So you’re on Steam and you notice that one of your friends has just sent you a message, you read the message and it says that you can get a free skin with a link to a website.
Because you trust your friends, you trust the links they send you, and you don’t understand that their account has been compromised.
So you decide to click on the link.
You then will probably get a webpage that looks a little bit like this, this is just one example the websites will vary between scammers.
Next you see a big sign in through steam button, so you decide to click it.
And you get a popup window that looks like this:
You read the URL address bar it says https://steamcommunity.
com and you can see the Valve Corp [US] padlock, and you think this all looks legit, that URL is real, it has the padlock this site is safe to use.
So it must be legit right? No you don’t know if it’s legit or not, simply reading the URL bar and padlock is by no means proof that this website is the real steamcommunity.
Don’t be fooled!
Here is how to check if it is real or not, press the F12 key on your keyboard to open the chrome developer console
Next type Into the console
href then press enter.
Now read the URL that the document.
href function returns.
That there is the real URL, that’s the real domain name of the website your currently on.
In this example above does “dropspin.
gq” look like https://steamcommunity.
com? no it doesn’t, so is this site legit, is it the real steam login page? No it is not.
Can you trust it? No you can’t, do not login.
Here is what a real steamcommunity.
com login page will return.
Final note: For any other programmers or web developers out there, who want to understand how a scam site works, have a look at my Github page here[github.
So you can understand how these sites work yourself, and educate yourself and others so they don't get fooled by them.