Beware of the Web API Keys scam! Stay calm and use Skins.Cash
Skins and other virtual items have a significant value in the real world. This is definitely very good for gamers, who get a chance to monetize their playing time and efforts. This is also good for developers, who get a larger amount of tools for attracting new players and get additional revenue from their products. Still, there is a dark side – scammers dream of stealing such precious virtual items.
The phenomenon of scamming in the skins trading industry is not new. We already wrote about some sites that pretend to be Skins.Cash and try to steal your skins. Recently, evil scammers came up with a new tricky scheme, aimed at using the Web API Keys of Steam accounts.
We care about our users, so have prepared this anti-scam article, which can help you stay safe on the Internet and trade digital in-game items securely.
How does the Web API Keys scam work?
Before showing you how to protect your digital treasures, let’s make it clear how the new fraud scheme works. The Web API Keys scam is based on phishing sites that are almost identical to the real trading platforms and selling services. Scammers pay Google to list such sites in the advertisement section, so they can deceive users and steal their personal data and first of all – their Steam login and password.
This opens access to the Web API Key and the possibility to control transactions for this particular account. Then, the phishing system cancels all the trading operations through Steam, in an instant replacing them with new, seemingly identical ones. The user sees an error during the transaction, refreshes the offer, and gets something that looks like the same trade. They confirm it and… give their virtual items for nothing in return.
The Web API Keys scam is a cunning invention that can’t be stopped other than by the care and attentiveness of gamers.
5 steps to prevent the Web API Keys scam
It’s always smart to consider your in-game items and Steam account as having the same value as your money and bank account. Take them seriously and act responsibly with them. Take care, and scammers will not fool you with their phishing schemes.
- Always check links you visit on the Internet. Phishing sites are visually identical to the original, honest services. Even their URLs are usually almost identical – there might be an extra character or a tricky misspelling.
- Be careful with your Google search. You might look for Skins.Cash and then click the first item in the search result – but that was a scammer’s advert, which listed in the first part of the advertisement section, above the real Skins.Cash.
- Distinguish your trusted services and make your own bookmarks for them. In fact, there is no need to surf the Internet in search of a service for selling skins – Skins.Cash is already here. So many gamers have tried it and given positive feedback on the high speed and security of trades here. Just make a bookmark in your browser and use it whenever you want to sell CS:GO or H1Z1 skins or Dota 2 or Team Fortress 2 items.
- It’s a good idea to log in to Steam on Steam itself. Even if you need to log in to third-party services through your Steam account, it is better to open the Steam webpage in a new tab (through your bookmark or after checking the actual web-address https://store.steampowered.com), authorize there, and then return to the service you want to use. Such caution prevents potential trapping into fake pop-up windows for “Steam” authorization.
- If you have been caught by scammers’ schemes, revoke your Steam Web API Key. Visit this official Steam page to do so and to generate a new Web API key.
In addition to this, don’t ignore using Steam Guard on your smartphone. This will not save you from the Web API Keys scam because victims themselves confirm phishing offers through their phones. Still, Steam Guard is an excellent way to protect your account and digital items from many other types of scam.
Safety is the number one priority – in both real and virtual worlds.