Scammers design scam sites using fake Steam login pages. Rather than 'logging in' to the site, your login information is being fed to a scammer who's logging in to your Steam account at the same time.
Once they gain access to your Steam account, they track your trade offers and duplicate trade offers to scammers -- eventually stealing your items.
It's very important you understand how these sites operate so that you can ensure you don't sign into one of them. Here are 2 ways they work:
Fake pop-up
If the site gives you a pop-up window to sign into Steam, make sure it's an actual pop-up. Scam sites can make it look like a pop-up when in actual fact it's just an isolated window on the web page. An easy way to check if it's a pop-up is to check how many browser windows you have open.
If there's just one, then it's a fake pop-up. If there are two, one of which being the pop-up on its own, then it's not a fake pop-up.
Fake login URL
Other sites will open a new tab to log in via, but the login URL will be a fake login URL. For example, a site may use 'sitenamelogin.xyz' as the login page, and not 'steamcommunity.com'.
Make sure to check the login URL starts with 'steamcommunity.com' exactly and not anything else. Some sites may try and use different letters within this URL to make it appear legit.
If you have any further questions, or want to get a site's login page double-checked, don't hesitate to reach out to our support team who'd be happy to help.