Don’t Get Steamed, and Protect Yourself from the Latest Steam Scams

Welcome to the internet’s dark underbelly, where scams are everywhere. It is only your eye and a sense that could help you stay away. One such scam causing havoc in the gaming world is the notorious “Steam Scam.” 

Steam is a popular digital distribution platform for video games developed by Valve Corporation, with over 120 million active users. However, this massive user base has also made it a prime target for scammers looking to exploit vulnerabilities and steal personal information from unsuspecting gamers. 

This article will delve into Steam scams, how they work, and what you can do to protect yourself.

Major scams identified by Steam

Steam-confidence scams

Steam confidence scams refer to fraudulent schemes where scammers attempt to gain access to your Steam account or personal information by exploiting their trust or confidence.

These scams often involve a scammer 

• posing as a representative from Steam support or a friend who needs help with their Steam account. 
• The scammer may claim that your account has been compromised and ask for sensitive information, such as login credentials, payment information, or personal details, to “verify” your identity and restore access.

DO NOT FALL FOR THESE STEAM SCAMS. PEOPLE ARE LYING ABOUT COMMUNITY MARKET PURCHASES AND TRYING TO HAVE YOU DISPUTE WITH A FAKE STEAM REPRESENTATIVE TO OBTAIN YOUR STEAM INFORMATION. STEAM DOES NOT HAVE A LIVE CUSTOMER SUPPORT THROUGH DISCORD. DO NOT FALL FOR THIS COMRADES!!!!! pic.twitter.com/8uitMl3yyP

— 🏮Rabbin🟰신로🏹 (@frenchpressit) May 10, 2023

Alternatively, the scammer may offer to trade or sell rare items or games at a discounted price, but require you to send payment or provide your login details first. Once the scammer has obtained your information or payment they may use it for identity theft, financial fraud, or to hijack your Steam account.

How Am I Going To Pay … THIS …
WoW
Disputing STEAM = steam SCAM pic.twitter.com/Co906dNwq3

— Georgi Radionov (@GeorgiRadionov) May 6, 2023

To avoid falling victim to Steam confidence scams, you should be wary of unsolicited messages or friend requests from strangers, especially those that ask for personal information or require immediate action. You should also be cautious of offers that seem too good to be accurate and always verify the authenticity of any communications or transactions with Steam support through the official website or app.

Steam trade scams

A trade scam is a situation where a Steam user deceives you into engaging in a transaction (such as trading, gifting, or market transactions) based on false information. Scams typically involve trickery or dishonesty to make the victim believe they are receiving a fair or advantageous deal when, in reality, they are being exploited.

There are some "accidentally reported your Steam" scams going around again in discord. Please be careful. pic.twitter.com/8yx4UPV95z

— WitchyWomaan (@WitchyWomaan_) May 4, 2023

To prevent falling victim to scams, it is essential to exercise caution and follow these recommended practices:

• Avoid rushing into trades. Carefully review all aspects of an offer before accepting it; once confirmed, trades cannot be reversed.
• If the other user insists you trust them, it is likely an attempt to scam you. Be wary of +rep comments, as they can be easily fabricated by malicious groups.
• Inspect each item to ensure their properties are accurate. The tooltip will display information about the item, including its quality, name, description, and any effects.
• Refrain from trading items in separate or future trades. If a user requests multiple trades, it could be a scam. Insist on completing the entire trade in a single offer.
• Confirm that you are trading with the correct user. Scammers may try to impersonate your friends or trusted traders. You are responsible for ensuring the identity of the person you are trading with.

Sadly one of the biggest scams for skins I've heard of happened 2 weeks ago 😭

Nearly $100k worth of liquids were taken, the account was thankfully trade banned before any could be sold

The Steam ID of the scammer is 76561199376162943 – skins stolen can be seen on FloatDB pic.twitter.com/HBGDZEOPkr

— CorbZ (@CorbZcs) May 11, 2023

Certain types of trades should be avoided to minimize the risk of scams, including:

• Trading for non-tradable items: Avoid trading for anything that cannot be added directly into the Steam trading window. This includes trading items/gifts for money outside of the Steam Community Market, CD Keys, or making trades with no expectation of receiving anything in return.
• To stay informed and protected, familiarize yourself with the Steam Trading FAQ and Recommended Trading Practices articles.

