The Most Common Steam Scams and How to Avoid Them
The industry of trading game items is generally pretty safe. The basic formula is to use reliable services and simply be attentive during each and every transaction. Steam scams mainly take advantage of people’s careless tendencies.
Knowing what may happen if you try to quickly press some buttons or send some info to unknown people will boost your trading security. But at the same time, the main point of this article is to show you guys that there is no better protection than being reasonable with your actions. It’s true for areas far beyond selling and buying skins.
Steam is kind of an engine for items trading within games such as Dota 2, CS2, and TF2. Scammers actively use features of this platform—for instance, to trick people into sending them items without paying. But how exactly do they do so?
Previously, we’ve described the essential rules of anti-scam in trading game items. This new article continues the trading security series on DMarket.
Let’s highlight a few quite common Steam scams and how to avoid them.
Phishing Website Scams
Scammers create fake copies of popular trading platforms and publish them online with almost identical URL addresses. Then, they lure players/traders to these phishing websites to make them login with their Steam credentials.
When this happens, the account and inventory becomes unavailable to the real owner. And even if the owner recovers their legitimate access, precious items are no longer there.
How do scammers attract people to their fake sites? Here are the primary methods:
- Direct messages with a fake link. They offer something good, like free items, an unbelievable discount, or a very good trade for your items. Or you could get a friend invitation in a DM (maybe even from a famous person) like “I want to be your friend but cannot do this on Steam; use this link”.
- Advertisements of fake platforms on the internet, including Google search results.
Such phishing websites will have a very similar design to reliable platforms. But their URLs will be different—with a letter replaced or an unnecessary symbol added.
HOW TO AVOID
Always attentively check URLs when you use links in ads and even search results. It might be better to add a platform you use regularly to your bookmarks instead of googling it each time. Don’t believe in too generous offers. It’s very unlikely that dev1ce will write to you with a friend invite and an offer to take his Dragon Lore. (“I need a free slot in my inventory, so I sent it to you, just login to your Steam account here”.)
Yes, sales and giveaways on trading platforms do exist. But the email about them doesn’t come from a website you never registered on. And even if everything does look legitimate, checking the URL after clicking such an offer is absolutely essential and will prevent troubles. For example, it’s always dmarket.com, not dnarket or dimarket.
Another important step to avoid this scam is to set up 2FA for your Steam account and accounts on other trading platforms. So if scammers do get access to your login and password, they will not be able to use them — and you know, it’s never a good idea to share your temporary codes. If you did not do anything and get a code to your email or phone, login to Steam as soon as possible and change your password.
Steam API Scam
This scheme is pretty similar to the previous one. Scammers may get access to your Steam credentials through a phishing website, but they can’t steal the items right away due to mandatory 2FA by Steam Guard. Therefore, they wait until you trade with your friends or on DMarket.
The biggest problem is that your Steam credentials may get compromised even on generally reliable platforms. You never know when this happens — even if our tips on how to secure your Steam API Key help to prevent such situations.
The process is scarily simple:
- You get a safe trade offer from DMarket bot or any other Steam user.
- A scamming bot with access to your Steam account quickly cancels the trade on your behalf; instantly after this the bot creates a new trade from another account with a similar nickname (to the account you originally intended to trade with).
- You don’t notice this manipulation and accept the latest trade offer [from scammer].
- Without any concerns you go to Steam Guard and confirm this trade.
- Say farewell to your items.
HOW TO AVOID
In general, keep your device and Steam credentials safe - do not follow links from odd advertisements or sent by strangers; visit only websites you trust; install anti-virus software on your device.
If you notice any signs of scambot activity during an ongoing trade - immediately change your Steam password and end all active sessions; DO NOT confirm the trade in Steam Guard (even if you accepted a trade from a scammer, the items are safe until you authorize this action via 2FA).
SSFN File Scam
This Steam scam is clumsy and clever at the same time. It uses your routine of Two-Factor Authentication (an essential step) so you may feel safe, like “I did not get security codes, so everything is fine”. But also, the scammers try to deceive you in one of the most obvious ways possible. They ask people to find a specific file on their system and send it to someone.
