You've done all you need to do pretty much. Report your friend's account as that's likely compromised.

More info here https://steamhelp.yuanyoumao.com/en/faqs/view/7958-1D76-CA26-7BB4

引用自 J4MESOX4D：

You've done all you need to do pretty much. Report your friend's account as that's likely compromised.

More info here https://steamhelp.yuanyoumao.com/en/faqs/view/7958-1D76-CA26-7BB4

That is a relief. I just noticed I got blocked by my friend (or rather the scanner who took over his account)

引用自 Meowvolver Ocelot：

One of my Steam friends, someone I've played with multiple times and talked to. Just asked me if I could vote for his friend in some ESL tournament. I didn't think much of it so I said yes, again I've known this guy for a long time. I clicked the link phone, voted for the team he asked me to. But nothing happened. That made me suspecious so I closed it and started to look for this "tournament" turns out the website is barely a month old and this leaque already shut down. Luckily I didn't try to log in or enter any information. I immediately went to change my Steam password as well as de-authorised all my devices. I have steam guard active as well as 2FA active. I immediately scanned my phone for any viruses or malware too. Am I relatively safe because I didn't information or should I still be worried? And what else can I do?

Do not use your smartphone for IoT. On these devices, you generally have little opportunity to track/verify anything or even integrate reasonable security measures.

Delete browser data, including cookies and DOM storage. Scan the system for suspicious files and behavior. Scan it again using other software. Even if no malware has been installed directly, it can still be sideloaded or browser data can be read out via session hijacking, cookie theft.... Simply changing your login credentials (or relying on 2FA) is not enough.

引用自 ペンギン：

引用自 Meowvolver Ocelot：

One of my Steam friends, someone I've played with multiple times and talked to. Just asked me if I could vote for his friend in some ESL tournament. I didn't think much of it so I said yes, again I've known this guy for a long time. I clicked the link phone, voted for the team he asked me to. But nothing happened. That made me suspecious so I closed it and started to look for this "tournament" turns out the website is barely a month old and this leaque already shut down. Luckily I didn't try to log in or enter any information. I immediately went to change my Steam password as well as de-authorised all my devices. I have steam guard active as well as 2FA active. I immediately scanned my phone for any viruses or malware too. Am I relatively safe because I didn't information or should I still be worried? And what else can I do?

Do not use your smartphone for IoT. On these devices, you generally have little opportunity to track/verify anything or even integrate reasonable security measures.

Delete browser data, including cookies and DOM storage. Scan the system for suspicious files and behavior. Scan it again using other software. Even if no malware has been installed directly, it can still be sideloaded or browser data can be read out via session hijacking, cookie theft.... Simply changing your login credentials (or relying on 2FA) is not enough.

Right I did delete all browser data and installed multiple scanners, both showing nothing. I heard it is harder to install malware and spyware on smartphones than it is on PCs, since when I clicked on vote nothing happened I assume Safari may have blocked it already?

Site dependent.

The fact that "nothing happened as visible behavior" does not mean that really "nothing happened". Two older examples...

https://steamcommunity.yuanyoumao.com/sharedfiles/filedetails/?id=3465706992
The first image was also a “Vote for my Team” invitation. Here, your login details are simply sent to another server without you noticing.

https://steamcommunity.yuanyoumao.com/sharedfiles/filedetails/?id=3411470955
In the second image, a redirect chain and URL manipulation were used to create the appearance of a genuine Steam login page (with the help of original Steam WebAPI and assets) but it only worked partially. Here, too, the entered user credentials were sent to another server without your knowledge.

And this behavior is not prevented by your browser or any other software. Often it is not necessary to install malware.

It's already sufficient to read your stored cookies and browser data and reroute your traffic. You don't normally notice any of this. Except that at some point you won't be able to log into your account anymore. Whether that affects Steam or other platforms.

引用自 ペンギン：

Site dependent.

The fact that "nothing happened as visible behavior" does not mean that really "nothing happened". Two older examples...

https://steamcommunity.yuanyoumao.com/sharedfiles/filedetails/?id=3465706992
The first image was also a “Vote for my Team” invitation. Here, your login details are simply sent to another server without you noticing.

https://steamcommunity.yuanyoumao.com/sharedfiles/filedetails/?id=3411470955
In the second image, a redirect chain and URL manipulation were used to create the appearance of a genuine Steam login page (with the help of original Steam WebAPI and assets) but it only worked partially. Here, too, the entered user credentials were sent to another server without your knowledge.

And this behavior is not prevented by your browser or any other software. Often it is not necessary to install malware.

It's already sufficient to read your stored cookies and browser data and reroute your traffic. You don't normally notice any of this. Except that at some point you won't be able to log into your account anymore. Whether that affects Steam or other platforms.

I think I did all I could to be safe. Appreciate the help, if there’s anything else I can do please let me know. I might find the chat again and could give you the link so you can add it to the list.

It could be today, tomorrow, next week, next month, next year, etc. They wait until your account is worth taken.

引用自 SLG：

It could be today, tomorrow, next week, next month, next year, etc. They wait until your account is worth taken.

That is IF they have my data which I never entered

引用自 ペンギン：

Site dependent.

The fact that "nothing happened as visible behavior" does not mean that really "nothing happened". Two older examples...

https://steamcommunity.yuanyoumao.com/sharedfiles/filedetails/?id=3465706992
The first image was also a “Vote for my Team” invitation. Here, your login details are simply sent to another server without you noticing.

https://steamcommunity.yuanyoumao.com/sharedfiles/filedetails/?id=3411470955
In the second image, a redirect chain and URL manipulation were used to create the appearance of a genuine Steam login page (with the help of original Steam WebAPI and assets) but it only worked partially. Here, too, the entered user credentials were sent to another server without your knowledge.

And this behavior is not prevented by your browser or any other software. Often it is not necessary to install malware.

It's already sufficient to read your stored cookies and browser data and reroute your traffic. You don't normally notice any of this. Except that at some point you won't be able to log into your account anymore. Whether that affects Steam or other platforms.

Okay so I checked the chat history and I do have the link to the website. I can give it to you if you want to add it to the list

Sure, I'll add it then. Via Steam chat or email via my project page. Linked on my profile or via my primary group infos.

Okay thanks I’ll add you then