Scams and Social Gaming

TechCrunch is running a story about the prevalence of scams and shady monetization techniques in popular social games on Facebook and MySpace. As an alternative to buying in-game currency with real money, many games make use of lead-generation offers — letting players sign up for a trial service or take a survey in exchange for the currency. The system is rife with scams, and many game developers turn a blind eye to them, much to the detriment of the players and the legitimate advertisers — not to mention the games that rightly disallow these offers and fall behind in profits. The article asserts that Facebook and MySpace themselves are complicit in this, failing to crack down on the abuses they see because they make so much money from advertising for the most popular games.

Rightfully disallowed?

[introspekt.i]

Rightfully disallow? Surely you mean the scam offers. There's nothing inherently wrong with monetizing lead generation, as long as you do it in a legitimate and safe ways. As a matter of fact, it's probably best to keep 3rd parties out of the process, but that's just MHO.

Re:Rightfully disallowed?

[Trepidity]

I think a lot of those are scams too. I've twice been subscribed, without my consent, to junk like that, one a cell-phone dating thing (these doods), and one some ring-tones. I finally got Sprint to lock my account so no subscriptions can be added without me explicitly calling up Sprint to request they authorize it---which should be the default.

Ok... so I'm too old to understand

[faffod]

I just don't get facebook apps. They all need to be given access to my personal data. Why does a survey need to access my personal data? Why do people allow this? Given the cavalier attitude towards protecting privacy and personal data, I'm not surprised to hear that scammers are finding fertile grounds. I wouldn't be surprised to find out (eventually) that some apps are deep data mining for phishers to profile targets better.

Re:Ok... so I'm too old to understand

[SpeedyDX]

A survey doesn't need to access your personal data, but the developers/publishers of those surveys may want to access your personal data (for whatever reason, nefarious or mundane). I suspect that it's just much more convenient and less labour-intensive for Facebook to have the same policies for personal data disclosure for all apps than to have different types of disclosure for different apps. Even if we assume the technical/programming aspect of it is easy enough, there would need to be a screening process for each individual app to ensure that it actually needs the data it's requesting, or complies with certain conditions, etc. A lot of policing would have to be done, and I'm not sure it's entirely fair to ask Facebook to hire more people to essentially protect its ignorant users from themselves.

As to why people allow this, they just don't see the harm in it. Whether they should see the harm in it or not is a different question altogether, but the fact is that they're just ignorant to the risks. And we're so conditioned with "OK click-throughs" that most people probably click the allow button without even realizing that they're giving permission for the app to access their data.

been happening forever in other forms

When I was a youth in the 1960's the same kinds of scams were around, just not involving online computer games. Then, they were about subscriptions to get "10 records for $1" or similar. In all cases, they just take advantage of (not to put too fine a point on it) dumb people who don't bother to look into what they're really subscribing to.

If you give your CC or bank numbers to _anyone_ without understanding the transaction, well, a fool and his money are soon parted.

From TFA:

A typical scam: users are offered in game currency in exchange for filling out an IQ survey. Four simple questions are asked. The answers are irrelevant. When the user gets to the last question they are told their results will be text messaged to them. They are asked to enter in their mobile phone number, and are texted a pin code to enter on the quiz. Once they've done that, they've just subscribed to a $9.99/month subscription.

I've always maintained that being careless with one's information online (personal details, phone numbers, CC numbers, addresses) means it's only a matter of time until you get ripped off. Scams have been around forever, probably since humanity invented money. How long does it take for people to wise up? We've had thousands of years now. At some point, I think we have to acknowledge that people do have some responsibility to act in responsible ways, yes, even on Da Interwebs. The way to eliminate this problem is for people to act in their own self interest. If they refuse to do that, maybe we need to say, "hey, we're sorry you got scammed, but YOU chose to give them your CC number / sign up for a $10/month subscription / give away all your personal details. Now you get to experience the consequences of your actions."

Re:been happening forever in other forms

(Replying to my own post here) - also, why on earth would anyone let arbitrary scripts run when they don't have any idea what those scripts are doing? Maybe it's different for me; I grew up in the mainframe era, but my philosophy is, "I'll whitelist what *I* say is acceptable to run on my system. Nothing else gets to run."

