promo
  1. DMarket Blog
  2. Guides
  3. Anti-Scam in Trading Game Items: Check List
Post thumbnail

Anti-Scam in Trading Game Items: Check List

Where there is a potentially profitable business, there may be nasty people trying to deceive someone. Scammers are pretty dangerous in the industry of game items trading. They get more active with exciting happenings in the community, like releases of new games, big updates, or additions of fresh skins.

CS2 has significantly boosted activity of Counter-Strike players — in the game itself and in trading items. Sadly, scammers follow their usual patterns and also intensify their evil schemes.

We at DMarket strive to keep our platform safe from this dark side of trading. Our marketplace offers many layers of protection, and we are proud of creating such an environment. But the world of trading is vast, and scammers are greedy.

We’ve prepared a short list of basic anti-scam rules. They are simple but effective.

Please, follow these rules, and you will always get skins into your inventory and money into your wallet.

Install Apps from Official Stores Only

dmarket apps

Whatever application you install, do it from the official store: Google Play for Android and App Store for iOS. Getting an unchecked application is generally unsafe, as you don’t know what processes they activate on your device and what data can be sent to the developers (and scammers).

Reasons for avoiding the official stores may be different, but the risk is never worth it. For instance, it may seem simpler. You click a link on a website to get their app, but instead of redirecting you to a Google Play or App Store page, they give you a file for installing it. Never do this! The stores check the authenticity of apps in their catalogs and their general safety. There is quite a big risk of getting a scammer app instead of the original one if you install something directly from a file.

The same can be said about various alternative services, such as app storage. You never know for sure what you install from them. Some experience is needed to benefit from using such services.

Official stores guarantee getting proper, authentic apps of game trading platforms.

Ads

Be very careful with links you click in the Google Search results. Some scammers fully copy reliable websites (including DMarket) and make their URLs very similar to the original. Then, they pay for getting into the Sponsored section in hope of attracting inattentive people. You click a link in your search engine and get redirected to a false platform. You add your credentials in there (logins and passwords), they go directly to scammers, and you lose skins and money on your real account.

A similar scamming pattern can happen through clicking advertisement banners on various websites.

It is better to save the website(s) you use regularly in your bookmarks to avoid such misleads. And if you use links from ads, check the advertisement name.

You will not have this issue if you’ve installed the official app of the service(s) you use regularly (from the official stores; see our first rule).

Always Use a Secure Connection (https)

secure connection https

It’s a general rule of modern internet security. Quite often, your browser will inform you in one way or another if the service/site you want to visit is not using https. Be attentive and don’t ignore such warnings.

Hypertext transfer protocol secure (or https) takes care of the secure data transfer between your browser and a website. There might be nothing wrong with a site on http (an older, less secure version of the protocol). But it’s easier for some scammers to jump in-between the data transfer process and get access to the confidential info you’ve entered. If you use services/sites on https only, your data will be encrypted and therefore safe.

A simple example of a fraudulent scheme is an offer of a skin giveaway on a random social account. You click the link and jump to an unsecure site (with http). You enter your Steam credentials, and the scammers get access to your inventory.

Check if the connection is secure everywhere, and especially on the websites where you enter your data.

Set 2FA for the Most Important Services

2fa

It may feel a bit annoying to confirm your actions, but it’s a really important step to assure safety of your items and funds.

Two-factor authentication (2FA) means that it is not enough to enter your login and password to access a trading platform. You also need to confirm the security of such an activity by entering a temporary code, which could be sent to your email or phone number.

It is quite important to set 2FA for your email client too. If scammers get access to it, the two-factor authentications on trading services will not work at all. Steam also offers this level of security, and you should use it.

It’s not too annoying to enter the codes, as the systems often “remember” the device(s) you use and ask for extra confirmation only if you change your device or clear cookies. It’s certainly better to take an extra step than lose your items.

Use 3DS for Every Payment

3ds

3-D Secure is a security protocol for bank transactions. In practice, it means that you have to confirm every online payment with your credit or debit card by entering a numerical code. The code should be sent to your phone number, already registered with the bank.

This is a default layer of security, so you don’t need to do anything to enable it. Therefore, don’t change anything in your security settings. Take the bank transactions really seriously.

Some services may want to avoid 3DS, and you will usually be warned about this. Avoid such a risk, as you never know what can happen next.

And remember — banks never ask you to tell them a 3DS numeral code. Never share the codes with anyone. And be alert if you get one without making any bank transaction. If this happens, it’s best to call your bank and make sure everything is under control.

Make Your Passwords Reliable

reliable password

Requirements about the length of your password and the use of upper letters or special symbols have been created by so many services for a reason. Long and complicated passwords are difficult to hack. To create them, you can use special password generating services.

It is also quite important to use different passwords for different services. No one is 100% secure from data leaks. Make sure that potential scammers will not get access to every service you use with a single password in their hands. Create a unique password for your email, and don’t use it anywhere else.

You may want to have a few levels of security for your passwords beyond that — from, say, online banking to your Netflix account. Low-level passwords may be simple to use on various random, not-too-important websites. It’s just convenient, but if someone gets them, you are still safe with your money and skins.

