Despite all of Steam's attempts to fight fraud, it still thrives in our time. And flourishes with great power. When you receive an item, you cannot be sure of its history. Based on the Steam rules stolen items are not returned. Which means that if an item is stolen from someone it will no longer return to the owner and will "walk" on various trading platforms.
Since account locks are not removed and information on them is not provided your account may be at risk:

Thus, someone could steal a thing and put it up for sale on some resource for subsequent sale for profit and you bought this item. It would seem that it's terrible? The problem is that although you did not steal anything but as a result, the stolen item ended up in your inventory. And since based on the same Steam rules that the security of your account is your responsibility and does not particularly understand situations of this kind, it is your account that will be blocked:

Since account locks aren't removed and information on them is not provided your account may be at risk:

The probability of get this plate for an empty exchange is rare but still it is. If you buy a game item for example for real money it is advisable to always throw any inexpensive thing (card / emoticon / background / box) into the exchange window. Otherwise the scammer may complain to technical support that he was deceived and you may get a trade ban.
According to the rules of Steam: Carrying out any fraud with game items outside of Steam is prohibited.

The essence of the method is the scammer needs to get your API key. Then he will get access to your account.


This is a specific domain that gives access to your Steam account. Knowing this key will allow the fraudster to get all the information about your account and manage trades without access to the account itself.

Having gained access to the API key the attacker gets all the information about the trade.He can copy this exchange, including the name, avatars, the sequence of items in the trade. After you have confirmed the exchange and looked in the "Steam Guard", the scammer cancels the real trade and throws a fake trade. It happens in a split second.

The most popular way to create an API key on your account is to offer to participate in a tournament. The scammer writes to you that he has a team to participate in the tournament, but lacks a 5th player and promises expensive prizes after participation. If the victim agrees to this proposal, then the attacker throws off the site with this tournament. After authorization on that site, you get an API key. After which the scammer asks you to transfer your items somewhere (to your friend or to your second account)


-The user sends the exchange with his items somewhere.

-The case includes a fraudster who has access to the user's API key receives information about the trade - verification code, account name, list of things

-The scammer cancels the trade that you sent and disguises his profile as the one where you transfer items and sends the user a trade with the same list of items. When viewing the history of nicknames it will simply stop loading.

-The user accepts the trade while losing the game item without noticing the substitution.


First check if you have an API key on your account.
It can be found here

If everything is the same as in the screenshot above then everything is fine. If there is a key there but you never created it then the account is most likely hacked.
⠀

If you didn't create an API key and don't know why you need it go
here and delete it immediately by clicking the Revoke My Steam Web API Key button

Go here and click "Sign out on all other devices"

Then change the password in "Steam" and make sure that the API key doesn't appear again.

One popular inattentive scam is pretending to be a friend.

The essence of this method is as follows:

• The person you often play with writes to you (for example, with a dot at the end of the nickname or with the substitution of one of the letters)
  
• A “friend” starts asking you for items under various pretexts (Just to play / brag to other friends or deceive another person)
  
• You give away your items because you trust him
  
• "Friend" thanks you and leaves
  
• You are at a loss. In the list of friends you begin to look for a real friend and ask about "where are my items."
  
• The friend himself does not understand what is happening and proves that it was not him.

There are also cases when a scammer may not be added but start a chat through one of the general groups.

There are many third-party browser extensions available today.

Although the "Chrome Web Store" and "Steam" are actively fighting extensions that are aimed at harming the user and his computer, removing links to them and adding them to the black list malicious software in the form of browser extensions is actively used by scammers.

Malicious extensions have a lot of branches with different directions.

Malicious extensions interact with JavaScript commands. The simplest of them are aimed at cleaning the victim's inventory initiating an unauthorized transfer of items to the attacker.

As an example I will cite the situation of another similar expansion but with a different focus.

The buyer (scammer) wants to buy an expensive game item from the user for money.
During the conversation the scammer will try to get the user to install the extension reinforcing the words with the fact that it is available in the official Chrome store and installing such an addon in the browser is a very useful thing.

Closer to the completion of the transaction the attacker offers to transfer money for the item first. The happy user updates his online wallet and sees the promised amount of money on his balance.

In addition to this, there are many other extensions. It can be extensions for various sites with the help of which a scammer gains access to your things.
One of the common extensions is that an attacker can ask you to install it to get information about your things with supposedly "good intentions" (to find out the float of an item from a CS:GO game, the value of an item from some game, etc.). All this, of course, is an attempt to deceive you on items.
To check all this information, you can use special bots that will provide you with all the necessary information (Status, value of items, as well as their division into categories).

1. https://steamproxy.net/id/fpcheck
2. https://steamproxy.net/id/fpcheck2
3. https://steamproxy.net/id/fpcheck3