As much as game sales are seasonal, so are some scams targeting video gamers.

This particular type of scam—one we’ve seen time and time again yet continues to victimize gamers—comes and goes. On certain occasions, they stay, because they’re either left as is and not reported or there is not much noise created against them.

This is why it is important for each one of us to do what we can to (1) learn to set apart scam sites from the rest and (2) give a poor rating to said site or report it to their ISP for possible take-down.

Let’s take a look at some of these scam sites that were caught in our radar recently. They are as follows:

freesteamcodes[.]net

FreeSteamCodes is a website registered less than 10 months ago and claims to be a legitimate destination where Steam video gamers can get free Wallet codes. Unfortunately, it’s just another one of those sites that lets one copy and paste data from your Facebook URL to their website. In this case, it appears that it wants users to give the site access in order to “promote” the app game called MouseHunt to contacts and group members. Below is a screenshot of the site:

freesteamcodes-defaultclick to enlarge

The embedded video shows users exactly what they want to believe: that the site is legitimate and it’s easy to get codes. Below is a slideshow of events captured when we were interacting with the site:

This slideshow requires JavaScript.

In the end, we didn’t get any Steam Wallet codes. Also, the progress bar indicating that some semblance of validation process taking place will never end as it’s not really a progress bar but a GIF image. Nothing is actually being validated, so nothing will be received back.

Based on the site’s code, however, it’s supposed to direct users to a generator page that resembles to the one on the video. We considered this new URL and tested it. Again, below is a slideshow of our interactions with it.

This slideshow requires JavaScript.

As you can see, it’s still a dead-end as it continues to require gamers to keep doing something first (in this case, a survey) before actually giving up those free codes.

steamingame[.]com

I’ve been watching this domain (and a number of other sites like it) being shared on Twitter over the weekend, and it’s quite alarming how others can quickly pick up on it to spam their own URLs to their friends. Below is what the site in question looks like:

steam-in-gameclick to enlarge

Similar to FreeSteamCodes, SteamInGame is also reluctant to share who’s behind it. It is, however, happy to give interested parties free games in exchange for equally free marketing, and by that we mean “spamming a generated unique URL for people to click”. Below is the complete slideshow of events that you may want to look at:

This slideshow requires JavaScript.

Other domains similar to SteamInGame are as follows:

  • mysteamgifts[.]com (replica of steamingames[.]com)
  • steaminstant[.]com
  • steamaccess[.]com
  • steamexplorer[.]com
  • steampowers[.]net

steam-wallet[.]com

Steam Wallet can be considered a combination of both samples sites we’ve discussed above. Scammers behind this domain (whoever they are) bank on Steam wallet codes like FreeSteamCodes while also employing the spammy tactics of SteamInGame.

Before one even begins to interact with the site upon visiting, we were already presented with a prompt to either Share, Tweet, or +1 the site. Although sharing is optional, the counter with the prompt can move someone to act before the time runs out. Quite a way to force someone’s hand without them realizing it, right?

steamwalletclick to enlarge

The deck below can show you what happens next:

This slideshow requires JavaScript.

Other domains similar to Steam Wallet are as follows:

  • getsteamgifts[.]com
  • steamgiftcodes[.]com
  • steamgifts[.]eu (replica of getsteamgifts[.]com)
  • steam-wallet-gifts[.]com
  • steam-wallet-money[.]com

Free content giveaways like the above are typically never truly free; users tend to pay up in one form or another. Unfortunately for those who buy into the promises of the sites we’ve named above, they are paying scammers money for answering surveys and potentially endangering others with spam that lead others to them.

To avoid survey scams and other potentially malicious domains, one can manually blacklist them. Or you can take the easier route, which is to install an Anti-Malware product that’ll block such sites for you.

Jovi Umawing (Thanks to Steven for the tip)