Corigami wrote:steamsecurity.co or something ... the url even looked fine
whut? 'steamsecurity.co or something' and you say the URL looked fine?
some basic tips
urlsurls of official organisations are usually .com. Avoid ALL SITES WITH .ru (communistic crap), .co (columbia, how could you even remotely think this was legit?). Basically, avoid all top-level domains outside USA, EU, apart from perhaps canada, australia, japan.
No offical site uses GET's to get you to a login box, so NO legit url contains @nY $tr@ng& characters in the url itself (apart from, eg, session id's). In other words: learn what an url is and use your knowledge
URLstop level domainswhoisYou can lookup who owns a site, cool huh? If you even plan to enter your credentials on a site, whois the site
whois lookuptry it for eg steampowered.com, and you know what to expect.
Let your pc thinkUse phising filters; firefox has one, some firewalls and virusscanners have one as well
Think for yourselfWhat does the site offer? is this possible/normal (3 cars for free if you sign in with your steam account!!!)? do you need it (one car is enough)? is it a popular site (the google nooes)? Hows the HTML (the amount of errors on a site can give you a hint, though dont rely on this)? broken images, links, are never found on official sites.
In short: dont post your credentials on every silly site that offers you gold. it most often does not.