Since the introduction of CSGO skins in the year 2013, many industries have started to be more focused on earning their revenues through in-game virtual items. These items are being traded among players in exchange for IRL (In real life) money, and the industries are acting as a platform to help them perform the trade. This is what led scammers right into the community of CSGO and gave rise to the API scam.
What is an API?
Before we get into the prevention of API, let us know a little about it. API, also known as Application Programming Interface is a synapse that is used for interaction between customers or employees within a multi-national software company. It acts as the backbone of an organization that interconnects them with others, which is also one of the main reasons why it can be easily found in today’s era.
When a person opens up an application on their device, it starts to connect to the internet by sending data to the server it belongs to. The very same server then retrieves this data, translates it and then processes it back to the person's device where the interpretation of data happens again within the application and as a result, the information is finally presented to the person. This whole process of connecting, sending, interpreting and retrieving data is known as API.
API in Steam
Every single Steam account has an option to generate an API address through registering. While generating an address, you should make sure that the domain name is completely blank, because if it’s not, then you’re sure to be compromised. If someone has your API key, then they can intercept trade offers by accepting or declining them. Basically, on any site where you have to log-in to purchase or sell your items, you are first directed to a screen as shown in the picture.
. If you’re sure that you are already logged into the steam website and you’re being asked to log in again, then you know that it is a scam website. To avoid such scams, you should keep your steam account logged-in in advance before proceeding to any website.
Precautions While Generating an API Key
It is always advised to double-check offers before performing any trades, especially when you’re confirming on your phone. This applies to offers where you’re not getting anything in return for the item that you’re offering. If you have any doubts about your API key being affected, even though you haven’t generated one recently, then you should first change all your passwords and keep different ones for every account that you use, and then go to the following link to click the option “Deauthorize all devices”. Along with that, simply disable your API key and generate a new one when needed. Generating a new key now and then can be very useful to avoid being attacked. It’s similar to a thief who is close to cracking a combination, and the very next minute it resets. Also, a good recommendation is to keep your password tricky and in the combination of various symbols, alpha-numeric characters.
Stream URLs & Phishing Websites
Regularly changing your stream trade URL is also a smart choice, as it not only prevents others from tracking you but also terminated your online sessions across every device that you’re logged into. This also prevents bots from accessing the account while you’re away, as you never know when, where and how you can be attacked online. With that said, always check reviews and ask around other players for platforms where you can buy or sell CSGO skins. There are tons of websites and fake Google ads that look clean but are harmful, and not only for CSGO but also your device that has tons of personal information. There are a lot of fake trade bots so make sure you use GameZod's list for the best CSGO trading sites.
Important Things to Remember
Do not click links or download files that are sent to you by another person. That includes, even if you’re 100% sure that the person is someone you know. You never know when someone can get hacked and personated by someone else. There is a good way to make sure that the link is legitimate, which is by copying the last section of it and pasting it right behind the original website. That way you know that the website is secured and if the link is fake, it will simply throw an error.
One of the last and obvious things to remember is to be aware of the fake Twitch and YouTube streams claiming to be giving away thousands of dollars. So, just use your head and do not trust them or their links. Another thing is to avoid buying Steam accounts because it’s very easy for people who sell their steam accounts, to recover it back. Many people have been affected by buying Steam accounts, holding it for a year or more while collecting several skins and then having the old owner recover it back. It is also against the Steam TOS and can lead to the account being banned because you’re not the real owner. So, it is highly recommended not to buy Steam accounts, instead create and build your own.
Steam will never help you if you’ve been scammed, because as they’ve mentioned that it’s every man for himself. The least you could do is send a report to the technical team about the issue and wait to see how they respond to it. Other than that, just be careful and play it smart!