Make high-level passwords really complicated. Use password managers to remember them. Never save them directly in the browser. Add all your gaming and skins trading accounts to the high-level group.

Check the Senders of Emails You Receive

check emails

Be attentive to every email you get, and specifically the senders. Don’t trust any links in there unless you make sure they are from a reliable source. Do you remember the second item in this list? It’s not an uncommon thing to copy a website and make a similar URL address. Avoid misclicking from the very beginning. Who exactly has sent you this or that email? You could use the service Verifalia to check suspicious email addresses.

One thing to add here is that your common sense may be enough to detect a scam. If you get an email about adding funds to a random account (on a platform you never use) with a link to claim this money — don’t fool yourself; just delete that email. Use common sense to evaluate every offer you get through email.

Don’t forget about checking the sender even if everything seems to be trustworthy. Often, carefully reading their email address may reveal a trick. For example, companies almost never use ***@gmail.com or other common providers to contact their users; but scammers do.

Be Attentive Confirming Trades in the Steam App

steam warning

Whenever you trade skins, you need to confirm the transaction in the Steam Mobile application (this step is part of the 2FA point). Not only should you carefully read the details of every single trade, but you should also pay attention to Steam warnings. The system informs you if a trade partner has recently changed their username and if a trade with the same item(s) was canceled just before that.

Some scammers play a tricky game. They get access to someone’s Steam API key — which is not too dramatic on its own. But it allows a scam bot to automatically cancel a trade offer for your account and create a copy. Changing the bot’s name is just a technical detail to make you careless.

Thank goodness Steam adds clear warnings about such actions. They are highlighted in yellow, and it’s really hard to miss them. Don’t ignore these messages! Never confirm trades with such warnings.

More details on this scheme is described in our article on the Steam API Key Scam — including ways to avoid it.

Regularly Check Whether Your Info Is in Data Leaks

have_i_been_pwned

Data leaks happen regularly. Reasons are different, and all the promises that this will never happen are rather empty. You cannot avoid them, but you can protect yourself. Using different passwords for different services is a good security measure; we mentioned it earlier. But it’s also important to know what data has potentially been leaked, so you can take steps and change the passwords as soon as possible.

Check data leaks with special services, such as Have I Been Pwned. There is no need to become paranoid. But occasional checks may save you from big trouble.

Protect Your Phone (Screen Lock)

reliable password

Let’s say it clearly — nothing from this list will be effective if a potential scammer can take your phone, unlock it by bare swiping, and thus get access to everything: email, trading apps, messages, etc.

It’s a matter of habit to use a PIN, fingerprints, or pattern to unlock your phone every time you use it. Yes, this might feel annoying. And yes, it’s an important security step. Imagine someone getting access to your phone, even for a short period only. It could be a disaster! Don’t let that happen. Losing a device is bad, but losing your data is even worse.

Very Attentively Check URLs of the Sites You Use

whois domain lookup

It doesn’t matter how you get to this website or that platform — checking the URL may save you from scams. Links in advertisements or emails, manual errors when typing an address in your browser, posts on social media, and some other methods may bring you to an exact copy of a reliable service. It’s not identical, though. And you will find the lie if you are attentive.

Even one letter in a URL matters. Look at these addresses — dnarket.com, dmarklet.com, or dnnraket.com. It’s impossible to prevent scammers from registering this stuff. But it’s possible to not be their easy victims.

If you have doubts, check a detailed domain info through a special service, such as Whois.

Surf the Internet with Reliable Privacy Browsers

privacy browsers

This may seem like an obvious thing to say, but if you want to be fully secure with your items trading activity, you should take care of every small aspect.

It is important to use reliable browsers that take steps to prevent tracking and data leaks. There is no reason to experiment with unknown browsers. They may offer extra security or even some bonuses, but they could in fact be mining your data.

Mozilla Firefox and Opera are the best browsers from smaller companies, not from huge corporations. Mozilla is well-known for investing in security development.

Google Chrome, Microsoft Edge, and Safari also offer a high level of security, protecting user data from 3rd-party interference. But you should be aware of the nature of the corporations that develop them.

They build an infrastructure of products and may use data internally, linking their apps to each other. This creates a slightly bigger risk of leaks. All these browsers have the option of private tabs, so they will not save your data on the device. This might be helpful on some occasions — for example, on public computers.

It’s not difficult to be attentive to your own actions on the internet. This simple rule comes way beyond just money transactions — it’s your general safety. That tip about using your common sense is quite effective too.

We hope this check list of anti-scam rules will help you trade game items in the safest way possible.


Trade on the go - install the mobile app of DMarket from Google Play or App Store. Never miss great prices and unique skins. The best CS2, Dota 2, Rust and TF2 marketplace is always at hand!

download DMarket app on the Appstore get DMarket app on Google Pay

For various helpful info around our industry, stay tuned to DMarket on Facebook and Twitter.

enhance your game
Refresh your skins inventory
Go to market