Source: Reddit user

It is crucial to exercise vigilance and double-check the contents of any proposed trade, verifying the item and its quality before finalizing the transaction, especially in the case of multiple-item trades.

Common scams attempt to deceive you out of your items

• Item switching – You negotiate a trade offer with another user in advance, and the item they include appears similar to the desired item but is of lesser value.
• CS:GO quality switch – A user presents a specific quality CS:GO item (Factory New) in their offer, but the item they offer is of a lower quality (Field-Tested). This switch is often made during a counteroffer.
• Hidden item – A user proposes a trade that includes numerous low-value items from your inventory (such as cards, crates, etc.), but they also hide a high-value item among them.
• Begging/spamming – A user bombards you with trade offers, begging for high-value items in exchange for nothing or very little. Their hope is that you accidentally accept the offer.
• Forward confirmation email – A user convinces you to forward your trade confirmation email to their email address. They then use the link in the email to confirm the trade themselves. Avoid forwarding trade confirmation emails or links and refrain from providing additional information to other users who request it for your account.
• Money for items – A user offers to send you money via methods like PayPal, PaySafeCard, Steam Wallet codes, or Steam Digital Gift Cards, in exchange for your items. The scammer typically sends a fake payment code after the trade is completed. In the Steam Digital Gift Cards case, the scammer may appear to pay you upfront but intends to reverse the transaction or use a fraudulent credit card for the purchase.
• CD keys for items – A user offers to trade you a Wallet Credit code or a game’s CD Key in return for your items. After completing the trade, the scammer usually provides a counterfeit CD Key.
• Users offering item duplication – A user claims they can duplicate your items only if you trade away them first. Once they receive your items, they block and keep your messages.
• Users acting as trade bots – A user impersonating a trading bot(s) instructs you to trade them specific items. After you accept the trade and send them the items, they block you on Steam and retain your items.

News:Steam users warned to beware this dangerous phishing scam

• Middleman trades – Employing a middleman is unnecessary if your trade adheres to Steam’s trading guidelines. You expose yourself to potential scams whenever you trust another user with your items.
• Verification accounts – A user requests a trade of an item for “verification” purposes. They may provide a fabricated excuse, such as confirming the item’s authenticity or ensuring it’s not glitched. These users will then keep your item(s), block you, and get away with the items.
• Fund transfer via the Steam Market – A user proposes to send you Steam Wallet funds by purchasing one of your low-value items from the market at an inflated price. Most of these offers involve fraudulent funds.
• Voice comm software/join our tournament team (malware) – A user convinces you to install malware disguised as voice communication, anti-cheat, or other software, claiming that it’s necessary for participating in a tournament.
• Offering fraudulent items for resale – Malicious users may acquire unusual items (often using stolen credit cards) and attempt to trade them to you for more recognized items with established value. Prior to this, they might manipulate the Steam Community Market price of these unusual items through fraudulent credit card usage. 

Be cautious of claims they will overpay or offer quick sell (qs) prices for immediate profit. Consider why they would willingly trade these items to you at a loss instead of selling them themselves. As an excuse, they may request tradable keys or other items. Reject these trades as the value of the unusual items has been falsified, and subsequent Market transactions may be reversed due to fraudulent activity.

Some other scams you must know about

SteamAPI scam (Phishing)

This particular scam falls under the broader category of Phishing and Trading, but it is important to highlight it separately due to its prevalence.

A user must initiate and confirm trades through the Steam Mobile Authenticator to conduct item trades. Scammers need help to bypass this process. However, they can deceive users into unknowingly approving a “wrong” trade using the SteamAPI. Here’s how the scam works:

• Users fall victim to logging into a fraudulent website – This is a case of PHISHING. The user unwittingly provides their login credentials and authenticator code by doing so.
• The attacker gains access to the user’s account.
• They add a SteamAPI key to the compromised account.
• The attacker patiently waits, taking advantage of the user’s ignorance of the compromise.
• The user receives a legitimate trade offer from someone.
• The attacker detects this trade through the SteamAPI key associated with the compromised account.

