A bot is an automated account that has very little human input, if any at all.

Bots come in many different flavors, however, the ones that I want to cover today are spam/phishing bots which are, by far, the most common type of bot you will encounter on Steam, whether you play Counter-Strike or Team Fortress, whether you have any items in games or not.

Spam/phishing bots have two main goals - steal your account and/or your items.

Phishing bots' tactics have evolved over the years, however the most common & prevalent way bots have been appearing is through Steam comments.

Bots will just post a very generic "+rep" comment on your profile that looks indistinguishable from the average "+rep" fad that other Steam users do.


This one is a more recent example - bots will actively comment "inviting" you to play games with them, as if they are looking to play with cringy one-liners.


Sometimes bots will just type out generic messages such as this.


Some bots will post random ASCII art or overly-positive "+rep" messages with an excessive use of emojis.


Bots will always add you to their friends list after posting these types of comments, no matter what.

- Typically their Steam profile level is at or around 10-12
- Usually in-game, most commonly Counter-Strike 2
- If they are in-game in any Valve multiplayer game, such as TF2, CS2 or Dota 2, hover over their profile. If it doesn't show Steam's rich presence feature, such as "Deathmatch - Dust II", or "Casual - Pier", etc. - they are idling for hours, not actually playing the game. An example of real & fake in-game status is found below.
- Important thing to note about the above point - Steam's rich presence feature cannot be turned off. If the rich presence is not showing anything, they are not in-game.
- Only thing on their profile is ASCII art or a generic stolen "Welcome" image from another person's profile
- "Faceit lvl 8", "Play Fair - Have Fun" or similar boilerplate template text on their profile
- Usually posing as a woman
- Some bots will sometimes have a custom URL such as "JamesAnderson12352123" - usually a generic name, followed by a random string of numbers.
- All achievements unlocked in most/every game they "play", such as TF2


I'm sure you get the idea by now.

As mentioned in the section above about other ways you can spot a bot, one of the most common ways you can determine whether someone is a bot is by simply analyzing their rich presence status on Steam.

Rich presence example:
















As you can see in this image, this is a real user playing Counter-Strike 2, as it shows that this user is in the Competitive game mode, playing on the map Office, as well as seeing their current round count.

Bot "in-game":















As you can see - no information on this user at all, other than that they're "in-game" supposedly. Not even in the menus or anything. Usually, if they were sitting idle in the menu, Steam's rich presence would report back the same, such as "Main menu".

If it's empty - it's a bot idling for hours.

Now that you know how to generally spot spam/phishing bots on Steam, what should you do?

Always block these bots. It does not matter if the comment is on your profile or someone else's, always block these bots if you spot them.

The reason being is that blocking prevents bots from trying to spread to your profile.

When a bot finds a profile, it usually goes through a person's friends list & proceeds to spam the same comment to either all, or a portion of that user's friends list until their rate limit for the day kicks in.

If you want to prevent this from happening to your friends - make your friends list either friends only or private. This way, anyone not on your friends list cannot see your friends.

Even if it seems harmless, even if you are "curious" to see what the bot will tell you, do not add them to your friends list. Much for the same reason as step 2.

Unless you are an item trader on Steam, you don't need your inventory to be public. Change your inventory privacy settings to friends only/private as that's the main way bots choose their targets in the first place.

You are especially a big target for spam/phishing bots if you have any expensive items, such as a knife in Counter-Strike 2 or Unusuals in Team Fortress 2. It doesn't matter if you've never traded a day in your life, if your inventory is public - bots will want to spam you as much as possible to get your items.

Much like step 1, even if the comment is not on your profile, always report these bots when you see them. This will help ensure that they get banned & dealt with swiftly.



















Once you've done every step possible, the last one is that if you receive a bot comment on your own profile, delete it.

For one - it's not real engagement as it wasn't a human that posted the comment to begin with.
And for the second reason - it prevents anyone else visiting your profile from becoming a potential target and/or victim of said phishing bots.

I hope this guide helped you learn something new about the ever-growing botting epidemic on Steam & how you can shield yourself from it.

And always remember - the best line of defense you have against getting phished is yourself. A lot of bots can easily be spotted by just having general common sense!

If you ever have to ask "is this real?", it probably isn't.
If you ever have to ask "is this a scam?", it probably is.
If your gut is ever telling you that something's a bad idea, chances are that it is a bad idea.

That's all! Stay safe out there, friends!