How to recognize hijacking sites.

Please DO NOT post the hijacking links here!
If you want to report the people giving phishing links, those go to the report section, please include a screenshot of the hijacking link in the chat box, and remove/edit the link in chat log so it doesn't work.

People hijack other steam users by abusing their trust.
Several ways they try to hijack people:
- Phishing links to let people think they log in into Steam to use the site.
- Other links (over steam PM) where some malware is installed thru the site to use direct control or keyloggers or other things.
- Disguised Links on forums or sites.

The first is the easy one:
The real Steam login can easily be identified by the green bar in top, and the starting of the URL with
"https://..."

Firefox:


Internet Explorer:


Chrome (thnx to RyanQ):


(This may look a bit different on other browsers)
Only then its the actual site, and not a fake.
The fake ones wont be "secured" with valve logo and markings.

The second type:
This is mostly about keeping a close look at the site link that is generally used a lot.

For example, some of the links are towards a fake "imageshack.us" site.
The REAL one uses: img(numbers).imageshack.us/picturename.extension
The key part is the .imageshack.us

Please notice the "dot" before "imageshack.us", the known fake one has a dash there "-". Clicking on the link results in a box asking you to update java and a program starts to run. DO NOT allow that. Rather go to Java.com yourself. the dot there means you are really on the "imageshack.us" site, the
"-" indicates it is a DIFFERENT site.
Further info:
http://en.wikipedia.org/wiki/Uniform_resource_locator
http://en.wikipedia.org/wiki/Hostname

The third one:
This involves disguised links on fora. What are disguised links? Well, http://www.reddit.com that is one. it shows a link to "reddit" but it links to "steamrep". You will only notice if you hover over the link and check the destination. In Firefox and Internet Explorer you get to see the destination of a link in the lower left corner of the browser. Try it with the above "disguised" link.
Basically this is because the link name can be anything. One can say "Click here". Any text can be put up instead of "here". How it looks in code? On a forum like here it will be:

Code:

http://my.totally.awesome.site.url/

In general:
Check links you get from other people, update programs by going to their website, not via some website that isn't affiliated with that. If its a Java update, go to http://www.java.com if it is a flash update, go to http://www.adobe.com/ .

No, there isn't a "javascript" update, for that comes with your browser, if that updates, your browser needs a update (a new version of your browser, not a plugin)

I think what you meant to say was REAL steam login can be identified by the HTTPS and green bar. Otherwise, I just totally got keylogged logging into this site!

Thank you very much, I've repaired that.

Gonna share that with some people/groups.

Easy to do but some aren't even aware onf those tricks.

*New: added disguised links information.

Useful tips, thanks and good job.

This information does not stop targeted attacks. re SSL STRIP and everything it runs on.