Source: Steam

• The attacker swiftly cancels the legitimate trade and creates a new account that closely resembles the original trader’s account. They send the user a trade offer from this deceptive account, automating the process using programs, scripts, and bots through the SteamAPI key.
• The user reviews their trades and, at first glance, everything appears fine as the deceptive account looks similar to the legitimate one involved in the initial trade.
• Trusting the trade, the user approves it using the Steam Mobile Authenticator.
• Consequently, their items are now gone.

Essentially, this scam is a form of phishing where the user inadvertently logged into a fraudulent site, aiming to obtain free money or other benefits, and inadvertently disclosed their Steam credentials.

If you suspect that you have fallen victim to this scam, it is advisable to check your account for any signs of an unauthorized SteamAPI key: https://steamcommunity.com/dev/apikey

If you find anything suspicious in this section, it indicates that your account has been compromised.

Source: CS:Go Roll (Did you spot the difference in date?)

Scams through virus

The risk of encountering scams via viruses is prevalent across the internet, including on platforms like Steam. It is crucial to exercise caution when clicking on links and downloading content. The majority of threats can be mitigated using antivirus software and by employing common sense.

ALWAYS exercise caution when a website requires you to bypass Steam’s URL filter, as exemplified below:

[friendfrenzy]: Check out this amazing website: gotyourhand.com

[ciacendi]: Simply remove the space in the URL

Visiting a site like the one mentioned could result in downloading a Trojan or malicious file.

• Fake screenshot link: An attacker will try to engage you in clicking the link.

“Congratulations, you won a prize in the giveaway group X. Simply tell me which of the ones in this image you want.”

• Deceptive TeamSpeak error: Following a CS:GO (or any other game) match, an individual sends you a friend request on Steam. They adopt a friendly demeanor, occasionally engaging in competitive games together. Over time, they propose the idea of communicating via TeamSpeak. Upon joining the TeamSpeak server, you are unexpectedly confronted with an error message containing a hyperlink. This message might falsely claim that TeamSpeak requires an update or that your sound drivers are outdated, among other possibilities.
• ESEA exploitation: Occasionally, during competitive Counter-Strike: Global Offensive matches, you may encounter a friendly player who seems genuine and enjoyable to play with. Unfortunately, there are individuals with malicious intentions. After some time, they will inquire about your familiarity with ESEA, a well-known platform for competitive play. They will offer you a free ESEA subscription and send the file to hijack your system.

Phishing scams

One of the most prevalent methods employed by account hijackers to gain unauthorized access is by crafting counterfeit web pages that deceive victims into believing they are legitimate. These fraudulent websites often mimic the URL and appearance of authentic platforms. For example, they may utilize URLs like steamcommunity, steamcomuniity, or staemcommunity.

Hackers typically propagate these deceptive links through automated bots or compromised accounts by adding users or commenting with fraudulent URLs. The likelihood of encountering such messages increases when trading sites like TF2Backpack, CSGOLounge, and DOTA2Lounge.

An example of a message used in this context could be:

[smartzayn]: Hi, my friend is having trouble adding you as a friend. He consistently receives an error message but wishes to trade with you. Could you please add him: steamscommuntiy.com/id/scammerusername/

To avoid falling victim to phishing scams, especially when uncertain about the legitimacy of a login page, employ a simple trick:

First, visit the official Steam Community page and log in as usual. Then, instruct the other party to log in via Steam. The website will display you as already logged in if it is genuine. If it prompts you to enter your credentials, it is a phishing scam, and you should immediately close the site.

Source: Reddit (Punnycode scam)

Valve maintains the following websites for Steam. When confronted with a login page, the initial portion of the URL displayed in the browser should always match one of the following domains:

https://steamcommunity.com

https://steampowered.com

https://store.steampowered.com

https://help.steampowered.com

Legitimate Steam websites will also feature a padlock icon in the URL bar, indicating a valid SSL certification from “Valve Corporation (US).” 

