Steam is one of the most popular game distribution platforms in the world. To use it safely you should - just like in case of, for example, Facebook - remember about some golden rules that will protect you from losing your sensitive data, along with other dire consequences.
Cyberthieves have started to appreciate Steam much more since virtual items appeared in the game; these are additional weapons and accessories that can be either bought or found during gameplay. Such items can be really valuable.
A typical game item is worth a few dollars. There are, however, rarities worth 30, 100 or even more. Cyberthieves want to steal such items from users to later sell them on on e-bay auctions.
A popular attack method on Steam is phishing. The culprit receives a message from another user via Steam's communication platform. Such an e-mail contains a hyperlink that redirects to a website seemingly similar to Steam's real logging panel.
Users provide such websites with their logins, passwords, and Steam Guard codes. Data is later obtained by the cyberthieves who log into their culprits accounts and gain access to valuable items. These are transferred to other Steam accounts and later sold on auctioning services.
To protect yourself from such dangerous situations you should be very cautious when it comes to the hyperlinks sent to you in Steam messages, as well as these published by other users (also these on Steam forums and other websites).
You should never provide any website - apart from Steam website - with your login, password and Steam Guard code. You should always verify the URL of a website and click on the locker icon in the address bar to verify if the service is real.
Using a password manager is a good idea. The program automatically fills logging data on known websites, but if the URL address differs from the accurate one your data will not be loaded by the application. This ought to be more than enough to send you a warning signal.
When you buy items you should make sure they have not been stolen from anyone. You can use SteamRep - a service that checks Steam users' reputations and flags all the unappropriate, suspicious behaviours. You can browse the users by their ID or PayPal e-mails.
If you become a culprit of cyberthieves you should change the passwords to other websites and online applciations (of course, if you used the same password on Steam and other services). Then you should contact the technical support immediately.
You should also warn your friends that they may lose access to their account or have some items stolen - cyberthieves may use your account to send infected messages to your friends.