Scams and Social Gaming 95
Posted
by
Soulskill
from the sign-up-now-for-fifteen-free-slashbucks dept.
from the sign-up-now-for-fifteen-free-slashbucks dept.
TechCrunch is running a story about the prevalence of scams and shady monetization techniques in popular social games on Facebook and MySpace. As an alternative to buying in-game currency with real money, many games make use of lead-generation offers — letting players sign up for a trial service or take a survey in exchange for the currency. The system is rife with scams, and many game developers turn a blind eye to them, much to the detriment of the players and the legitimate advertisers — not to mention the games that rightly disallow these offers and fall behind in profits. The article asserts that Facebook and MySpace themselves are complicit in this, failing to crack down on the abuses they see because they make so much money from advertising for the most popular games.
Increasing sophistication in MMO scams (Score:3, Informative)
As an MMO player, I've seen a dramatic rise in the frequency and sophistication of tricks designed to get access to players' accounts over the last few years.
As a bit of background for those who don't play these games; even though most games technically forbid it, the trade of in-game currency for real-life money is big business. A quick look around a few of the well-known sites that are used for this purpose show that, for example, 1,000 World of Warcraft gold will sell for around $10.
Now, those selling the in-game currency need to obtain it from somewhere to sell it. Traditionally, they've obtained their money via "legitimate" means, usually a sweat shop full of part-time students working shifts to keep characters earning money through fairly mechanical processes 24/7/365. I say this is legitimate, but this is only true in so far as it does not violate any game mechanics; it can have a fairly crippling effect on a game's economy and can make life much worse for genuine players. In some cases, this was augmented by 3rd-party automation software (usually called bots) which took away the requirement to have somebody at each keyboard and allowed one person to supervise a dozen or so clients.
However, in recent times, many of those involved in the in-game currency trade have decided to cut out this part of their operations. Rather than earning the cash on their own characters, they rather steal it from the accounts of other players, by gaining access to their account and stripping it bare. This has the twin benefits of not requiring anything like the human effort that earning the money directly via in-game means has and of not driving inflation (reducing the real-world value of the game's currency - unless the game's operator has a policy of refunding stolen currency).
Now, back when this first started to appear, I was still playing Final Fantasy XI, a game whose highly sophisticated and relatively unrestrained in-game economy rendered it highly vulnerable to the advances of real-currency traders (WoW, by comparison, has a pretty basic economy where players never really need much gold to get by, rendering it less fertile ground). Back then, there were three basic ways to lose your account. The first was greed; you sign up for a scam power-levelling service, or a currency trade website that requires you to register your account details. Surprise, surprise, the nice people offering this wonderful service really just empty out your account. Obviously, only the truly atupid are going to fall for something like this (though I can name one or two who did).
The second method relied on fear; you'd get an official looking e-mail, purporting to be from Square-Enix (or Blizzard - this still happens in WoW), claiming that your account was believed to be inactive/in violation or something and you needed to reply to them, stating all of your account details, to prevent it from being locked. Again, fairly basic stuff, though with a convincing enoug e-mail, you will probably always get a few suckers.
The third was pure bad-luck and not really relevant to the currency trade. I remember two FFXI players who broke up with their real-life partners and forgot that said partner had their login details - which they promptly used to trash their account.
However, just as I was making the transition from FFXI to WoW (about 2.5 years ago), more sophisticated attacks started showing up. These generally revolve around the use of keyloggers, to caputre the player's login details. The really big one that I remember, which hit a lot of FFXI players I knew at the time, involved allakhazam - a previously legitimate community site - which accidentally carried a number of malware-laden banner ads. By all accounts, the creeps behind it harvested logins for a few weeks, then struck quickly at as many accounts as they could before people wised up.
Over in World of Warcraft, the situation is even worse, largely due to the requirement that anybody who wants to play in any kind of vaguely serious raid requires 3r