Websites with 20 different cross site scripts? Sorry, but no thanks - my computer is my computer, not your computer, and unless there's a reason *I* agree with, you don't get to run *your* software on it. It boggles my mind that today's youth operate under the principle of, "Hey, sure! I'll run anything from anywhere without having the foggiest idea what it actually does, and I'll put all my personal details online for scripts to harvest". Maybe it's just a generational culture clash, I'm not sure, but I honestly don't understand the mentality behind their approach, and I suspect they also don't understand the mentality behind mine either.

On the other hand, I'm not the one with my computer in a botnet and having college kegstand photos turn up during job searches.

Re:been happening forever in other forms

[TheRaven64]

The language is irrelevant. Isolating programs from each other and resources is the job of the operating system. You can argue that operating systems should be formally verified, but if an operating system is dependent on properties of the source language for protection then it is fundamentally flawed, because attackers will just use a different language. If you add a VM, like Java does, then you're just adding another layer of complexity which can contain exploits and you need to formally verify the VM as well as the OS...

This is news?

[techno-vampire]

As others have posted, scams have been around for as long as there's been commerce. All this is, really, is more proof that P.T. Barnum was right: there's a sucker born every minute, and two to take him.

Facebook has but one agenda....

[tardis+owner]

Facebook is a tool specifically geared to produce profit and be a platform for allowing others to profit. Social interaction and networking are but secondary interests at best. Yes it is free to use, free to join but in the end, it is all to get ads in front of you and get you to spend money. One can profit so many different ways. Serious (business, organizational) networking is but one way one can profit. Data Mining is probably one of the biggest sources of profit and potential profit. Project Gaydar is an example of just one data mining project and a bit on the scary/dark side of things.

Re:Why is FarmVille fun?

[SpeedyDX]

Why is getting high or gambling enjoyable? These are all addictions of some sort, they can't be explained purely by giving an account of perceived entertainment value versus other perceived life values.

Time will help

[Strange+Ranger]

A friend of mine recently posted this to her Facebook wall with a comment about people invading privacy and "stealing" her information:

So I asked in the nicest way possible "Did you think the people writing those quizzes were volunteers or worked for some kind of charity? What would you think if this stuff showed up in your inbox? Would you click on it?". Her reply was amazing. She TRUSTED facebook!

How is this even news? It's news because it's a new medium and people seem to need to learn all the old rules over again. There would be zero story here if these quiz offers and games were showing up in people's snail mail boxes. Just recently we've all gotten bored and thoroughly "experienced" with the same phenomenon arriving via email (w1n F1Fty d0llar$! Click here!). I don't know why people need to learn the same lessons over and over again, but they will, and then stories like this will be as dull and "back page" as stories about the mailman bringing junkmail, or nigerians wanting help in your inbox. Kind of sad but I guess that's (most) humans and there's not much to be done about it.

Re:Why is FarmVille fun?

[jjohnson]

I play Farmville, and don't buy any in-game cash, just work the available free mechanisms. I spend about twenty minutes once or twice a day.

First, I find it relaxing to just click away on my farm. In-game, a small amount of simple effort has tangible results (coins, not the cash they're selling) that I can convert to improving my farm, which leads to...

Second, there's a nice lego aspect of it, where building up coins lets you buy trees and buildings and decorations, so you can arrange your farm. The loading screen is a snapshot of someone's farm, and some people do quite impressive things, like making a farm-sized pumpkin out of coloured hay bales.

The first aspect is the basic mechanism of all games (effort->reward->advancement), and it works fine in Farmville. The second aspect is an explicit bonus, a sandbox part of gameplay that provides more reason to enjoy the game. I'll get bored of it sooner or later and stop playing, but I don't see Farmville as being a more profound waste of time than earning points in Battlefield 2142 so I can unlock the Ganz heavy machine gun.

As for giving away my personal information, I have nothing on my Facebook profile that I wouldn't share with a stranger at a party, so I don't care if it goes in a database somewhere. Zynga gets the my public profile (which is all I put on Facebook anyway), and that seems a low price to pay for some relaxing gameplay.

