You must click on "Revoke My Steam Web API key". Scammers might have gotten your API key and they can use this to track your trade offers.
Reset your Steam trading URL here https://steamcommunity.com/my/tradeoffers/privacy#trade_offer_access_url and click on "Create New URL". If the scammer had access to your account (with password or extension), they will have your trading URL and that allows them to send you trade offers. When you're sure that nobody else has access to your account by completing steps 1, 2 and 3, you must finally reset your trading URL.
How to prevent from getting scammed
Do not install any unpopular CSGO or Steam related browser extensions
When you log into Steam/CSGO related websites, make sure you are on a real Steam login page by checking that the website you are on is steamcommunity.com. If the URL bar is hidden, then the website is a scam. These websites login pages will look like real Steam login pages, but you are actually giving your account details to the website and they can log in on your account when you do that even if you have Steam guard enabled
Always open the trade offers from the website that is sending you it. If you get an error opening it, it's possible your account is compromised and the trade offer was replaced by the scammers
If can't use the link to the offer on the website for whatever reason, always make sure that there isn't a previous trade offer that was declined just before you received the new active trade offer