Never enter your information into a Steam chat session, for any reason. Valve will never use the Friends network to contact you about your account, nor will they ask for your password. Ignore every request for information of this kind you receive.
Please see here for information from the Steam FAQ.
Phishing is attempting to gain access to a person's information through deceptive or misleading methods. There have been a lot of recent attempts to hijack accounts from Steam users recently. These attacks usually come in the form of a user (who you usually do not know), contacting you through Steam. They will then proceed to say they work for valve or something similar. They may even claim there is a problem with your account, or perhaps to offer you free items after "confirming you own the account". The same methods are often used in false emails.
Bear in mind that anyone may add you to their friends list, and that hijackers will use deliberately misleading names to request information.
They will usually ask you for information such as:
- Your Username.
- Your Steam Password.
- Your Credit Card/Paypal information, or information about recent transactions.
- Any other personal information.
It is important that you do NOT give them any such information. They will hijack your account, and you will lose all of your games possibly without the chance to get them back. If your account is hijacked, you also run the risk of your reputation being destroyed as they will often use hijacked accounts for hacking. Even more serious is the case where you give them any kind of financial information, as they can steal your money, or even worse- your identity.
Other common ways they may steal your account information are through programs or mods for steam that have been tampered with to harvest the information they want. People selling or giving hacks often have ulterior motives and may steal your account- do not use hacks!
You must also ensure that any links you sign into with your steam account information are DEFINITELY on the steam site (steampowered.com). If you are in any doubt as to the legitimacy of an email seemingly sent by Valve, do not visit any links on the page and log into your steam account in a new browser, after going directly to steampowered.com. This will prevent them taking your login information through you accidentally logging into a Steam clone.
Ways you can avoid having your information or account stolen:
- Never give anyone else your account information for any reason.
- Be wary of any new people added to your friends list.
- Know that Valve will never contact you through Steam friends nor ask you for your password or other confidential information.
- Use strong and unique passwords.
- Be wary of any steam programs you install as they may be malicious.
- Scan your computer for malicious programs regularly.
- Try to avoid logging in on insecure or public computers.
What to do if your account is hijacked, or someone attempts to hijack it:
If your account has been compromised, please see the Retrieving a Lost or Stolen Steam Account topic (on the steam forums) for instructions to retrieve your account.
There is also some advice on what do from fellow forum users here
If another user requests your account information, please see the Contacting VALVe Billing and Support topic for instructions to submit an incident report.
If you are unsure about requests you have received, check the Steam hijack thread.