Connect Help Contact
Connect
Help
Contact
English
Russian
Chinese
Partner Login

Protect account from Steam API scam

How the scam works

  • You make a trade on a trade website/or with friend/or in another place
  • The real bot from the website will send you a legitimate trade offer
  • The scammers can automatically detect this trade offer and will decline it on your account, because they are logged into it or they have your Steam API key
  • The scammer bot will change its username to the same username as the real bot and possibly even the avatar image
  • The scam bot will now send you a trade offer for the same skins that you were sending to the real bot and you won't notice a difference

What you must do if this happens to you

  • Remove any Steam/CSGO related browser extensions that aren't very well known (an unpopular extension can gather all the required information from your Steam account to execute this scam)
  • Change the password on your Steam account (someone might be logged into your account)
  • Deauthorize devices from using your Steam account here: http://store.steampowered.com/twofactor/manage. This will stop people from being able to auto login to your account on Steam without password.
  • Go on the Steam API key page https://steamcommunity.com/dev/apikey and if it looks like this:

    You must click on "Revoke My Steam Web API key". Scammers might have gotten your API key and they can use this to track your trade offers.
  • Reset your Steam trading URL here https://steamcommunity.com/my/tradeoffers/privacy#trade_offer_access_url and click on "Create New URL". If the scammer had access to your account (with password or extension), they will have your trading URL and that allows them to send you trade offers. When you're sure that nobody else has access to your account by completing steps 1, 2 and 3, you must finally reset your trading URL.

How to prevent from getting scammed

  • Do not install any unpopular CSGO or Steam related browser extensions
  • When you log into Steam/CSGO related websites, make sure you are on a real Steam login page by checking that the website you are on is steamcommunity.com. If the URL bar is hidden, then the website is a scam. These websites login pages will look like real Steam login pages, but you are actually giving your account details to the website and they can log in on your account when you do that even if you have Steam guard enabled
  • Always open the trade offers from the website that is sending you it. If you get an error opening it, it's possible your account is compromised and the trade offer was replaced by the scammers
  • If can't use the link to the offer on the website for whatever reason, always make sure that there isn't a previous trade offer that was declined just before you received the new active trade offer