ㅤ
ㅤ
ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤYour API Key can be found here
ㅤ
ㅤ
Steam's API Key allows external services to control your trade offers. While using well-known marketplaces such as Buff163, CSFloat and similar ones that operate on a peer-to-peer system, you might be required to provide your API Key and it is generally safe to do so.

Nevertheless, always be attentive to the actions on your account and especially trade offers,
if your offers are canceled and empty offers appear instead, this is the result of an API scammer attack.
ㅤ
ㅤ

ㅤ
ㅤ
The API scam is a popular and tricky method used to steal items on Steam. Here's how it works:
ㅤ
ㅤ
Step 1: Scammers send phishing links and entice you to log in through fake steam using different methods of social engineering.

Some common Steam phishing methods: get a free item, send full details of your skin, compete in a fake tournament, help to withdraw items for a reward, incorrect phishy ‘steamcommunity’ link.
ㅤ
ㅤ

ㅤ
ㅤ
Step 2: When they receive your login details and session, their script creates an API Key and no longer takes any actions on the account so that you don’t suspect anything.

In most cases, scammers are not interested in your account, especially if it's protected with Steam Mobile Authenticator. They are interested in stealing your valuable skins, over which only you have control through the Steam Mobile Authenticator.
ㅤ
ㅤ

ㅤ
ㅤ
Step 3: When you are trading with someone, the script tracks this and instantly rejects the real trade you sent (by using current login session) and sends the fake trade (through the API Key)
from the scammer’s account with the same profile nickname and avatar as the person you are trading with.

The spoofed trade will instantly appear instead of the real one in the Steam Mobile Authenticator and just one click on «Confirm Trade», which people often do quickly and unconsciously, leads to the skins being sent to the scammer.
ㅤ
ㅤ

ㅤ
ㅤ
ㅤ ㅤ ㅤ ㅤㅤ ㅤ ㅤ To prevent falling to the API Scam, follow these safety measures:
ㅤ
ㅤ
❗️Principle 1: Avoid clicking on suspicious links, and most importantly, do not login into suspicious sites. If someone added you for no reason, in 99% of cases it is a scammer. Always keep in mind that free cheese is only in a mousetrap.
ㅤ
ㅤ

ㅤ
ㅤ
❗️Principle 2: When logging into any 3rd party website, sign in to https://gtm.steamproxy.vip/ first, never enter your login information when entering through the 3rd party site. Remember,
once you are logged in Steam, you will not be asked to enter your login credentials again.
ㅤ
ㅤ

ㅤ
ㅤ
❗️Principle 3: Take precautions when trading:
ㅤ
Ensure that the badge and the level match in the trade dialogue and in the user’s profile. If you
trade with your Steam friend, then also pay attention to the friend icon next to the avatar.
ㅤ
ㅤ
ㅤ
Add a cheap item to a one-way trade with the user, this will make it easier to verify the trade in
the Steam Mobile Authenticator.
ㅤ

ㅤ
ㅤ
❗️Before confirming trades via the mobile app, check for similar cancelled trade offer on the ‘Sent
Trade Offers’ page https://gtm.steamproxy.vip/id/me/tradeoffers/sent/
ㅤ
ㅤ

ㅤ
ㅤ
❗️Pay attention to SCAM WARNING in Steam mobile confirmations, especially if you are not a trader who constantly trades his items.
ㅤ
ㅤ

ㅤ
ㅤ
❗️When using 3rd party sites, open trades within the site and not through Steam Trade Offers.
ㅤ
ㅤ

ㅤ
ㅤ
❗️Verify that no suspect API Key is assigned to your account. If you find an API Key you didn't assign, immediately secure your account, steps how to do it below.
ㅤ
ㅤ

ㅤ
ㅤ
ㅤ ㅤ ㅤ If you suspect your account has been compromised, take these steps to resecure it:
ㅤ
ㅤ
❗️Step 1: Change your password by visiting https://store.steampowered.com/account/
ㅤ
ㅤ

ㅤ
ㅤ
❗️Step 2: Deauthorize all devices https://store.steampowered.com/twofactor/manage
ㅤ
ㅤ

ㅤ
ㅤ
❗️Step 3: To remove the API Key visit https://gtm.steamproxy.vip/dev/apikey and select «Revoke My Steam Web API Key».
ㅤ
ㅤ

ㅤ
ㅤ
❗️Step 4: Set a PIN using Steam's Family View feature, this will limit a scammer if he'll manage to obtain the login information.

ㅤ

ㅤ
ㅤ
❗️Remember, Two-Factor Authentication of your Steam Account and your Email is fundamental protection, without it your inventory is at risk and you should not make any trades.
ㅤ
ㅤ
Be careful online in general. Be interested in the topic of online security and always look for new scam methods and how to counter it.
ㅤ
ㅤ

ㅤ
ㅤ
ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ ㅤ What to do?
ㅤ
ㅤ
According to Steam's Policy, your items will not be returned to you. Your skins are your responsibility.

You can send a report and include all details of what happened. Perhaps your report will be decisive in blocking the scammer’s account.

In the end, all you have to do is draw conclusions from this and prevent it from happening again.
ㅤ
ㅤ