A gamer, in for some fun.
According to Business Insider, around 77,000 steam accounts are hijacked or scammed each month. And after all, hijacking steam accounts is not very uncommon; hackers are everywhere. And if you think about it, the reason behind the hijacking is the user’s lack of knowledge and securities measures. So to make certain that no other or at least fewer users get their account compromised, here is one simple guide for not getting hijacked or getting your game inventories scammed on steam.
FAKE SITES AND TRADE OFFERS
Often strangers will send you links either on the steam chat or any other platform like discord. If you open the links, you will have to log in to their fake steam login layout, and your account will be hijacked.
HOW TO CHECK IF YOU’RE LED TO A FAKE SITE
- CHECK THE DOMAIN ADDRESS: Alway make sure that the domain name is correct. Hijackers usually send you links with misplaced words in trade links like “steancommunity.com/…” or “steamcommuniity.com/…”. Always avoid users who send you messages like “hey bro I’m leaving CSGO so you can have the skins you want with my trade link here”, block them and report them.
- LOGIN UI: Never click on a stranger’s link and if you want to log into some 3rd party legit sites, make sure you are logged in to the official Steam page first and don’t enter your password on any other site even if you have logged in to the official Steam page. And make sure to only enter the password on the right Steam layout or page.
HOW TO AVOID GETTING YOUR ACCOUNT HIJACKED
- STEAM MOBILE AUTHENTICATOR: The steam guard is another security measure offered by steam. It links your steam account to your contact number and displays an authentication code that resets every 30 seconds on the mobile client for steam. Once you’ve enabled the steam guard on your mobile phone, you will need an authentication code too after entering the correct password for logging in.
How to enable steam guard –
- Select “Steam Guard” from the app’s menu and tap on “Add Authenticator”
- Enter your contact number and click on add phone
- Confirm your email and click the “Add Phone Number” button in the steam mail
- Click next on the steam app and enter the OTP you got as an SMS on your contact number and click on “Submit”
- Copy the recover code to a safe place, preferably on an IRL note. The recovery code is proof that you’re the owner of the authenticator if you lost your mobile phone.
- Click “Done” and you’ve successfully enabled the mobile authenticator.
- LOG IN TO STEAM OFFICIAL SITE FIRST: Never click on a stranger’s link and if you want to log into some 3rd party legit sites, make sure you are logged in to the official Steam page first and don’t enter your password on any other site even if you have logged in to the official Steam page. And make sure to only enter the password on the right Steam layout or page.
Steam lets you buy, sell, and trade items stored in your game items in your inventory. Unfortunately, more and more competitive games came up with cosmetically customized items like skins or pay-to-win objects as years went by. Scammers use these items as another way to scam on Steam, robbing up their items. So, with the above scam techniques and preventions in mind, let’s talk about inventory scams.
Your Steam account can register an API key which gives you some features like managing trader offers. If a stranger has your API key, they can manage your trader offers, and most importantly, create new offers on their behalf. Once the scammer has your API key and you accept any trade offer on Steam, the scammer immediately generates an exact clone account of the real user you are trading with, cancel your legit trade, and offer the same trade but with an empty trade with all their items removed. This way, if you confirm the trade on the mobile authenticator, you will send your items to the bot account and won’t get anything back. That’s the most common technique used by scammers to scam your high-value inventory.
HOW TO NOT GET YOUR INVENTORY SCAMMED
- CHECK THE API KEY: Go to https://steamcommunity.com/dev/apikey (again, check any link related to Steam, it’s starting from steamcommunity so it’s official) and check if the “Domain Name” box. If it’s empty, then green flag, and if there’s something you didn’t already enter yourself in the past, immediately clear it to remove the key.
- CHECK USER’S STEAM LEVEL AND STEAM AGE: Whenever confirming your trade offers on Steam guard, do verify the contents of trade and most importantly, check the other user’s Steam level, Steam age, and profile. If the Steam level or age or profile does not match with the profile of the user you are originally trading with, immediately cancel the trade and check the Steam API page. Clear the key, or edit it if you did register it for your specific purpose before.
- TAKE FEW CENTS ITEMS IN RETURN (BY ANOMALY): Whenever you’re in an empty trade, or a trade where you yourself are giving your items and not receiving any item from other side, just add an item not worth anything like just a few cents graffiti for CS:GO trading so you can just verify that it’s not an API scam while confirming trade on Steam guard.
WHAT IF YOUR ACCOUNT IS ALREADY COMPROMISED
- Change the password and log out of every other device and contact steam support.
- DISABLING MOBILE AUTHENTICATOR AND IMMEDIATELY TURNING IT ON AGAIN: If you remove your mobile authenticator, you will impose a 15-day trade lock on yourself and won’t be able to trade or use the community market. So if you think someone might have your API key or your account is compromised, turn off the authenticator and immediately enable it again.
- Never click links on Steam and always check if the domain is correct
- Check the login interface while logging in to Steam and log in to the official Steam page before logging in on 3rd party sites through Steam
- Enable Steam Guard (authenticator)
- Clear the API key if you didn’t set it yourself in the past
- Check the other user’s steam level and the content of the trade properly while confirming the trade. Try to take just a few cents item in return in empty trades
- Disable and instantly enable the steam authenticator to impose a trade lock
- Change the password of the account if it has already been hijacked and contact steam support
Hope it helps 😉
What is Article Sponsorship?
There are several different ways to show your support for SassyGamers.com and article sponsorship is one of them. Do you see an article that you really enjoyed or found a lot of value from? Maybe you think the content aligns with your own content and you want to do a link trade between your content and ours. Sponsoring an article is the best way to do that.
Feel free to click the "Sponsor this Article" above and check out the available sponsorship options or email email@example.com for more information.