Need advice about hacks.

Rule #1: don't add random people on Steam (usually they write something on your wall and also usually it's urgent). Request from private profile = instant block.
Rule #2: Valve/Steam NEVER contact you via comments on your wall, via Discord or via chat inside Steam.
Rule #3: If any page requests your credential and/or Steam Guard password when you're already logged in = 100% scam. Almost all sites with drops for CSGO/DOTA items are scams.

I keep it simple - if I don't immediately recognize the site linked in Steam chat, I won't open it, regardless of who sent it.

Never log in with your password & steam guard on third party sites. Bookmark steamcommunity.com or steampowered.com and only log in at these sites. After you're logged in reload the third party site and if you're still asked for password / steam guard it's a scam.

A friend of mine has been hacked multiple times and it always ends up with me having to help him get his acc back so if anyone sends you something fishy, it's most likely a scam. Even from friends accounts.

As others pointed, urgency is the common tactic to make you click on stuff.
If it is urgent, it is 95% a scam.
Stay calm and don't click unless you are sure it is legit.

if someone asked you to vote for their favorite team on a certain game, it's mostly a scam.
if someone tells you that they reported you (or something similar) and you are urged to do an action within a few hours or days, it's mostly a scam.

don't get tempted to login on any sites that other people linked to you. if they linked you a steam page and you are asked to login, open a new tab first. open the steam site on your own in that tab, and login there, then refresh the steam page that was given to you. if it still asked you to login, then it's definitely a scam.

don't get tempted on something that's too good to be true (login to this site to get this AAA game, or whatever that is). it's mostly a scam.
don't panic. if someone says that you need to act quickly to do something or else you'll lose your account, ignore it. it's mostly a scam.
if you think something is fishy. stop doing whatever you are doing. it might be a scam.

As a follow-up to the other suggestions being given. Basically two-factor authentication with your friends.

If you receive a sus link from a known friend, double check with them via another source of communication. Message them on discord, text message, social media, or any other way you two communicate with each other. Until you hear from them outside of steam that it was actually them, don't trust ANYTHING by default.

Some additional points:
Always verify the URL. Scammer often use URLs similar to official URLs (eg. steann instead of steam). In case it's a completely different URL, or for some unknown website, quick google search usually helps.
Never login using forms in in the 3rd party sites. Login using the official site and then grant access to the 3rd party site (if and where possible, check what permissions you are granting).
Prefer to first open the links in incognito and check the site, specially in case the shared link was URL-shortened, and hence redirects to some other site. This is simply to prevent access to cookies and stuff like that.
Been said above, but it's just too important to skip. Urgency to open the link should always raise red flags.
In case of emails, verify the sender's email address, as well as the domain (similar to first point).

Bit of extra work, but keeping some extra dummy account for all this stuff helps too. This may not be possible in every scenario but it's quite useful, specially when you are trying something new that you are not sure of.

"Trust but verify"
rule no.1 on the internet is never click on unknown links. so if a friend send something odd, ask in person or call him.

There is a known scam where Hacker hijack your phone and send urgent message to your friends asking for a money transfer. and people fall for it all the time, when a simple call could solve this.

also activate 2-step verification. and never enter the password unless you typed the website yourself.

Interestingly "a long standing Steam friend sending me a fishy link" has happened to me almost half a dozen times in the last 2 months, which is WAY higher than the usual rate ..
All of them were "vote" (either logos or teams)

And I knew from the get go all of them were hacked, thankfully all of them managed to get their accounts back.

Another good rule. not just for steam, is to use a password manager like bitwarden to store your passwords, and then if the site is dodgy there won't be an option to auto-fill the password, as it won't recognize the domain.

Ok again this happend, but this time was sended from me. Any idea how to deal with it? Luckily i didin't lose any friends, they just got this spam.

https://cdn.discordapp.com/attachments/393359588478681098/869351109150527488/unknown.png