How to deal with a spyware scamming scheme on Facebook?

Jean Jacques Rousseau said once that all people are good, it’s the civilization which is evil and because of it, some people turn evil. Honestly, I have no idea whether he was right or not. The point is – there are bad people out there and it’s sometimes pretty hard to deal with them. I consider a certain individual a pretty bad person, because he’s been exploiting some of the players of Fishing Clash for his financial gain. This is the story on how I managed to metaphorically trade punches with him. I kind of want to do this IRL, too.

How do Fishing Clash hacks (seemingly) work?

Fishing Clash is a F2P game and it uses two types of currency – gold (soft currency, obtainable in the game for completing simple actions) and pearls (hard currency, obtainable in small quantities, purchaseable). A ton of stuff which is crucial for achieving progress in the game can be bought with pearls, so it’s no wonder that players actively seek opportunities which will provide them more pearls, be it in-game events or gift codes. However, some players want to take a seemingly easier way, which is hacks.

The thing with hacks is that they, well, don’t work at all. It usually goes like this:

  • a player finds a video tutorial on Youtube; it showcases a whole walkthrough on how to get a big amount of pearls using 3rd party software,
  • player then downloads and installs a spyware app, which is also able to modify Fishing Clash’s front-end,
  • the app seemingly adds pearls to the player’s account, but the only things which happens are aggressive data collection in order to provide a ton of ads and meddling with front-end of Fishing Clash,
  • the player’s bugged and receives no pearls (although has a ton of ads directed straight to him), because it relies entirely on back-end of the app and the spyware software is unable to modify it.
Here’s an example of such content. Simeon Nikolov, you’re a piece of shit for scamming people.

These apps are pretty straightforward when it comes to identification – they are hacks, so players are aware that they are not endorsed by Ten Square Games in any way. We also don’t care much about them. Silly ones will fall for them and those clever will stick to legit ways of obtaining pearls.

However, there was a new situation which caught us off guard last week.

Introducing, Knob

Knob, as I call him, is most likely a Filipino spyware scheme con artist, who targets Fishing Clash players and uses a spyware app for his personal financial gains. It wouldn’t differ much from the hacks I’ve talked about earlier, aside from two things:

  • Knob started a Facebook fanpage called Fishing Clash Rewards, using our logos and reworking our previous content,
  • he actively encouraged players to share the site’s posts to the game-related Facebook groups.

The combination of these two factors proved to be extremely troublesome from my point of view. I found out about Knob’s actions when I logged to Facebook one day, headed over to one of Fishing Clash’s groups I’m in charge of and noticed that there are almost 300 pending posts. It surprised me, because there’s usually less than a hundred of them. As you may expect, these were mostly post shared from the fake page.

Here’s the first post Knob published on the page.

As you can see in the picture above, Knob did something very clever and asked people to like, share and comment in order to maximize his reach before proceeding to the „actual” giveaway. This worked flawlessly and soon his posts started spreading like wildfire accros multiple Fishing Clash groups ran by players. They tend to allow all posts, which helped Knob quite a bit.

The link he posted leads to a „dudemobile.net” domain page. Not the most legit site in the world. It contained the spyware app, which allowed Knob to monetize the ads which were sent to players afterwards.

We’ve even obtained a number of support enquiries going along the lines „you cheated on meeeee! i’ve done everything the page told me to and i never obtained any pearls, so i demandyou send me them at once reeeeeeeee”.

Damage control

Some actions had to be taken immediately in order to minimize people’s activity on Knob’s fanpage. The first thing I did was to go to Canva, a pretty awesome service, which allows to make simple pictures. It’s like, say, Photoshop for dummies. I took a screencap of Knob’s content with my phone (most of Fishing Clash players play on their phones, so I realized this is going to be most familiar for them). After a few minutes, a picture was made. It was crude, but eye-catching, which was my main objective to achieve. Then I moved to writing a long post, which had four purposes:

