Phishing attacks targeting CS2 skin traders exploit trust in familiar platforms through fake websites and malicious trade offers. Scammers steal inventories worth millions annually by mimicking legitimate sites like Tradeit.gg or SkinSwap [web:482][web:483].

Common Phishing Tactics

• Fake Login Pages: Domains like “tradelT.gg” (capital I instead of i) capture Steam credentials when users enter details [web:483].
• Malicious Trade Bots: Scammers send offers from fake bot accounts requesting inventory access or overpay trades that reverse after acceptance.
• Discord/Telegram Lures: Fake support messages direct users to phishing sites promising free skins or account recovery.
• Extension Hijacks: Malicious browser extensions steal session cookies, enabling unauthorized trades [web:485].

Protection Strategies

• Always verify URLs manually—never click links from chats or emails; use bookmarks for trusted sites [web:483].
• Enable Steam Guard Mobile Authenticator and Guard against fake offers by checking bot profiles and trade histories.
• Use platform-specific extensions like Trade Protected or CSFloat verifier for safe trades [web:482].
• Limit inventory visibility and enable trade holds; report suspicious offers immediately.

Phishing thrives on haste—slow verification and platform protections safeguard valuable CS2 inventories against evolving scam tactics.