I love the way they call it "monetizing"

[Bob_Who]

...not so long ago we called it Pimping, Prostitution and Pandering. Its that familiar stench of a french whore house and television network. Venereal "infectious" media and other social networking diseases are spreading like swine flu over every exploitable piece of social media channeled to the consumerist public. Social Networking today replaces the "soap opera" of the last generation. Only now, we're not just watching the soap while folding laundry - instead we are the soap opera, on Facebook. Now, while we're at work, we can't watch "The Hung and The Breastless" but we can kill a fifteen minute break on Myspace - and bingo! that's where they get busy with that ad budget. But the advertising is over the top on tv with hours of infomercials on half of the pay cable and satellite channels we pay to view. And the internet and social networking are going to get even worse than that. The fact is that squeezing the consumer wallet with annoying ads and phishing scams and products like enzyte is the only "monetizing" opportunity in this mass media slut fest. The fatal flaw is that "they" are diluting the effectiveness of advertising because there is too much of it, and we all resent it. And we're broke. Identity theft is the only career opportunity that's left for RONCO and Chia Pet moguls, because nobody is buying their crap. They can data mine us to death, it won't matter if we are all jobless because this is our only revenue stream. Can't we pay people to actually do something besides "slice and dice" the public in nice bite sized nuggets? Would you like the honey or mustard dipping sauce with your culture today?

Increasing sophistication in MMO scams

[RogueyWon]

As an MMO player, I've seen a dramatic rise in the frequency and sophistication of tricks designed to get access to players' accounts over the last few years.

As a bit of background for those who don't play these games; even though most games technically forbid it, the trade of in-game currency for real-life money is big business. A quick look around a few of the well-known sites that are used for this purpose show that, for example, 1,000 World of Warcraft gold will sell for around $10.

Now, those selling the in-game currency need to obtain it from somewhere to sell it. Traditionally, they've obtained their money via "legitimate" means, usually a sweat shop full of part-time students working shifts to keep characters earning money through fairly mechanical processes 24/7/365. I say this is legitimate, but this is only true in so far as it does not violate any game mechanics; it can have a fairly crippling effect on a game's economy and can make life much worse for genuine players. In some cases, this was augmented by 3rd-party automation software (usually called bots) which took away the requirement to have somebody at each keyboard and allowed one person to supervise a dozen or so clients.

However, in recent times, many of those involved in the in-game currency trade have decided to cut out this part of their operations. Rather than earning the cash on their own characters, they rather steal it from the accounts of other players, by gaining access to their account and stripping it bare. This has the twin benefits of not requiring anything like the human effort that earning the money directly via in-game means has and of not driving inflation (reducing the real-world value of the game's currency - unless the game's operator has a policy of refunding stolen currency).

Now, back when this first started to appear, I was still playing Final Fantasy XI, a game whose highly sophisticated and relatively unrestrained in-game economy rendered it highly vulnerable to the advances of real-currency traders (WoW, by comparison, has a pretty basic economy where players never really need much gold to get by, rendering it less fertile ground). Back then, there were three basic ways to lose your account. The first was greed; you sign up for a scam power-levelling service, or a currency trade website that requires you to register your account details. Surprise, surprise, the nice people offering this wonderful service really just empty out your account. Obviously, only the truly atupid are going to fall for something like this (though I can name one or two who did).

The second method relied on fear; you'd get an official looking e-mail, purporting to be from Square-Enix (or Blizzard - this still happens in WoW), claiming that your account was believed to be inactive/in violation or something and you needed to reply to them, stating all of your account details, to prevent it from being locked. Again, fairly basic stuff, though with a convincing enoug e-mail, you will probably always get a few suckers.

The third was pure bad-luck and not really relevant to the currency trade. I remember two FFXI players who broke up with their real-life partners and forgot that said partner had their login details - which they promptly used to trash their account.

However, just as I was making the transition from FFXI to WoW (about 2.5 years ago), more sophisticated attacks started showing up. These generally revolve around the use of keyloggers, to caputre the player's login details. The really big one that I remember, which hit a lot of FFXI players I knew at the time, involved allakhazam - a previously legitimate community site - which accidentally carried a number of malware-laden banner ads. By all accounts, the creeps behind it harvested logins for a few weeks, then struck quickly at as many accounts as they could before people wised up.

Over in World of Warcraft, the situation is even worse, largely due to the requirement that anybody who wants to play in any kind of vaguely serious raid requires 3r