SSFN scams

Hijackers are attempting to circumvent SteamGuard by requesting the submission of the “SSFN” file(s) located in Steam’s installation directory. It is crucial to note that sharing or uploading this file should never occur, even if prompted by Valve or any other legitimate source.

The “SSFN” file serves as evidence that the current device has been authorized and no longer necessitates a SteamGuard code due to the “Remember me” functionality.

A deceptive scheme may resemble the following:

Source: https://www.reddit.com/r/Steam/comments/1yw25k/psa_new_phishingscam_technique_on_fake_steam/

Impersonation scams

Multiple variations of scams exist that revolve around the impersonation tactic. The primary objective typically involves deceiving individuals in order to obtain valuable items, although the motivations can vary.

Source: Steam community

It is crucial to consistently verify the authenticity of individuals who claim to be someone they are not. For instance, if someone claims to represent Valve, it is advisable to check if the person in question is listed as a friend (although the likelihood of this being true is minimal).

https://steamcommunity.com/discussions/moderators

To enhance the identification of friends, it is recommended to assign nicknames to them. By accessing the Friends window, right-clicking on a person, and selecting “Add Nickname,” you can easily distinguish them from impersonators and improve your ability to remember their true identities.

Middleman injections

Once an agreement is reached for a trade that occurs partially outside of the Steam platform, the selection of a middleman becomes necessary. Scammers often propose a seemingly trustworthy middleman who appears legitimate according to SteamRep. 

However, the scam unfolds when an imposter account, posing as the chosen middleman, adds the victim. Unaware of the deception, the victim proceeds to fulfill their side of the transaction, believing they are using a reliable middleman. Eventually, both the scammer and their accomplice block and remove the victim from their contacts, while retaining the stolen items. 

Source: Steam Community

To safeguard against such scams, it is essential to personally add the middleman and independently verify the identity of the individual who added you. It is crucial to conduct your own investigation of the middleman – this entails clicking on their profile, copying/pasting their profile URL into SteamRep, and verifying that their claimed identity aligns with the information provided.

Claiming to be Valve representative

Certain individuals may attempt to deceive you by posing as employees and falsely claiming that you have been reported for engaging in fraudulent activities such as duping or scamming. They may also feign the need to “scan” your items. 

It is important to remember that Valve employees or representatives will refrain from engaging in direct trades or trading activities. Any individual asserting otherwise, even if they resort to threats of bans, is engaging in deceitful behavior.

All individuals associated with Valve can be found on this page. If someone genuinely works for Valve, their name will appear on that page, accompanied by a badge indicating “Valve Employee” or “Steam Community Moderator.”

Source: Steam

This particular scam method may also involve fraudulent emails designed to mimic Valve or Steam Support communications. It is crucial to know that neither Valve nor Steam Support will ever send emails with attachments.

Some variations in trade scams

There are many trade scams. Scammers attempt in various ways. Some are mentioned above; let’s know some most occurring scams::

Quick switching

In this scam, the victim is led to believe they receive a specific item but are given a different one. The scammer places the desired item in the trade window during the trade process. 

However, through quick and unnoticed actions, they swiftly switch it with another item that resembles the desired one but holds a lower value. For example, they may replace an expensive unusual hat with a cheaper version of the same hat, which appears identical but possesses a different effect. To make the switch less conspicuous, the item might be renamed, and the trade chat log, which updates when items are added or removed, can be used to mask the manipulation.

Source: Steam

To create a distraction, the scammer may engage the victim in Steam chat, prompting them to switch windows. Taking advantage of this diversion, the scammer seizes the opportunity to swap the item while the victim is typing. They might also request the victim add or remove other items or perform multiple item additions and removals to confuse the trade chat log, preventing it from revealing the item switch. 

However, recent updates in Steam trading have made it easier to detect such fraudulent activities. Any item changes are now displayed in the trade chat log, and any modifications made after the victim has readied up will prevent them from accepting the trade. 

