"Recently a clueless individual added me trying to phish me for my Steam account login details. If they would have any clue what they were doing and who I am they wouldnt be adding me in the first place.
But I digress. Lets talk a bit about what we are looking at and dealing with.

This website is fake. Its made to look like an actual Steam Workshop page but its not all as it seems. Most of the buttons usually either dont work, link to the actual Steam website or want you to sign in.
NEVER TRY TO SIGN IN HERE.

A real Steam Workshop URL looks like this.
https://steamcommunity.com/sharedfiles/filedetails/?id=

In fact they are linking the original Steam Workshop page for this item on the scam website.
https://steamcommunity.com/sharedfiles/filedetails/?id=2291259008
Feel free to compare the fake landing page that is trying to steal your account information with the actual Steam Workshop page.

As you can see I am in private browsing which usually means that Steam will prompt you to sign in. This would be normal but the process on how it tries to sign you into this is where they will get you.
See, it wouldnt matter if I was in private browsing or not. It would still ask you to sign in. This isnt something anyone would normally be suspicious about but I personally am already always signed into Steam on my browser so the process would be and should be entirely different.

Lets look at an example of this.
https://steamcommunity.com/sharedfiles/filedetails/?id=3226504065
This is how a fake Steam Log In looks like. Its made with Javascript to resemble the real Steam Log In process.
Never enter any account information into these fields.

As you can see it opens a window in window. The URL displays a seemingly real Steam URL. The window itself isnt functional though.
No matter how real it may seem, always question everything, double check everything.

This is how the real Steam Log In from a workshop page would look like.
https://steamcommunity.com/login/home/?goto=sharedfiles%2Ffiledetails%2F%3Fid%3D2291259008
The ID at the end corresponds to whatever item you were viewing at the time when you decided to log into Steam.

Steam Log Ins can look diffeent depending on where you are trying to sign in from and what browser you are using.
Since I am a Firefox user, this is how a sign in request from the Steam Stores main page looks like for me.
https://store.steampowered.com/login/?redir=&redir_ssl=1&snr=1_4_4__global-header

This is how it looks from a Steam Workshop page.
https://steamcommunity.com/login/home/?goto=app%2F730%2Fworkshop%2F
The section calling to the app will display the app ID Steam has given to the product. In this case the ID is 730 which is Counter-Strike 2.

A third party website like Backpack.tf or Scrap.tf will have a Log In that looks like this.
https://steamcommunity.com/openid/loginform/?goto=%2Fopenid%2Flogin%3Fopenid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.return_to%3Dhttp%253A%252F%252Fbackpack.tf%252Flogin%3Fopenid.ns%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%26openid.identity%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.claimed_id%3Dhttp%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select%26openid.mode%3Dcheckid_setup%26openid.return_to%3Dhttp%253A%252F%252Fbackpack.tf%252Flogin%26openid.realm%3Dhttp%253A%252F%252Fbackpack.tf

I know it looks like a mess but at the end it will call to the website you are trying to log into.

The important part is that you always check that the window that displays the Steam Log In is a direct browser window or tab of your own and not a window in window.

That the URL always displays a real Steam URL.
https://store.steampowered.com/
https://steamcommunity.com/

And that the little lock icon in your URL bar displays a certificate issued to Valve Corp once you click on it.

Most importantly of all though, always question everything.
Why would a random person add you and ask you to vote for something, why would they invite you to join a competitive match, why would they give you something of value for free?

Hell, you should even question everything I said here. Use your head.
If it sounds too good to be true or even remotely suspicious to you just dont do it.
You will always be on the safe side that way."