A new online scam is around luring users towards fake online gaming sites via social media apps such as Discord. This scam likely includes thousands of fraudulent websites, all of which presumably link back to the same threat actor entity.
Fake Online Gaming Sites Flood Discord and Social Media Sites As Part Of New Scam
Security researcher Brian Krebs has shared details about a new online scam flooding social media platforms to target users. As explained in his post, this scam involves tricking users into interacting with fraudulent online gaming websites to steal money.
Specifically, the threat actors behind this scam are barraging social media sites like Discord with fake online gaming sites. They distribute these links by claiming support from various popular personalities. For instance, Krebs mentioned one such fake gaming site, “Beast Games,” claiming to have partnered with the famous YouTuber Mr. Beast. The messages promoting these links often include some “promo codes” that users could claim on the website.
Lured by the promo codes, users may likely click on the links and land on those fake gaming pages where they could create free accounts. Krebs noted that all gaming sites in this scam offer a free account to claim $2500 credit. Users may use this credit to play games on the respective website.
But when users try to cash in the winnings, the site asks the users to deposit $100 in cryptocurrency, apparently, for verification. That’s where the users get scammed as they never get the deposited amount back, let alone receive the winnings.
Scammers Also Likely Track Victim Users
Kreb’s credited a Discord user with the alias “Thereallo” for discovering and reporting this scam. The user noticed how all websites constituting this scam follow a similar pattern to trick users. Moreover, the threat actors behind this scam also seem to track victim users.
As Thereallo observed, it became impossible to create an account on a similar fake website after registering with one of them. The user believes that the sites track users’ IP addresses and email addresses of registered accounts.
They’re tracking my VPN IP across their entire network,” Thereallo explained. “My password manager also proved it. It tried to use my dummy email on a site I had never visited, and the site told me the account already existed. So it’s definitely one entity running a single platform with 1,200+ different domain names as front-ends. This explains how their support works, a central pool of agents handling all the sites. It also explains why they’re so strict about not giving out wallet addresses; it’s a network-wide policy.
Krebs also shared a video highlighting the details of this scam.
Users must remain wary of any new, untrusted, and too-good-to-be-true gaming sites, even if they claim to have popular brands as sponsors. As always, it’s better to simply avoid engaging with unsolicited links, regardless of the sender, on any platform. Or if interaction with the link seems inevitable, ensure validating the legitimacy of the message and the link from the supposed sender via some other contact means.
Let us know your thoughts in the comments.
