Especially in America, children are lured into installing malicious software in a scam campaign. Scammers appeal to children by promising additional content to games.
ronstik / Alamy Stock Photo
In the scam campaign aimed at children, the aim is to trick children into clicking on ads and installing, among other things, malicious software on machines. Scammers promise additional content for children’s favorite games, such as Fortnite or Roblox, as a reward for the activity.
In reality, there is no reward, and scammers can actually make money from children’s clicks. At worst, malware installed on the computer can steal data stored on the computer.
Scams are often carried out from hijacked official pages, and the campaign is particularly widespread, especially in America. Scam websites advertised through these direct the child forward by asking for information.
– At least in previous (fraud) campaigns that we have observed over the years, it seems that they always travel to Finland at some point, Cyber Security Center’s special expert Aino-Maria Väyrynen stated to Iltalehti earlier.
Many Finnish children and young people also regularly visit English-language gaming websites, so exposure to fraud is already possible.
This is how the scam works
The site advertises scams on search engines like Google with a malicious .pdf file with related keywords attached to make it easier to appear in the search engine.
– It would seem that these are very much targeted at children, network security researcher Zach Edwards tells
By opening the PDF file link, the user is guided forward. At this stage, the user is often asked for information about the user’s computer or the nickname used in the game, which the user can enter to advance. Finally, the scam asks you to register for another service, which asks for personal information or requires you to download third-party software to your computer, so that the “reward” can be delivered.
– I have tested this hundreds of times. I have never received any awards, says Edwards.
The one who reported on it Wired reports, that the scam is also based on the so-called “cost-per-action” (CPA for short) earning logic. This is a service offered by the American advertising company CPABuild. In this case, by clicking ads or installing the application, the subscriber of the service receives income from the users’ activities.
CPA scams spread not only in search engines but also in YouTube videos.
CPABuild did not respond to Wired’s questions. On his website the company says they have over 150,000 users who have been paid a total of over $40 million.