RUSTSkins.com
Instant SellMarket
CartEmpty

What is Steam API Scam?

Scammers steal the API key from your account and use it to manage incoming and outgoing trades. They replace the original trade with a fake one that sends skins to their bot. The scammers' script copies the bot's name and avatar, and even the trade message.

How can they steal my API key?

Fake authorization windows are to blame: they ask you to enter your login, password and Steam Guard code, which is enough for the script to create an API key and use it in the future. The window is practically no different from the original one, but there are still some differences:

1. The window is an HTML element on the site, and you cannot move it outside the browser. (Not always).

2. The authorization link is fake. The correct one should be "https://steamcommunity.com/openid/login?openid.ns="

3. You are asked to log in even if you are already logged in to your browser.

4. You cannot change the language of this window.

How do they steal my items?

1. We send you the trade, and you confirm it.

2. Once you've accepted the trade in your browser, While you're busy logging into your mobile authenticator to confirm it, their script has already replaced the original trade with the fake one and accepted it itself.

3. When you go into the mobile authenticator and see the confirmation to send items - it will already be a scammer's trade. More often than not, people don't notice the change and unknowingly give away their items.

How do I make sure the trade is from the site's bot?

We can't control that your API key isn't stolen, but we've tried to give you as many warnings as possible.

Once the original trade is rejected and our system detects it, a popup will appear on our website with details.

Unfortunately, this won't help users who make a transaction from a cell phone, as their browser will be minimized at that point.

It must be said that RUSTSkins.com is not responsible for items lost due to scams. Your safety is solely in your best interest. Be careful!

What should I do if I have already given my API key to scammers?

1. Change the password of your Steam account

2. Remove the API key

3. Check that the key is not re-created and that your trades are not being replaced with fake ones.

4. Change your Steam trade URL

5. Read the article on how not to be scammed

RUSTSkins.com