Invoice scams

An invoice serves as a means for sellers to request payment from buyers, and scammers exploit people’s familiarity or lack of familiarity with the process. The following explanation pertains to PayPal, a popular service utilized for sending invoices.

Through PayPal Invoice, sellers have the flexibility to customize the contents of an invoice intended for a buyer. They can outline the items being sold, including quantity, unit price, and total amount, along with additional sections such as “Terms and conditions” and “Note to recipient” to provide transaction details. These sections allow sellers to communicate specific conditions and information to buyers before completing the purchase. Unfortunately, scammers exploit these sections to mislead buyers into believing that the invoice serves as a payment method.

Source: Steam Community

Scammers may incorporate various deceptive statements in the “Terms and Conditions” section, such as: “This is a PayPal Gift. Gifts are non-refundable. These statements are intentionally crafted to give the impression that the invoice functions as a “PayPal Gift” payment system, complete with PayPal’s terms and conditions. 

• One version of this scam involves the scammer, posing as the buyer, sending an invoice to the seller. The deceptive wording in the invoice’s sections implies that the seller is expected to make a payment to the scammer. In such cases, it is crucial to ignore the invoice.

• Another variation of the scam involves the scammer, acting as the buyer, offering to pay the seller upfront.

Gambling scams

There are numerous methods that scammers employ, involving fake gambling sites, all of which revolve around two main objectives: phishing and stealing your skins. In this section, we will explore several well-known techniques.

Source: Steam

These fraudulent sites often attempt to appear authentic by featuring a fake chat section where bots engage in conversations, often in conjunction with a fabricated jackpot. For instance, when someone supposedly achieves a significant win, the bots will inundate the chat with messages about that particular jackpot. However, it’s important to recognize that all of these events are pre-programmed and scripted. If you spend enough time on the site, you will notice the events repeating themselves, akin to a video on a loop.

Source: Steam

Furthermore, some scammers employ an API system, where the bots have access to a predefined set of statements and operate within specific time limits governing their message frequency. These bots can trigger events to coincide with specific situations, such as someone winning or losing a jackpot.

Frequently encountered steam scams, you should be familiar with

The most common method to trap you is phishing. Phishing is the most recurring cyber crime, because it is easy to incorporate at all platforms. Some others include API, jackpot and giftings. Let’s explore how far scammers think to get you under their cover.

Job offer 

In this deceptive scheme, an individual will add you as a contact on Steam and present you with a false employment opportunity related to a counterfeit gambling website. Typically, they will propose roles such as a moderator or coder.

It is important to note the peculiar nature of this job offer. Unlike legitimate employment offers that require you to prove yourself to the company, the scammer aims to convince you about the legitimacy of their website. They adopt a strategy where they pitch themselves to you, creating an illusion of control. This approach is intended to make you feel at ease and is a form of social manipulation. 

They usually provide minimal details about the job, merely specifying the number of hours you need to work. However, any response you give will be accepted without question. Even if you claim to only be available for a brief period each day, they will readily agree.

Through the use of social engineering techniques, the scammer will try to persuade you that they will pay you upfront, even before you commence any work on the website. This tactic aims to establish a sense of trust and create the impression that there is nothing to lose. They may even present the opportunity for you to scam them by accepting the payment and disappearing. However, this is all part of their social engineering strategy, and the actual scam is about to unfold.

Assuming this is not a phishing scam and you have logged into the site using the legitimate Steam API provided by Valve, the scammer will attempt to lure you into making a deposit using two different methods.

• One approach involves the scammer adding counterfeit items to your site inventory and instructing you to withdraw them. However, to complete the withdrawal, they claim that you must make an initial deposit. You have been scammed if you fall for this and make a deposit. There is no job, and there are no items for you to retrieve.

• Another method employed by scammers is to persuade you to make a deposit on the gambling site, promising that they will ensure you win the jackpot. They will try to convince you that to increase your chances of winning (beyond the typical 1%-5% probability), you need to place a considerably large bet. The intention behind this is to make it difficult for you to win if your chances are too low.

