Hi Guys,

I was reading an article in Wired Magazine about a pervasive scam targeting kids through enticing Roblox and Fortnite ‘offers,’ and I wanted to summarize it for you all. You can read the detailed article by visiting this link on wired.com, but in a nutshell:

Summary of Scam and How to Avoid it:

  • Origins of the Scam:
    • A US-registered advertising company’s affiliate users are behind the bulk of these scams. These scams are extensive and prominently public.
  • Target Audience:
    • Primarily children, who are tricked into downloading apps, malware, or submitting personal information in exchange for nonexistent rewards in Fortnite and Roblox.
  • How the Scam Works:
    • Attackers exploit vulnerabilities in websites (including .gov, .org, and .edu domains) and upload malicious PDF files.
    • These ‘poison PDFs’ are SEO-optimized and appear in search results, promising free in-game rewards or other incentives.
    • Clicking these links directs users through multiple websites, ultimately landing on a scam page that asks for personal details or other actions.
    • Scammers earn money when people follow through these steps, but the user never receives the promised rewards.
  • Example of the Scam in Action:
    • After clicking a link for free in-game coins, users are guided to a webpage asking for their username and OS. They are then asked to sign up for another service or enter personal details to ‘unlock’ their reward—yet no reward is ever granted.
  • Affiliated Company:
    • The scams are linked to the advertising firm CPABuild and its network members.
  • How to Avoid Falling Victim:
    • Be sceptical of ‘too good to be true’ offers related to Fortnite, Roblox, or other popular games, especially when they ask for personal information.
    • Do not click on unfamiliar links, especially those promising free rewards.
    • Always check the URL and ensure you are on an official and secure website (look for ‘https’ in the web address).
    • Educate your children about the risks of such scams and advise them never to enter personal information without consulting an adult.

Please be cautious and educate your kids on these risks. If you need assistance or help in any way regarding this matter, you can contact the Privacy Care Team 24 hours a day, seven days a week.

All the best,
Max Roberts
Incognito Privacy Care Team