coleypollockfilet
122 Comments - Last post 44 minutes ago by SilentGuy
57 Comments - Last post 48 minutes ago by CptWest
763 Comments - Last post 49 minutes ago by CptWest
Nooo i don't want hack anyone. I just simple need help because. Sometime ago one of my friends, sended me an poll about voting for his favorite team in LoL. Yeah okay i did that, but i didin't noticed it was an ruse and all my friends on steam were blocked and removed. Luckily i fixed it. Can you guys help me, how to recognize stuff like that in future?
Comment has been collapsed.