Sell CS2 skins Buy CS2 skins FAQ How it works Guarantees Blog Giveaway

usd

USD

RUB

UAH

KZT

EUR

Russian

English Russian
Main Blog Steam API Scam

Steam API Scam

11 January 2020, 00:32

Today we want to tell our customers about a scam called Steam API Scam. It started to be used back in spring 2018, but some users still fall for this trick, that's what this article is for.

Article Navigation

What is Steam API Scam?

Scammers

steal the API key from your account and use it to manage incoming and outgoing exchanges. They replace the original exchange, with a fake exchange that sends things already to their bot. The scammers' script copies the bot's name and avatar, and even the exchange message.

How can

they

steal my API key?

It's all the fault of fake authorization windows, they ask you to enter your login, password and Guard code, this is enough for the script to create an API key and use it in the future. The window is almost no different from the original, BUT there are still differences:

1). The window is made as an html element on the site and you cannot move it outside the browser. (Not always)

2). The authorization link is fake. Should be https://steamcommunity.com/openid/login?openid.ns=

3). You are asked to log in even if you are already authorized in your browser.

4). You can't change the language of this window

How are they stealing my items?

1). Our site sends you the exchange and you confirm it.

2). As soon as you confirmed the exchange in your browser, while you're busy logging into your mobile authenticator to re-confirm it - their script has already replaced the original exchange with the fake one and confirmed it itself.

3). When you go into the mobile authenticator and see the confirmation to send items - it's already a fraudulent exchange. Most of the time people don't notice it and give away their stuff themselves.

We can't control

that

your API key is not stolen, but we have tried to warn you as much as possible.

As soon as the original exchange is rejected and our system receives this information, a sign will appear on our website with detailed information and you will hear an audible notification.

Steam API Scam

Unfortunately, this will not help users who make the transaction from a cell phone, as at this point their browser will be minimized.

What should I do if I have already given my API key to scammers?

1. Change your Steam account password

2. Remove the API key https://steamcommunity.com/dev/apikey

3. Check that the key is not re-created and your exchanges are not replaced with fake ones.

1
153
Комментарии (0)
Никто не оставлял комментариев. Оставьте первым!
Написать комментарий
Оставить
Share article
Last articles
Popular Cases in 2025
Popular Cases in 2025
Most Popular Skins in December
Most Popular Skins in December
All Donk's Settings in CS2
All Donk's Settings in CS2
All NiKo's Settings in CS2
All NiKo's Settings in CS2
All m0NESY's Settings in CS2
All m0NESY's Settings in CS2
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image
Flake image