On occasion i'll accept random steam friend requests from obvious scam accounts, see what they say and do etc. Today I added one and got to digging. I've discovered a really clever scam, the website for the scam is Hidden Content: **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).** The guy seems to own several steam accounts that look just like this Hidden Content: **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).** If you search this steam accounts name it shows something like 38 of these accounts. They all look pretty much the same with the same account info etc. Thats dime a dozen, plenty of scams work like that. The interesting part is the background, I got the guy to click an ip grabber and I got two ips from what I later found to be 2 virtual machines or servers hes using. I also later got him to screenshot his desktop on both. https://i.imgur.com/71g9YdH.png, https://i.imgur.com/15Q91g7.png. The ip's I grabbed line up with the windows versions visible in the screen shots, same with the time zones of the screen shots. From running phone number on the URL lookup I did through google I found scam site after scam site linked to it. All of them Russian things like, jewellery financing, survey websites. All using the same web-server for emails, "reg.ru", from looking into reg.ru and other information it seems that its the domain registrar for Russia. Now from chatting with the guy it seemed like he was willing to give up information if a signed in and there was no way in hell I was going to since the sign in with my main account. So I generated an account and tired logging in. The button on the website links to this page Hidden Content: **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).** What looks to be a front end of his scam. From what i've gathered my theory is this; the fake sign in grabs your account name and password, it then asks for your steam guard code regardless of weather you have one since I tried logging in with a generated account. Now If you have it enabled it takes that code and quickly signs in and the guy either steals the account or trades out the items I dunno. All and all the scam is really convincing, i'd love to see what happens if you actually use an account with steam guard enabled. But i'm not risking my account and I don't have dummy account to sacrifice. Now for the odd stuff that didn't fit the main story in the screenshots it shows the tf2 logo over the HTTPS lock that chrome has no website I've seen does that. From close inspection the image doesn't look tampered with and the time works out to around when he sent it. The fact it clearly shows a what I assume to be legit trading site in the window but the different url, the fact he sent me another website thats identical with a different login window Hidden Content: **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).** the fact this site's domain is 5 days old. The list goes on, if this guy actually crafted this whole thing he seems like a decently smart guy. Another thing to note is he said this https://imgur.com/a/uTrXE3B. He could of been taking the piss but I dunno. I don't know how the forums work and if they are active but i'd love to see what you guy's take on this is, maybe some more knowledgeable people know how this all works. I'm just genuinely interested.