Jump to content

Scam: stolen Steam API Key

Recommended Posts


Please get familiar with this relatively new and sophisticated scam: Opskins: Steam API Key Scam

Update: MP now has a very good article as well.

Update Jan 2019: SteamRep "Account Hijacking" guide;  more info on Fake Login.


In short:

1) you fall for fake Steam Login website, attacker gets partial access to your account

2a) later you trade your item to Opskins.com/Marketplace.tf bot

2b) attacker cancels your trade and initiates a new trade to a fake bot

2c) you confirm this 2nd trade and lose your item


I would like to emphasize that the scam consists of two seemingly unrelated parts.

Once you did step 1 (fake login) you're very vulnerable to either step 2 or some other attack.


Avoiding #1: do NOT enter your Steam credentials on other websites, this could be fake login.

"Signing in through steam" is safe by itself and only requires you to press green "Sign In" button on Steam website.

If you're ever asked for credentials, manually open steamcommunity.com in another window and log into Steam there.


Avoiding #2: before confirming any high value trade on your phone, visit /my/tradeoffers/sent/ 

where your trade is waiting in "Awaiting Mobile Confirmation" state.

Check all the items and click on your partner avatar to visit his Steam Profile.

For example, MP bots should have lots of friends (with Geel usually on top) and lots of TF2 Inventory items.


Share this post

Link to post
Share on other sites

Almost fell for this. 

Be aware that they are offering you money through trusted sources.

Share this post

Link to post
Share on other sites
Diamond jozu

This is rather common in csgo.this was onr of the main reasons why csgo received the ban.now scammers are gonna do to tf2 now.ffs.

Share this post

Link to post
Share on other sites
« SɱokEy »

its part of phishing link scam.Just dont click on any links from steam chat window. 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...