  • to let people know that Knob’s content is a scam,
  • to show the community that we care about their safety,
  • to educate them on how to identify sketchy content on social media (I’ve even included a short tutorial on how to find out what’s behind a Bitly link),
  • to make fun of Knob and to diminish him in the eyes of the community.
Full text:
Hi, there’s something we need to talk about. We’ve seen that there’s been some activity on a page which promises to grant you pearls for sharing posts and clicking a suspicious link. THIS IS NOT LEGIT!
Now, let’s go through the screencap and pinpoint what’s wrong:
1. The only official fanpage of the game’s Fishing Clash. It has a blue verified tick next to it. Why’d we even start a new fanpage, when we have one with over 80k likes?
2. Writing Every Word In A Sentence With Capital Letters Kind Of Looks Like A Nigerian Scam, Doesn’t It?
3. „No like, no share = no pearls” yeah, right, we tend to use actual sentences when we speak.
4. Forcing to like and share stuff is against FB’s terms of use and guidelines.
5. We know that our English may not be stellar at times, but come on, „thank you fihing clash for this Rewards?”. It’s not like they were even trying, lol.
6. Why would we put asterisks before points? It makes no sense.
7. There’s literally no reason to put a question mark after a colon.
8. A bitly link. We’d customize a bitly link if we were to use it (we customize them on Let’s Fish’s fanpage). There’s a way to see where a bitly link will lead you to. Simply put a „+” sign at the end of it. F.e., there’s this link – http://bit.ly/AAA. When you go to http://bit.ly/AAA+ you can see that it leads to http://www.prweb.com/releases/radian6/AAA/prweb1839944.htm and shows it’s metrics, like number of clicks. This link leads to an absolutely not shady „dudemobile.net” domain. We won’t click it, like 116 before before us did.
9. Talking about an exclusive bonus for sharing is as sketchy as it gets.
10. Do you really believe that we’d give away 10k pearls? If it seems to be too good to be true, then it 99 times out of 100 is.
In conclusion – do not click the link, do not share the image. It’s a fan farm at best, most likely a spyware scheme, a virus or a keylogger at best. Be smart about such stuff and don’t click random links just because they say that you’ll be gifted something.

I shared the post to both the social and updates group (there are two FC groups ran by us on FB, but it’s going to change soon) and moved on to declining pending posts. I used a neat feature Facebook provides – there’s a possibility to send feedback after declining posts to the OP. Of course I wrote that what they were sharing was a spyware scam and told them to not share this anymore, and also to inform their clanmates that this was fake. There was something else that I told them to do as well, though.

Counterattack

I asked our players to report Knob’s page. Facebook is pretty awful at acting against pages which are scams most of the time, but the sheer scale of people told to do so wouldn’t hurt, right? I also was going to write them all about the issue, because it needed to be done in order to make Fishing Clash’s communication as transparent as possible in this situation. I also asked all of my colleagues on our company’s Slack server to report the page. They are a friendly bunch and they eagerly helped with kicking Knob’s ass (I provided a neat little tutorial on how to report the page). I expect that more than 50 reports were made in a short span of time. I also wrote a message to Knob demanding an immediate halt of his actions via his fanpage, but I didn’t expect him to read it, and he did not. After a few hour, Fishing Clash Rewards was down thanks to the joint effort of the players and my colleagues.

The shittiest phoenix and Knob’s identity

I moved on to my normal work tasks and after a few hours I called it a day. When I was home, my superior wrote to me, asking why did I accept a pedning scam post. It was quite a shock, because I didn’t. To my surprise, he sent me a screencap, which confirmed that Fishing Clash Rewards was back up and that Knob most likely appealed our reports.

Knob firstly wrote a regular post and, after it was up for a few hours, he edited it to include a scam post. Pretty clever, but he made a grave mistake. Now I know what’s his profile. And since he’s playing dirty, I don’t see why I wouldn’t ask my colleagues on Monday to report his personal profile to Facebook. I suppose that he doesn’t have an alt account, so if we manage to ban him, there won’t be anyone to run the page, at least for a while. However, even though he’s back, the page, due to the ban (FB absolutely slaughtered his reach) and educating the players about scams, is a shadow of it former self, struggling to bait anybody. Some players even started to call Knob out on his bullshit in the comments under his page’s content

Conclusion

There are many ways for a community manager to deal with a scammer. I decided to both educate the players about scams in order to make them more aware that there are people out there willing to abuse others just to get some money and to make them more cautious, and to take offensive measures against Knob. Has it ended in a success? Partly. Knob’s page is still up, but his actions are barely noticeable at the moment. Sure, we could engage in some legal activities, but this would probably cost us a lot and he’d still run his operation for quite some time (both Polish and Filipino justice systems aren’t known to be particulary swift). There’s still some actions to be taken, so I don’t think that this is over yet, but at the same time, the situation’s under control and the damage to the players have been minimized, which was the most important thing after all. I’m also quite happy that he (most likely) hasn’t stolen any access data or credit card numbers, because it would be way more severe and serious.

2 myśli w temacie “How to deal with a spyware scamming scheme on Facebook?

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj /  Zmień )

Zdjęcie na Google

Komentujesz korzystając z konta Google. Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Połączenie z %s

Ta witryna wykorzystuje usługę Akismet aby zredukować ilość spamu. Dowiedz się w jaki sposób dane w twoich komentarzach są przetwarzane.

%d blogerów lubi to: