Guide

Protect yourself against Phishing Scams!

Unfortunately there are a lot of phishing websites online that try to steal your login credentials and hack your Steam account. In this article, we'll cover how to spot these sites and how to prevent getting scammed.

Phishing Prevention

Protect yourself against Phishing Scams!

TL;DR: The only legit domain is SKINPORT.COM!

What is a "Phishing Website"?

Phishing Websites are designed to steal login credentials and illegally get access to your accounts. They achieve this by mimicking real websites like Skinport and Steam for example and their ultimate goal is to get access to your Steam account. This article will show you exactly how this scam works and what you need to look out for in order to not get scammed yourself.

But how do they do it?

First of all they lure you onto their fake site. This can happen via private messages on Steam, usually through accounts that are already hacked or via Google Ads.

Fake Google Ads
Screenshot of a Fake Google Ad

Notice that the Google Ad displayed in the graphic above does have some weird special characters in their title. That is the first thing you need to look out for in order to protect yourself from getting scammed.

Fake Skinport
Screenshot of a Phishing Site mimicking Skinport

If you visit these sites, the website will be indistinguishable from the original site. They usually steal the HTML and CSS from the original sites to mimick the look as best as they can. Also these sites often use altered URLs that look similar to the original URL like skinport.com.xyz for example.

Fake Steam Login
Screenshot of the Fake Steam Popup on a Phishing Site

If you wait for a few seconds, a "Steam" Popup will appear. Of course this Popup is also fake and it is designed to steal your username and password.

Fake Steam Form
Screenshot of a Fake Steam Login Form on a Phishing Site

If you enter your login credentials, the phishing site will automatically check if they are valid on the real Steam servers and if they are, another popup will appear, where they want you to enter your Steam Guard Code. So even if you have Steam Guard activated there is a way to circumvent that, but only if you are falling for this scam.

After that, your Trade offers will be monitored, the legit ones will be canceled automatically and a new one with a cloned bot will be sent. If you accept this, your items are gone.

So what can I do about this?

Here are the most important steps to prevent these sites from succeeding:

  • ALWAYS check the spelling of links that you are about to click on

  • If you find yourself on a site that has an URL that is NOT SKINPORT.COM (or a country specific domain like skinport.ltd), LEAVE this site immediately

  • If you spot fake Google Ads, please report them

  • If one of your Steam friends sends you a message that seems odd to you and includes a link DO NOT click on this link under any circumstances

  • Warn others if a common friends account might be hacked so they don't fall for it as well

If you are worried, that a scammer could have access to your account, please do the following steps:

  1. Scan your PC for viruses, malware, keyloggers, etc. and uninstall suspicious browser extensions before doing the below steps

  2. Change the password of the email address which is associated with your Steam account, especially if you used one password for both. Also check https://haveibeenpwned.com/ to see if your email and its password were ever leaked

  3. Under 'Account Security', change the password of your Steam account (Choose a new and strong password, and make sure it's not the same one as your email)

  4. Click the last point: 'Deauthorize all other devices' (If you see suspicious log-ins from devices unfamiliar to you, your account was probably compromised). After this step, you will have to log-in Steam again from the devices you use

  5. Click 'Revoke my API Key' (If you see an API Key after clicking this link, and you never generated an API key yourself, then your account was already compromised. If the field was empty, you don't need to do this step)

  6. Under the last point 'Third-Party Sites', click 'Create New URL' (if you used third-party websites where you saved your trade URL and/or if you trade with others, you will now need to update the website and your trade partners with the new URL trade link, which you created)

  7. This last step is optional, but could be helpful in some cases: read more about Steam's 'Family View' option. It offers some additional tools such as a PIN code, which could help you secure your account even more efficiently against unauthorized access, if you set it up correctly.

If you are careful about the links you click on and double check the site that you are about to enter your login credentials, these types of phishing sites don't stand a chance. Share your knowledge with your friends and report scam sites, so we can make the World Wide Web a safer environment for everyone together! And if you are not sure about anything being safe or have any questions, please feel free to contact our Support.

Here's another article, that helps you protect yourself against scams: How to Never Get Scammed in CS2