Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

MMO scams

From Malware Wiki
Jump to: navigation, search
Fake Robux generator program, for the online game, Roblox.

MMO scams are a type of scams that attempt to fool users into using a false currency/item generator. These links are often spread around to trick unsuspecting persons into using the website to get the desired item(s). When the user's details are input, the user's account is often hacked and sometimes used to promote the scam.



A website may claim that the user must download a program before they can get free membership/currency for a game. The programs might have a video that claims that the program is working.

When downloading these programs or when installing, they might ask if the user wants to download other programs (which may also be viruses). This could happen outside and inside the installer. Even if there is a "No" button, it will likely not work and will download the program(s) anyway. When a user downloads the program it will likely ask for their username and password, or confidential details such as credit card numbers. It will then ask what type of membership the user would like to add to their account. When the user selects an amount it shows a fake bar that progresses. When it is done it may say that their request will take a while or is done.

If the user attempt logs on to their account after doing this it may be hacked, or they may not be able to log onto their account. Their computer may also have been infected by a lot of viruses. These viruses are usually not malicious and are just potentially unwanted programs.

Sometimes, however, some membership generators can carry RATs (Remote Access Trojans) and will not open. After "opening" the program, the trojan will not ask for any administrator permissions and starts a task that will be enabled for the startup. The RAT process can be started after booting so that features can be available for the controller even after rebooting their PC. Depending on the RAT's type, it can have a keylogger, or even can remotely control the user's computer. These features can be used to log into accounts and more.


When offered to download the program websites may offer a way to do it through the website alone. Generally, the website would look and work exactly the same way as the program they offered. This is different from the program because they don't have "direct" access to the user's computer files, but tend to send spam constantly to the user's email, or in worse cases an email worm, and phish all the user's sensitive information. When a user clicks on the Website option they are greeted with the same thing as the program, a username, and password requirement. When the user types that in, then they will be asked what type of membership they would like to add to their account. This part differs from the program for the fact that the website may pause the bar and makes the user do a captcha to make sure they are human, or claims they must complete a survey or download a program, etc. If there is a captcha, it will likely be false, because if the link is clicked the user will be redirected to a phishing website, where they may be forced to do surveys that take sensitive information such as credit card numbers, addresses, email address, the user's real name and etc. When the user has finished the website "checks" to see if the information is valid. The website will never actually check to see if the information is right, this means the user can type in whatever into the information boxes and it will do the same thing. Once the website has "checked" it says that the user's completion will be sent to the membership generator website. However, this will most likely not happen. When the user closes the "captcha" and goes back the website will not have changed.

This can be different from website to website. Some websites do complete but do nothing. This may be because of PHP, but the membership will never appear on the user's account.

At this point, the user's email can be filled with spam or email worms and their account will most likely be hacked in a couple of days after visiting the website. They may also ask the user to complete a survey, which will just be fake. It can be of many different types. One of them asks the user for their phone numbers. When someone puts a phone number, they steal the money that the user has topped up. Others will simply not do anything and these will generate money for the owner of the website. When the user clicks on "Confirm", the scam replies that the inputs are incorrect. These inputs (like the phone number) are said to be incorrect so that it has an excuse to not contact the victim. It also appears that the website uses very simple tools to scam.

The surveys that the website prompts the user to take are often of a similar nature, being for things such as free gift cards, sweepstake tickets, coupons, discounts, or money. Typically, these are phishing sites as well, and often steal the user's data.