Oprindeligt skrevet af Mantis:

There used to be wolframalpha and many other sites on web where you can but url into box and it gave you information about websites. Like you got how much traffic site got, location and date created. But nowadays you mostly get n/a results on these similar sites. It used to be real easy to see what websites try to stel your login info and stuff. I have been targeted alot by scammers and if valve or anyone else is interested i can give alot of leads to scammers like their steam profiles and websites.

The problem is guaranteeing the tools themselves aren't scams ...

If you can't guarantee it is clean it probably isn't worth using.

Install the extension ScamAdviser in a desktop browser. For Steam it has a 100% score.

A skin scam site i checked had a score of 1% and ScamAdviser throws up a warning box.

If you're talking about sites which might abuse your Steam account then there's a much easier solution: pay closer attention to what you're doing.

Since such sites rely on the Steam API (or.. .pretend that they do) you obviously don't need to log on (aka: provide a username / password) whenever you're already authenticated with Steam. So... if a website wants you to provide your username password... just open a 2nd browser tab, hop on over to Steam and check if you're still logged on. If you are... then you're obviously dealing with a scam / phishing site.

Yeah, I get you. It used to be way easier – just drop a URL somewhere and you'd see where it came from, how old it was, all that. Now most tools just show n/a or everything's hidden behind privacy shields.

Still, I sometimes use urlscan.io to see what the link actually does behind the scenes, and who.is can still show basic domain info like creation date and name server changes.

A lot of scam stuff now comes through fake Steam profiles with "♥♥♥♥♥♥♥♥♥♥" or "sponsor" links – same old tricks.

Hope that helps, not trying to argue or anything, just sharing what still kinda works.

Oprindeligt skrevet af miakisfan:

The problem is guaranteeing the tools themselves aren't scams ...

If you can't guarantee it is clean it probably isn't worth using.

This!

I honestly think nothing beats common sense, if you have even the slightest doubt, don't use it. Better to be safe than sorry

Oprindeligt skrevet af Mantis:

But nowadays you mostly get n/a results on these similar sites. It used to be real easy to see what websites try to stel your login info and stuff.

• If they want you to install some software, it's a scam
  
• If you're logged into the Steam website, then use what they claim is "log in through Steam" but it doesn't detect your current login, it's a scam
  
• If they want an "API key", credentials, or really *any* information about your Steam account, it's a scam
  
• If it promises free money, hot chicks etc., it's a scam
  
• ???

Generally speaking, since phishing sites are interested in your login data, what you can also do is enter entirely made up stuff. Something like "Banana" and "Bread" as password.
Typically you will still be forwarded as it will be treated like a successful phished "login". This can be a strong red flag but it's not guaranteed as phishing kits become more sophisticated and may check data of the targeted service in real-time.
For Steam just stay away from anything that wants you to log in with name and password and check the community to see what users say.
And if you suspect somebody to scam others just report them. Let Valve deal with it as they can check their behaviour.

Oprindeligt skrevet af Mantis:

There used to be wolframalpha and many other sites on web where you can but url into box and it gave you information about websites. Like you got how much traffic site got, location and date created. But nowadays you mostly get n/a results on these similar sites. It used to be real easy to see what websites try to stel your login info and stuff. I have been targeted alot by scammers and if valve or anyone else is interested i can give alot of leads to scammers like their steam profiles and websites.

I find the best way on this is to just ask on this forum if you have doubts about a site. The gamers know.

VirusTotal will scan a website with multiple antivirus engines to determine if it contains known malicious javascript code:
https://www.virustotal.com/

Cisco Talos security research group can provide a reputation score:
https://www.talosintelligence.com/reputation_center/

Trendmicro will provide a simple safe or not:
https://global.sitesafety.trendmicro.com/result.php

urlvoid provides several details regarding a reputation:
https://www.urlvoid.com/

apivoid also provides several details including blacklist lookups:
https://www.apivoid.com/tools/url-reputation-check/

BrightCloud/opentext provides a simple reputation score:
https://www.brightcloud.com/tools/url-ip-lookup.php

Google Safe Browsing Transparency Report used to provide information but has been gutted down to a status:
https://transparencyreport.google.com/safe-browsing/search?hl=en

Newer scams may slip past *ALL* of these. It is easier to declare something as known bad than to declare something 100% safe.

Oprindeligt skrevet af Mantis:

Any tools to help identify scam websites?

Ahem... *clears throat*


https://youtu.be/9mdQdYtEybg?t=214

Oprindeligt skrevet af ~Ren~:

Oprindeligt skrevet af miakisfan:

The problem is guaranteeing the tools themselves aren't scams ...

If you can't guarantee it is clean it probably isn't worth using.

This!

I honestly think nothing beats common sense, if you have even the slightest doubt, don't use it. Better to be safe than sorry

Treat everything as scam. There is no reason why any other website would need you to actively enter your Steam login. Whenever someone is asking in this forum about anything "is this a scam?" I can answer yes, without even checking the content of the post. Yes it is. It always is.