I did not check the site, but I will base my explanation on replies.
As I understand, it is a phishing site, I am going to use as example some social network but this can work with anything, email platforms, social platforms, ecommerce platforms, etc.
1) Copy the entire front end of the platform: You can either download all of the assets manually (html, css, js) or use a crawler like httrack
2) Develop a back end/script that will process the login (It is even better if you also handle extra features to make it more believable), but this can be as little as just handling the form submission and storing it the details provided in a database, then redirect the user to actual steam or do something to make the user not think their details were just stolen (to prevent the user changing their details), or don't do anything at all.
3) Connect back end and front end, and also these to a server and domain
4) Advertise it through email, or some other way. Things like "Attention required, please login now!"
And that's it. I don't do phishing, ever, but I work in IT, so I know how all of this works.
How to prevent your steam account getting stolen in the future?
When a site asks you to connect your steam account, the actual legit way to do it, is click a button that redirects you to the actual steam page, there, steam will ask you if you'd like to connect to "random app", click yes, and the site you connected to will receive your steam unique identifier, they can't do anything with this nor steal anything from you through this, they will just see your steam name, picture, what games you have and things like that, nothing else.
If the site asks you to provide your steam login information, it is a phishing site 100% of the time.
