Apparently there's a hijacking going on dota 2 trades and hijacked victims aren't helped

In general, always, before you enter any login credentials anywhere (unless it's for a forum you spam nonsense in), check the website's TLS certificate. That's what they are there for.

Click the green lock icon next to the URL in your web browser. If it's not there, you are being scammed (can reliably say that nowadays). If it does not say the domain or company name you expect to authenticate with, you are being scammed too.

Companies are usually not stupid and do not use some random domain for login; they all use some subdomain of their main domain name (e.g. store.steampowered.com, accounts.google.com, ...) not something else which could be a forgery (e.g. I could probably register steam-account-login.com and get a TLS cert for that).

/r/DotA2 Thread