The file is called SSFN. It has been created to avoid repeating 2FA on the devices you use often. For example, you enter a one-time security code on your PC, and then login into Steam or another system without this step. It’s convenient and secure, there is no problem here.
But if scammers get access to your Steam login and password (see #1 in this list of Steam scams) and then trick you into sending them your SSFN file, the 2FA feature cannot protect you.
HOW TO AVOID
Never ever send SSFN files to anyone. They may pretend to be your online friend or the tech support of a platform you use. Nope, this never happens.
Always have your 2FA on. Never share security codes with anyone. Never send SSFN files (basically any files) to people on the internet.
Impersonation Scams
This is another scheme that uses a mix of tricks from previous scam methods. Someone pretends to be your friend, a celebrity, or a reliable person. They trick you into entering your Steam credentials on a fake platform or sending them directly to them. Also, requests of re-sending security codes are parts of the impersonation Steam scams.
A new and unusual part is that the scammers may pretend to be Valve employees. They message something like “We need your login/password to check you are not a scammer, otherwise we will block your account”.
You panic and give your security info to the actual scammers. “We’ve got a request from someone to block your account and we need a security code from your email/phone to make sure you are the real owner of this account”. Well… if someone asks for a security code from you, they are not honest people.
It is immensely rare that Valve employees write to users. And even if they do, it’s most unlikely they will ask for your login/password/SSFN file/security code. Real Valve employees have a special badge on their Steam pages—basically, it’s Valve Employee badge. Check it out if you have doubts.
But again, your security info is secret. Would you send your bank card number, PIN, and CVV2 code to a random person pretending to be a bank employee or Bill Gates? It’s not what you do with your real-world money. And it’s not something you should do with your Steam account and all the skins on it.
HOW TO AVOID
Don’t fall into a panic of “Oh, my account will be blocked”, as it’s what scammers want to achieve. If you have doubts, check out the account you got a message from. Write to Steam Support for clarification. Just stay calm.
Never(!) send your credentials to anyone. Change your password if you feel something fishy.
“I’m a person who played CS2 with you the day before yesterday. Give me your password so we form a team” — report and block. There is no reason for anyone to ask for this. Even if you know a person in real life, their account might be hacked. This is a basic security rule to never send any secret info to anyone.
Paypal/Bank Account Scams
This type of scam includes sending you fake invoices or initiating chargebacks.
The first thing a scammer does is approach you to ask for your email for some reason. You give it and then get an invoice for a skin. You pay this bill… and nothing happens; no items are sent to your account.
Also, such scammers may ask to seal the deal through bank transfer. “You will get money in your bank account and only then will you send me an item”. The transaction happens, but they initiate chargeback through their bank or PayPal. No one will return your item back, though.
HOW TO AVOID
The simplest way is to not trade outside of Steam or reliable platforms.
Scammers use this scheme for people who want to sell something for cash. Just use platforms like DMarket for this, as the system will prevent fake invoices and tricky chargeback requests. Check out how to get your money on our platform to avoid any PayPal or direct bank transactions; they are too dangerous.
Item Switch Scams
You agree on a skin exchange deal, check everything properly, but then, at the last moment, your trade partner replaces their item with something significantly cheaper. You press the exchange button and become a scam victim.
Nowadays, this scheme is almost impossible thanks to the confirmation step on the Steam app. It is absolutely necessary to check everything again, before taking the last irreversible step.
HOW TO AVOID
When you get a confirmation message, check the items in the trade super carefully. Pay attention not only to the skin name but also to seemingly secondary attributes, such as exterior (a Factory New may be rare and expensive but the same Well-Worn item is common and cheap).
Don’t confirm trades without this attentive last look.
Steam Wallet Scams
This Steam scam includes sending you fake info in a trade offer. Scammers kind of offer to send money to your Steam account. When you accept such a trade, you really send your item away. But you get nothing in return.
Items can only be exchanged through Steam trades — not sold for cash. So, whenever you see something like “*** offers you $99.99 for your [item]”, it’s not right; it’s an offer to ignore. Playing with item names may create such tricks or scammers may have other lies up in their sleeves.