If you do succumb to making a deposit, you will lose the deposited items, and the scam may conclude. However, in some cases, the scammer may continue their social engineering tactics.

[Scam Alert] Fake Steam Login Page

Deposit scams

A scammer may initiate contact with you and share a compelling story about their supposed success in winning numerous skins on a gambling site. However, they claim to encounter difficulties when attempting to withdraw these skins. At this point, they seek your assistance and promise a generous reward in return.

Source: Steam

To withdraw, you are instructed to make an initial deposit onto the gambling site. If you comply with this request, you will lose the skins deposited, and you will have fallen victim to the scam. There are no skins awaiting withdrawal, no genuine need for assistance, and certainly no reward awaiting you at the end of this deception.

Gift scams

In this scheme, a scammer will attempt to deceive you by proposing a trade involving your valuable items in exchange for gifts. They may even offer to initiate the trade by going first. Typically, they will ask you to add their “alternate account” through which they claim to send you the gifts. This should immediately raise concerns and caution.

Source: Steam Community

Wallet scams

This particular scam is highly prevalent and unfortunately, it is the method of choice for many scammers. The simplicity of this scheme lies in the fact that all the scammer needs to do is send a trade offer to their victim.

In most cases, the trade offer will come with a message stating that you will receive a certain amount of money in exchange for your item. However, it is crucial to remember that it is absolutely impossible to send money directly through Steam. The platform does not facilitate direct monetary transactions between users. The only legitimate way to acquire funds is by purchasing items from the Steam Market.

Scammers exploit the misconception and eagerness of unsuspecting individuals by falsely promising monetary compensation for their items. They hope to deceive users into trading their valuable items for empty promises of cash. Once the trade is completed, victims are left empty-handed, realizing that they have fallen victim to a scam.

Source: Steam Community

To protect yourself, it is essential to be aware of this fraudulent tactic and always exercise caution when engaging in trades. Remember that legitimate transactions involving money on Steam can only occur through authorized channels, such as the Steam Market. Be wary of any offers that promise direct monetary exchanges outside of the platform, as they are almost certainly attempts to defraud you.

Since you have participated in this fraudulent activity, all the gifted games will be revoked, and there is a risk that your account may be suspended. It is important to note that redeeming illicit gifts is explicitly mentioned as a potential reason for account suspension.

Read here.

Is a scam different from a hijack?

A scam occurs when a scammer deceives you into willingly participating in a trade, market transaction, or gifting. Still, the promised items must be received or match the agreed-upon terms.

Source: Reddit user

Hijacking refers to the unauthorized takeover of an account or computer by someone else, often through malware or viruses. The hijacker may trick you into providing their login details by presenting a counterfeit Steam platform or a fraudulent third-party trading site. Hijackers typically aim to steal accounts to acquire items or games and may also engage in fraudulent activities. 

Hijackers frequently use stolen accounts to carry out additional hijackings. In such cases, we secure the account until the rightful owner reports the hijacking.

Remember these at any cost

• Do NOT disclose your login information, which includes your username and authentication codes.
• A Steam moderator or Valve employee will NOT initiate a friend request to discuss matters regarding your account or possessions.
• Always sign in to Steam via the store or community page before logging into any third-party sites. If a third-party site prompts you to enter your login credentials after signing in via the store/community page, it is likely a phishing site.

Security measures you must take

• Activate Steam Guard’s two-factor authentication
• Confirm your contact email address with Steam
• Choose a robust password
• Utilize antivirus software on your computer
• Regularly update your antivirus software, web browsers, etc.
• Clear of logging into Steam on unsecured devices
• Remember to log out of your account when using public computers
• Choosing a reliable VPN to intercept your data.

Walked so far…

We hope the guide has covered all your queries regarding Steam scams that might put you at risk. Scammers are interested in Steam because sometimes, it could make a lot of money for them. The tactics are evolving with time. You are the ultimate target, so beware!

We are sure that you will have learned by the end of this guide different techniques scammers are using that an ordinary man like us would never have imagined. What to do? We have to go with the flow. Read guidelines, exercise prudence, and stay safe!

Frequently Asked Questions