Watch out, Steam hijackers active.

[Jan]

Aaaand another one just tried the exact same trick on me with the exact same messages.

[DarkN00b]

Annnnnnnnnnnnnnnnd someone tried it on me too. Same site, but it seems the accounts he use is not his that means he may use his created ones or hijacked.

-His name was TerryBest.
-He asked me to add some guy.
-He said he wants to trade for dota 2 items
-His grammar sucked like mine.
- His steam profile (http://steamcommunity.com/profiles/76561198091942715/)

[digitaltomato]

A site I'll recommend is http://steamrep.com/, it's one of, if not the oldest scammer/reputation database for games like tf2, dota etc.

You use either someones steam profile linkhttp://steamcommunity.com/id/Digitaltomato/)

or someones Steam ID :
(STEAM_0:0------)

It will give you information such as their Steam ID, current steam name, their games and hours, friends list including their friends that have been banned for scamming, and of course include any bans or warnings that they have received from any of the large trading communities or game servers that are partnered with SteamRep.

If you want to report a scammer that isn't listed, gather sufficient evidence he attempted to scam you, use this link and follow the instructions.

Another thing I'll recommend is for phishing links, and that is the "Block Misspelled Websites" extension for Google Chrome. I'm not sure if it's available for other browsers but if you use Chrome then get it here.

Also one last thing to prevent phishing links that grab your password automatically instead of tricking you into signing in is to edit your external protocol whitelist (Google Chrome) so that every action Google Chrome goes to take out on Steam is authorized by you every time instead of it happening automatically. External protocols are used by the fearless server banners on the top of the page to connect you to the servers, but scammers can and will repurpose them for more sinister doings such as stealing your account. Again if using Google chrome, follow this guide below

Spoiler :

You need to edit the Local State file, which is located in...
~/Library/Application Support/Google/Chrome (Mac)
~/.config/google-chrome/ (Linux)
C:\Users\[USERNAME]\AppData\Local\Google\Chrome\Local State (Windows 7/Vista)

Look for the part of the file that looks like this:

"protocol_handler": {
"excluded_schemes": {
"afp": true,
"data": true,
"disk": true,
"disks": true,
"file": true,
"hcp": true,
"itms": false,
"javascript": true,
"macappstore": false,
"mailto": false,
"ms-help": true,
"news": false,
"nntp": true,
"shell": true,
"snews": false,
"spotify": false,
"vbscript": true,
"view-source": true,
"vnd": {
"ms": {
"radio": true
}
}
}
},

And delete the line corresponding to the URI scheme you want to delete (if you delete the last line in the list, make sure to delete the comma on the previous element). Or change it from "false" to "true". If we are editing Steam, there should be a line that looks like "steam": true,