11.8 C
New York
Thursday, December 3, 2020
Home Trends The anatomy of a game-key scam

The anatomy of a game-key scam

If you’ve heard of Steam-key scams, you know that most of them seem too obvious to fall for. But some scammers are running sophisticated, brute force operations that blanket so many developers with so many key requests that they are likely quite profitable. And Helium Rain developer Gwennaël Arbona just broke down how the entire process works in a thread on social media.

Developers on Steam can produce an infinite number of 15-digit alphanumeric codes that anyone can redeem for access to a certain game. Valve gives everyone free rein to do whatever they want with these codes (it does have some limits that are not relevant to this topic). You can give them to friends and family. They can go out to media to help promote the game. Or you can sell them on your own website or a third-party store.

I request a Steam code for a game at least once a week for my job. Sometimes I find myself requesting multiple codes a day. It is a normal and accepted business practice, but it’s one that con artists are exploiting. Anyone can write an email just like mine requesting a Steam code. And anyone can sell a Steam code on stores like Kinguin. And that’s exactly what they do.

“As [with] most scams, they’re short, unprofessional-looking emails in approximate English,” Arbona wrote on Twitter. “Most developers will immediately weed them out.”


The reason this scam is so popular is because people can automate a lot of it. For example, you can feed developer email addresses into a bot that will then automatically send key requests from countless false accounts. Those accounts can use forms to fill in details like “%game_name%,” and they can impersonate any number of YouTubers from around the world.

Arbona saw that trend with his scammer. He found multiple emails with similar wording that all used the same Gmail tracker from a service called Deskun.

“Obviously, these email addresses are registered and used by the same bot,” said Arbona. “A single scammer is impersonating multiple public figures, requesting review keys of every Steam game, over and over, through each account.”

And it’s likely that developers ignore most of those emails. But if an automated process making potentially dozens of requests succeeds only a fraction of the time, that could still turn into real money. And if the scammer sets up their bot scripts to automatically register every Steam code developers send them with a selling service, they can generate revenue with very little effort.

Arbona was able to prove his scammer was selling keys. He responded to the request with a key for this game Helium Rain. He then checked popular key-reselling website Kinguin and found that it suddenly had a listing for Helium Rain. Previously, Kinguin didn’t have a listing for any Helium Rain codes. So Arbona bought it, and found that it was the one he just sent to “[email protected]

But c’mon — this can’t really work, right?

In the receipt for the Helium Rain key that Arbona purchased on Kinguin, it said “brought to you by Zefir.” That account had dozens of games for sale.  But that account is no longer available on Kinguin. I’ve reached out to the website to ask if it deleted it or if the user deactivated it. But Arbona found multiple other accounts that all use the same icon art of a red-bearded sheriff. Those accounts, like GamesLand and KeysCrops, are still live with game keys for sale.

As Arbona notes, every game that Zefir was selling comes from indie developers. If Zefir is a legit merchant, major publishers do not work with them.

But Zefir didn’t just have keys to sell, as people are also buying them. Before closing, the account had approximately 850 user reviews. Those all came from sales. But not everyone who makes a purchase has to leave a review. That means that Zefir likely sold way more than 850 keys. If Kinuin is anything like other stores, only about 1-in-10 to 1-in-50 people leave a user review. Arbona did the math on that.

Even if Zefir has sold only 10,000 keys at an average of $5, that’s still $50,000. Of course, developers like Arbona don’t get a cut of that money. Kinguin does, however, take an 11 percent slice for itself.

So yeah, this racket works. If you spam out enough key requests, you’re bound to hit a developer who’s not at their sharpest. Maybe they are desperate for media coverage. Or they decided to go through their email after working all night. Maybe they just started doing outreach for their game and are overwhelmed by the number of requests. Or maybe English is their second language.

A swindle like this doesn’t have to work every time. It just needs to work enough to make the effort worth it. And automation and bots can make it almost seem like free money.

Source: VentureBeat

To Read Our Daily News Updates, Please Visit Inventiva Or Subscribe Our Newsletter & Push.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

- Advertisment -

Most Popular

Oyo – plans to launch its own IPO, a look into Oyo’s past, present and what the future looks like?

Oyo Hotels & Homes started with a unique business model of budgeted hotels. An Indian hospitality chain that works on the model of leased...

A look at the benefits and challenges of legalised online gambling

Gambling is often a touchy subject when it comes to laws around the world. Some countries have fully embraced the industry with laws that...

Bri Innovations Launches Two “Sensibly Innovative” Products

Recently, we have seen a surge in new products that would never have been thought, if the covid had not affected India. It’s an...

Vaccine Update: The UK Turns Out To Be The First Nation To Affirm Pfizer’s COVID -19 Antibody, First Shots Turn Out One Week From...

The United Kingdom has become the main Western country to favor a Covid-19 antibody, a milestone second in the COVID pandemic that makes ready...

Recent Comments

%d bloggers like this: