Since victims of scam have been rapidly rising again, I´ve decided to make simple and direct guide about it and try to explain the basics of these kind of attacks and prevent some of you from getting scammed.
Please take in mind that this is only an informational guide and the attacks aren´t the same 100% of the time, so if you´re still a victim of such attack, don´t blame me because I didn´t tell you it could occur that way too.

To start I need to tell you what is Social engineering and how this fits my guide. Social engineering attack is a form of a scam that manipulates people into sharing sensitive information that allows the attacker to steal certain assets, in our case, the skins.
This means that if anyone has fallen for this kind of attack he/she was manipulated into doing something that hid the truth from him/her.
If you see someone getting scammed, please do not attack them with insults such as: „You´re <something> that you´ve fallen for this joke of a scam“ etc etc… We are all humans and make mistakes and this guide here, hopefully, will prevent some of these mistakes.

!!! This guide is solely about social engineering attacks, eventho it´s the majority of steam attacks, there are other ways you could lose your skins, such as brute force etc.. !!!

How do we protect ourselves from these kind of attacks?

Important part of defense from social engineering attacks is to keep up with trends of this method, know the techniques, be careful, always check twice or thrice, be patient, DO NOT PANIC and don´t click things people send you.

And now that you know the basics, let´s move onto the scam techniques themselves.

The attacker makes you believe the skin he´s offering is valued way higher, for example says it´s a rare pattern or made the pattern up to make it more believable or uses sticker price as of the item and not applied value. By this you can end up trading your skins in the value of 100€ for a skin valued 30-50€.

Attacker sends you offer with fake items for example (Skin with CS2 graphics from a different game, emoticon (e.g.Crown(img1)) and stuff like this). You accept the trade in the hopes of big profit, but end up with a fake item/emoticon and your skins are gone.
Image 1 - Example of fake item offer, where the sticker Crown is replaced by it´s Steam emoticon

In recent months there´s a new way to show items you do not own on your profile(img2). This can lead to attacker convince you he owns the item and base a trade on that. This would mean danger in two ways: a)Making more believable impersonation and gaining more trust b) Cash/Crypto trade, where you are going first with the money and you´ll never receive the item in question.
Image 2 - Example of fake item showcase

Attacker uses the identity of a known trader and uses your trust to the identity to his advantage and steals from you. This attack is mostly when you are trading actual money, crypto etc.. Usually the person sending skins goes first and the money from the trader that goes second will never arrive because they were never sent. Always check levels of accoutns & their creation date.

To defend yourself from these types of attacks, you need to be cautious, always double-check if the item actually is the item that the trader led you to believe, if the account is the real account you are dealing with(by checking level & creation date via Years of service badge(img3)) and if you are not sure about certain price/trade or anything, contact a trusted trader on the platform twitter/x or using their discord servers, where you can be sure, the person is actually the person.
Image 3 - Where to confirm user´s level & Years of service

Attacker is trying to get you to login on a non-secured website, which uses fake steam login that is catching your credentials. At first glance it seems that you are logging into Steam. However, this is a fake website designed to provide the attacker´s with all your info. With that information he can login into your account. Then he has full control of your account and is capable trading skins else where eventho your account has active Steam Guard (THIS IS BECAUSE OF API KEY WHICH IS SOMETHING YOU SHOULDN´T SHARE TO ANYONE TO MAKE YOUR ACCOUNT 100% SAFE*). The most dangerous example of this attack is when the website is similar to the real one for example „steamcomunity“, „steacmommunity“, „steamcomnnunity“, „steamconmunity“, „steamcommunity io com“ etc…(img4)

Other examples of this attack are:
• User redirecting you to a random site
  
• Tournament invitation from a random person
  
• Gambling related conversations „Come look I just won xxx$ on a roullete“ (Site won´t let you look unless you „log in“)

Image 4 - Example of fake steamcommunity website url in a scam attempt

When you are searching for some website on google or other search engine, you can see multiple ADs/sponsored websites, these can be very dangerous, as they can look like actual site, but the ad redirects you onto other website/url, that looks exactly the same as the one you thought you clicked(img5). Once again this is an example of phishing website and you should leave. Keep in mind that whenever you search for something, DO NOT use any advertised links.
Image 5 - Example of Google Ads, with suspicious advertising or url


*API Key: A hash that gives access for services to freely use your account with code & scripts.
You can find your key here: https://steamproxy.net/dev/apikey
If in the link above you see any kind of string, that you didn´t assign, your account has been compromised. If that would be true IMMEDIATELY change your password, deathorize all devices and revoke said API key(Imgs 6, 7, 8). Most of Steam users will never require API key, if you are using trading website that require them, be 100% sure these sites can be trusted.
Image 6 - Location where to change your password and deauthorization of devices at https://steamproxy.net/steamstore/account/

Image 7 - Location where to deauthorize your devices

Image 8 - Revoking Steam API Key at https://steamproxy.net/dev/apikey

To defend yourself from this kind of attacks you need to be cautious, double-check where you are, who you are talking with, don´t be trustworthy with random people you´ve never heard of, do not click any links and urls (Including site that you know, if you know that site, go to the site by the web browser as you probably have it saved in cookies and you can be certain you are there correctly) IN NO EXCEPTION CLICK ANY SHORTENED URLS.

As I´ve mentioned before because repetitio est mater studiorum, important part of preventing yourself from being a victim of social engineering attack is to keep your information and knowledge up-to-date with current trends and techniques.
Also always remember to be patient, double or even triple check your stuff, do not panic and most importantly DO NOT click random things people send you, especially if it´s some shortened url or very suspiciously looking one. And last but not least do not interact with suspicious profiles in your comment sections and similar stuff.

And this would be all from me, I´m planning on doing more in-depth guide in the future if I see that it is worth the time and people actually learn. Thank you for reading and for your time, hopefully this guide gave you something and it will help you protect yourself from scammers.

Be kind, help others if they need it and let´s lock-in as a community against the garbage people that are stealing from our skin colleagues.

I´d be happy if you´d share this guide, to increase it´s reach so more people can be aware and protect their skins.

You can also visit my socials or show your support here -> Pillar - 2FD2[pillar.io]