HOW TO AVOID
Just remember that items can only be exchanged through direct Steam trades; no money offers are possible. Carefully read every offer you get before confirming it and pay attention to all warnings you see on Steam.
Steam Gift Card Scams
This Steam scam continues the schemes around direct trades with other accounts and attempts to get real cash from them. Maybe this very idea is broken, and it’s better to use reliable trading platforms for money trades?
Someone reaches out to you and offers to sell you a pretty good skin. The price may be lower than everywhere (“I need to make this trade quickly”, “I need money”, “I’m a beginner in trading, hope it’s a normal price”). And that person is so kind and caring that you think you don’t need to use external systems, like PayPal or bank transactions (Remember the chargeback scam?).
“Just send me a gift card instead”. You think it’s ok, as you don’t actually give cash to this person. And then you lose everything. The gift card has been sent, but the item has not been delivered.
Why would a scammer want a Steam card? They have ways to cash them out by selling on special platforms. Or they activate such cards, probably for another Steam account, buy skins/games, and sell them for cash.
HOW TO AVOID
The basic rule here is not to agree on trades with any external payments, gift cards included. If it’s a Steam trade, you should make sure it includes the item(s) you expect to get. If you need cash, use reliable third-party platforms that secure transactions (sure, for a reasonable fee) and allow users to cash out their funds.
DMarket is exactly such a marketplace, so stay on the safe side. For more info, check out our article on how to use DMarket.
Malware Scams
There are quite a lot of viruses and malware that steal your sensitive information, like logins and passwords. What scammers have to do is to trick you into installing such things on your device.
Sure, no one says they’ve sent you a virus. The schemes are varied, including variations of impersonation scams (“I am from Valve, we’ve got a request to block your account. To make sure you are not scammers, we need you to install this .exe file”).
Someone may offer to team up for an esports competition. It’s generally ok, as players are often active in forming teams for regular practice and better results. But if such a person asks you to install specific software (anti-cheat, special client, something unusual for communication) and sends a link—this is too suspicious. Don’t do it! Refuse and propose using the default in-game tools or popular voice chat clients, like Discord.
Malware links can be sent even within legitimate communication apps. The scheme is as follows: you are invited to join a server, you accept the invite, you see a notification (from the server) that your app should be updated, you click the link and install malware. Even if an app requires updates, it informs you of this right after launching, not after you’ve joined a new server. Be careful!
HOW TO AVOID
Don’t install anything from unknown people—even if an account claims to be your friend. A game directly from .exe? No! An app to get cash while you run it in the background? Just use your brain, and make logical chains from every miraculous offer you get on the internet.
Installing games and apps only from Steam and official stores will protect you from malware. Always keep your anti-virus on and don’t ignore its warnings.
Free Steam Code Apps or Generators
This Steam scam deserves a separate mention, even if it’s a subproduct of some previous ones. Someone offers you an app for generating free Steam codes (for wallet funds or games). To use it, you need to install that app or enter your login/password on this website.
Let’s summon the power of logic once again. Why do these people give you such a thing for free? How do such code generators even exist? Steam and game developers would not allow that. It’s just a scam!
HOW TO AVOID
It won’t be excessive to say this again: be reasonable in your actions and decisions! Don’t believe in getting free stuff.
Yes, some platforms have giveaways. But they do this to bring your attention to their business, using well-known and reliable giveaway systems, like getting points for retweeting and commenting. Something for free after installing a weird app? Free skins on an unknown platform for entering your Steam credentials? Just don’t!
To summarize everything from this article — scammers try to convince their victims to use transactions outside Steam and authoritative platforms, install weird software, get something for free, and send sensitive data.
You are a victim if you believe in free stuff for nothing (“I won a lottery I never participated in”), enter your login/password without checking URLs, trust every random account on Steam, and just don’t take your skins as seriously as funds in a bank account.
Keep game items trading safe! Become part of the industry on DMarket or simply follow the basic rules on Steam.
Trade on the go - install the mobile app of DMarket from Google Play or App Store. Never miss great prices and unique skins. The best CS2, Dota 2, Rust and TF2 marketplace is always at hand!
For many other helpful anti-scam tips, stay tuned to us on Facebook and Twitter.