This can be prevented by not giving away your credentials.

a "hacker" would have to:

Guess your username.

Guess your password.

Guess a 30s short lived code for the 2FA.

All of them have lots of combination.

Accounts are phished. You need to figure out where you leaked your info. Nobody can do that for you.

You gave your account information away. Don't give your account information away....

Originally posted by Sunny:

How can this be prevented.

Originally posted by Sunny:

How can this be prevented.

By only sticking to the official Steam website operated by Valve and never deviating to other websites that imitate the login. All you need is an active session and no other website using the Steam login would ever ask you for your account or password. And if it does its pishing.

Originally posted by Sunny:

How can this be prevented.

in a phishing attack, the user is the vulnerability. not the computer. so an antivirus doesn't protect against it.

Just had the same issue, with the account from China named gaizalbhar. He must have used some software to phish for my account and I never learned of the loss of my items until some time ago, it all occurred while I was still asleep. I reported the account for the user hijacking mine and receiving trade items I didn't offer. When will steam be able to be able to return trading cards at the very least?

And the user gaizalbhar should get a trade ban, but will that return my items?

Originally posted by Tommy Gray x Land Raider:

Just had the same issue, with the account from China named gaizalbhar. He must have used some software to phish for my account and I never learned of the loss of my items until some time ago, it all occurred while I was still asleep. I reported the account for the user hijacking mine and receiving trade items I didn't offer. When will steam be able to be able to return trading cards at the very least?

And the user gaizalbhar should get a trade ban, but will that return my items?

No.

Originally posted by Tommy Gray x Land Raider:

Just had the same issue, with the account from China named gaizalbhar. He must have used some software to phish for my account and I never learned of the loss of my items until some time ago, it all occurred while I was still asleep. I reported the account for the user hijacking mine and receiving trade items I didn't offer. When will steam be able to be able to return trading cards at the very least?

And the user gaizalbhar should get a trade ban, but will that return my items?

Not how it works, there is no software that phish's for your account. If you were hijacked the most likely reason is you entered your password on a phishing site, skin trading site, etc and they used that. It didn't have to be recent either, as some of the scammers sit on accounts for months before acting making it harder to trade where they compromised their account

Originally posted by Brian9824:

Originally posted by Tommy Gray x Land Raider:

Just had the same issue, with the account from China named gaizalbhar. He must have used some software to phish for my account and I never learned of the loss of my items until some time ago, it all occurred while I was still asleep. I reported the account for the user hijacking mine and receiving trade items I didn't offer. When will steam be able to be able to return trading cards at the very least?

And the user gaizalbhar should get a trade ban, but will that return my items?

Not how it works, there is no software that phish's for your account. If you were hijacked the most likely reason is you entered your password on a phishing site, skin trading site, etc and they used that. It didn't have to be recent either, as some of the scammers sit on accounts for months before acting making it harder to trade where they compromised their account

I don't recall ever doing that, I checked my recent login history and found the unauthorized login was from Troy, Ohio.

Originally posted by Tommy Gray x Land Raider:

Originally posted by Brian9824:

Not how it works, there is no software that phish's for your account. If you were hijacked the most likely reason is you entered your password on a phishing site, skin trading site, etc and they used that. It didn't have to be recent either, as some of the scammers sit on accounts for months before acting making it harder to trade where they compromised their account

I don't recall ever doing that, I checked my recent login history and found the unauthorized login was from Troy, Ohio.

Doesnt matter where the login was from. There are lots of variants like if you've ever used 3rd party sites, if your friends asked you to "vote" for their team, etc. The entire point is you don't know where you were phished

Originally posted by Brian9824:

Originally posted by Tommy Gray x Land Raider:

I don't recall ever doing that, I checked my recent login history and found the unauthorized login was from Troy, Ohio.

Doesnt matter where the login was from. There are lots of variants like if you've ever used 3rd party sites, if your friends asked you to "vote" for their team, etc. The entire point is you don't know where you were phished

I think there was this account that I accepted a friend request from. Midnight it was called.
https://gtm.steamproxy.vip/profiles/76561199831828140/
I've recovered the chat log that would be deleted in two weeks from when it occurred, on October 4th 2025. M is midnight's text and T is my text.
"
M: hello
T: hi
M: What's your CS rank?
T: I don't do CS.
M: Could you please help by giving a Boost Rep to my team?
T: What is that?
M: https://cstey.com/team/nxsaykra?from=89d32656
M: https://images.steamusercontent.com/ugc/16298160285710899233/3C935BF85BB0067C37EB15CF7AB35F464C4661D9/
M: Found it?
M: I'm waiting for you to do it
M: It won't take more than a minute
M: Thank you!
T: need to authenticate
M: Will you help my team?
T: I don't think I can. My account on this site is restricted due to VPN.
"
I wonder if I fell for a phishing scam because I don't do Counter Strike of any games in the series, and I'm not familiar with the site, and the site asked for my user id and password. And my inventory was stolen a week afterwards. I unfriended him afterwards but I recovered the link to their account. If so I could report that account if this is enough evidence.

Originally posted by Tommy Gray x Land Raider:

M: hello
T: hi
M: What's your CS rank?
T: I don't do CS.
M: Could you please help by giving a Boost Rep to my team?
T: What is that?
M: [redacted]
M: .

Please do not repost phishing links in your post. You're just helping them to hijack others.

Originally posted by Tommy Gray x Land Raider:

I wonder if I fell for a phishing scam because I don't do Counter Strike of any games in the series, and I'm not familiar with the site, and the site asked for my user id and password. And my inventory was stolen a week afterwards. I unfriended him afterwards but I recovered the link to their account. If so I could report that account if this is enough evidence.

The vote for my team link is a common hijack vector. You thought you were logging in to Steam but it was really the site you visited that collected your login info and hijacked your account.

Originally posted by Tommy Gray x Land Raider:

I wonder if I fell for a phishing scam because I don't do Counter Strike of any games in the series, and I'm not familiar with the site, and the site asked for my user id and password. And my inventory was stolen a week afterwards. I unfriended him afterwards but I recovered the link to their account. If so I could report that account if this is enough evidence.

Yep, that is a text book scam, they took the info you entered on that site, logged into steam, then waited a week and stole your items