D.Alex Posted April 2, 2018 Share Posted April 2, 2018 Please get familiar with this relatively new and sophisticated scam: Opskins: Steam API Key Scam Update: MP now has a very good article as well. Update Jan 2019: SteamRep "Account Hijacking" guide; more info on Fake Login. In short: 1) you fall for fake Steam Login website, attacker gets partial access to your account 2a) later you trade your item to Opskins.com/Marketplace.tf bot 2b) attacker cancels your trade and initiates a new trade to a fake bot 2c) you confirm this 2nd trade and lose your item I would like to emphasize that the scam consists of two seemingly unrelated parts. Once you did step 1 (fake login) you're very vulnerable to either step 2 or some other attack. Avoiding #1: do NOT enter your Steam credentials on other websites, this could be fake login. "Signing in through steam" is safe by itself and only requires you to press green "Sign In" button on Steam website. If you're ever asked for credentials, manually open steamcommunity.com in another window and log into Steam there. Avoiding #2: before confirming any high value trade on your phone, visit /my/tradeoffers/sent/ where your trade is waiting in "Awaiting Mobile Confirmation" state. Check all the items and click on your partner avatar to visit his Steam Profile. For example, MP bots should have lots of friends (with Geel usually on top) and lots of TF2 Inventory items. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.