Playing the Player: To Each Game, Its Own Scams

An overview of Facebook game-themed scams. Episode 1


Scammers live by the “hit me with a hit” motto, so nobody will gasp in awe when hearing that most (if not all) top ranking Facebook games have a dedicated tricky app.

These poisonous flowers are sprinkled all over the online social pasture, so let’s  put our Linnaeus gloves on and start our own Species Plantarum. We’ll be luckier than regular explorers as we’ve got a clear map of the territories. Just follow the arrows:

Source: *stats valid on September 9, 2011

First stop: Citiville (which goes to prove that a capital V makes a world of difference). L’exemple du jour ? Not omelette au fromage, as all Dexter fans would expect, but a scam…in French. All language barriers aside, it’s clear that this little daisy is offering Cityville items and UNLIMITED cash. Ever worried about how you’d go about asking for cash in a French bank? Worry no more, this scam’s the proof that cash is an international term (you know, just like S.O.S, STOP, etc.).

Let’s observe ze little wonder:

  1. “Hi, my name is Christina and I am a former Zynga employee”. AA meeting? No, no, no, just a lucky encounter with a nice gal who promises to guide us to the French den of free cash and items.
  2. This is a top secret operation, so please, don’t tell anyone else. Ok, you can tell your mother….and your father….and your cousin Louie….
  3. Let me hear you shout liberté, égalité, fraternité ! These people know what buttons to push to set the revolution in motion: never ever pay cash again!

(Notice the social plugin in the bottom right corner ? Nice touch, guys! Aux armes, citoyens!).

Le clic magique will take us to a classic share me, post me, send me to everyone you know scam page. The user is warned that a mechanism is set in place to monitor whether she/he has completed all steps. This, of course, is impossible, as the only way you can get access to a person’s posts on Facebook is through an app….No app loaded so far, so this is a big fat lie. You’ll just wait and wait for the verification process to complete, but there’s no end to it.

Second stop: The Fv paraphernalia scam. Cash, items…you name it, we can fake it!

No breaking news here, as scammers are at least as creative as the game designers who keep popping up with all sorts of crazy items. These two here are fake:

Imagination may go wild on the bait front, but on the spreading mechanism one, Classicism still reigns. Let’s take a closer look at a textbook example: the Farmville Mossy Tree scam.

Bad, bad post takes you to a Claim [item of day] page.

Clicking the "Claim" button takes the user to a page that is similar to the official Farmville page where users accept gifts. The difference is that there are no buttons on the page, only a picture that has the same functionality wherever the user clicks.

The user is asked to post the spam message to the wall, but then an error message appears.

However, the spam entry is there to stay in the victim’s News Feed.

Final stop in this episode: a scam that SIMS Social.

It takes one very promising post to get you stuck in the like-copy/paste-share straits.

To be continued.

This article is based on the technical information provided courtesy of Tudor Florescu, BitDefender Online Threats Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.