Hijacking or Phishing is a method of getting someone else's account information through fake links or fake websites. Some can be very difficult to see which ones are a fake, while others are very easy. Most accounts that message you are just bots sending the message to everyone on that persons friend list after their account has been lost.

This is the new method that is very convincing. You will get a message like above. They will say you have a pending steam ban and you need to add a steam community admin to resolve this issue. IT IS ALL A LIE. There is no such thing as a pending ban, you are either banned or you are not.

This is an example of a fake profile they will ask you to click on.
It's not an actual account most times and are just there to get you to sign in and take your information. Do not click the profile at all to be 100% safe.

Just don't click links, add random bots, and always stay cautious. If you did happen to click the link or sign in there are a few things you can/should do. Change your password ASAP. If you use a trading API change it, consider it compromised. Lastly, to be very thorough remove all devices, (except the one you're logged in to) to do this go into Steam>Settings> Manage Steam Guard Account>Security> Deauthorize. The method of phishing is always changing so always be aware and double check EVERYTHING.

Stay safe everyone and happy reverse phishing!