BTW, here's the official notice on phishing links.

https://steamhost.cn/steamcommunity_com/groups/tf2outpost/discussions/0/864971658468769910/

Pretty much this, but different wording but minus the suggestion to post an announcement and plus the solution to if you accidentally do get hijacked.

Okay, so as of late (the past month or two) outpost has been infected with a 'virus' or an 'infection' of phishers.

I want to address this problem, why it's nigh impossible to eliminate, and what I suggest the administrators of outpost do to cope with it.

Firstly: What's a phisher/"phishing"?

A phishing site is a website set up to imitate another website, in this common case steamcommunity, and acts solely as a fake that emails one's own password and username, when entered, to the website's respective owner.

Now: Why it is almost impossible to get rid of?

The heart and mind are both turbulent places. We don't learn from our mistakes until we've individually made them. Being a victim of a phisher does not only mean your account is hijacked, it also means you become a phisher yourself; your account is infected with the virus as well, and begins to spread phishing links too (through means of scripting, of course). Think of it somewhat like how a zombie apocalypse would work. (weird analogy, I know, but it's true.)

Finally: What do I think should be done to combat this?

Well, this infection has been thoroughly spread throughout TF2Outpost. Almost everyone who's fallen for this has already fallen for it, and we're kind of starting to understand the whole concept of this phishing thing. Regardless, I think that outpost should make a global, public announcement (as much as it does so for streaming events and such) to enlighten the community's users about this. Here's my recommendation for what the message should look similar to.

"Recently, it has come to our concern that phishing in TF2Outpost is becoming an increasingly severe threat. If you aren't already informed, please take the time to read this announcement, as it will help to safeguard you against having your account hi-jacked.

There are a variety of "techniques" used to attempt to hi-jack accounts, however, they all have something in common: a link. Ostensibly, the link will be "steamhost.cn/steamcommunity_com."
However, the phishing links you see only resemble that, often having a single letter replaced to imitate steamcommunity.

Although clicking these links is not directly harmful, submitting your username and password to them certainly is. Not only will your account be procured by a phisher, but it will effectively become a source of posting phishing links itself. This is, needless to say, a bannable offence.

In order to help protect yourself from steamcommunity imitations, it is suggested that you do not click any links resembling steamcommunity, and if you decide to, be sure to carefully inspect the literature of the link to make sure it is the true steamcommunity you are familiar with."

Feel free to use that if you want, or alter it to your liking, but I would really appreciate if something like this was announced.

Thanks. - Tyc

Originally posted by Champelliot:

It is your fault for trading with a marked scammer, and for not checking his SR, but as a general rule, you are given a caution the first time. (As in a don't do it again caution, not an SR caution.)

I understand. Thank you, especially for the warning. I'll be sure to check steamrep for scammers before I trade anyone in my best interest.

Okay, so I just bought an unusual from a guy who added me. Afterwards, I checked the unusual's history and found out that he was marked on steamrep as a scammer. I'm just finding out about this now.

Am I going to be in any kind of trouble for trading with the guy? Is it my fault for not checking his steamrep before I traded with him?

I'm kind of worried... Any advice would be appreciated. Thanks.