Quick PSA: there's a Steam login phishing scam going around that *looks like* a legit link but hides a bad address inside. The version I encountered also used a URL shortener to hide the bad domain name (as usual it's a misspelling of "steamcommunity.com").
The version I saw purports to offer a free Steam gift card, and claims that about 251K of 300K cards have been claimed (this is of course just made up). Most importantly, it says you're not logged in; if you click the "SIGN IN" button, it produces an in-browser frame that *looks like* a Google Chrome window for the Steam sign-in page. This page is, of course, fake, and designed to steal your Steam login credentials.
Sidenotes: This is where computer customizations can be useful. The fake Google Chrome "window" is grey; if you've set a different system color, this window will look mighty sus. Also, don't use Google Chrome; there are better alternatives that give you better features and/or allow you to avoid Google's tracking. (Heck, if you can, avoid using a Chrome-derived browser at all. I'm using #LibreWolf for example.)
Also, if you're on a webpage, and you use your browser's shortcut to go to the URL (e.g. Alt+D on Firefox-based browsers), you'll go to the real address bar, rather than the fake one. That's another way to notice that something's amiss.
The MO used in this scam is not new at all; it's been around for years. The only changes are the exact details of the bait page, and the fact that scammers have gotten better at making the fake Steam site look more real.