dark        

Inside the incredibly shady world of game key scammers

0

No 'light theft' for me this time, folks!

A. Verdin (name redacted for privacy) isn't the only person who allegedly scammed review keys from video game PR representatives and developers, but he's one of the few who got caught.

Verdin – AKA "BattlefieldAxe," "Airo95," "RaphaAaron," and "James Rodriguez" – has a reputation among publishers and PR reps for running game key scams; a con where the scammer falsifies some manner of credential in order to score free download keys for video games, often indie titles. In Verdin's case, he's almost certainly impersonated a member of Twitter's verification team and the PlayStation UK team, as well as allegedly impersonated representatives from EA, Square Enix, Bethesda, and Friday the 13th developer Gun Media. Although it's unclear how falsifying Twitter credentials figured into his alleged scam, Verdin reportedly obtained "about 50 keys" for the Friday the 13th: The Game beta as well as multiple Battlefield beta keys.

Since then, he's allegedly posted a since-deleted apology on Twitter, where he offered to reimburse the companies he's scammed via PayPal. This was approximately seven months ago, back in October 2016 – based on this screenshot. Although most of the screenshots we've obtained have been from second-hand sources, we've been able to conclusively verify that Verdin's current Twitter account once went by the handles accused of key scamming. The only thing we've been unable to confirm is whether Verdin ever apologized.

Two months after the apology, Verdin allegedly went back to his old ways by implying he was a member of the Friday the 13th: The Game development team on Twitter. Verdin initially responded to request for comment, but went silent after asking me what my plans were for the article.

The allegations surrounding Verdin won't be surprising to anyone who works in game development or PR. It's the age-old tale of people willing to pull some shady business in order to get free stuff. But since this is the video game industry, the whole ordeal has to be infinitely more complex than just stealing a loaf of bread from a grocery store.

Becky Taylor, a game developer/businessperson/PR rep known for working with Reboot Magazine and Innervate, was the person who clued me into Verdin's reputation ("he called me a cunt and blocked me for calling him out"), although Square Enix Senior CM Cat Karskens and Bithell Games' Mike Futter aren't big fans either. Taylor's experience is notable, in part because she could point to a man with a name and say "he did it." Most of the time, you don't even get that unless you have deep pockets and a lot of free time. 

We initially confirmed that Verdin previously owned the @BattlefieldAxe, @Airo95, @RaphaAaron, and @JrodriguezVT accounts by Googling the respective Twitter URLs. Thanks to Google's cache, we found that some Tweets associated with the old handle were connected to the new one, confirming our suspicions. The Tweets either took the form of redirected posts or replies from other accounts. We also manually combed through nearly 3,000 Tweets "liked" from Verdin's current account, where he had interacted with people manually replying to his old handles. Be warned, that link is very NSFW – the guy likes porn and isn't afraid to show it. I've scrolled through so many bare asses while reporting this story, I think I'm 100% desensitized to nudity.

Although Verdin allegedly did most of his work on Twitter, most scammers prefer more traditional forms of communication. "I can't tell you how many fake emails I used to get a day when I worked at a development studio. Hell, I still get them – and I get them asking for keys for free-to-play games on Steam because they will literally copy paste the same email," Taylor said. "Most of the time, it's them claiming to be a Russian YouTuber, or that they have a huge Steam group I should support."

The PR representatives I spoke with for this story corroborated Taylor's statements, including Zoink Games PR and Marketing Manager Mikael Forslind, who extensively documented his experience with a Russian YouTube channel. "The most elaborate scam [we encountered] was the YouTube channel that rebrands the whole channel every now and then, " Forslind said.

"So, the scammer creates a YouTube channel and calls it something like 'Mike's Gaming Channel.' They add correct artwork, register an email something like [email protected]gmail.com. Then [they add] a few videos, normally just recorded videos with gameplay and no editing work or voice-over work. Then they register their channel on sites that deal with key requests and my guess is that they just request all games they come across," Forslind said. "I fell for that, which makes me furious."

Forslind attached a Google Sheets document that lists some of the scammers he's encountered, along with screenshots from a YouTube channel that has rebranded multiple times over the course of its short existence. In fact, it changed from "FancyFish" to "UnendingGaming" while this article was being written.

Although you can see many hallmarks of the channel rebranding con – new icons, new staffers, clear form letter, etc. –  the scammer failed to obfuscate the identical channel URL. It's hard to glean much from Unending Gaming's miasma of Russian Let's Plays and low-quality gameplay footage, but there are a few early videos boasting "The Rock Gaming" branding – proving the channel once went by a completely different name. One TRG-branded video in particular is just opera singing over a Windows desktop.

There's also the story of J. Carmona, AKA "TheKamikazeYT," who became infamous on Reddit for allegedly reselling game keys he had obtained from developers. "[Carmona] went rogue and simply started selling all the keys he got from developers on G2A. He was already on lots of mailing lists and perhaps is still getting free keys from developers, who are unaware that he is using them for profit," said Yulia Vakhrusheva, the Director of PR at TinyBuild. "Believe it or not, but he still reaches out to us, trying to get keys even though he was outed many times!"

"I confronted him, and I said 'Sorry, you are associated with scamming tons of video game developers and selling the provided game keys on G2A. You will need to buy all the games from now on,'" Vakhrusheva said.

Although Carmona's alleged new YouTube account ZurLoko shares a business contact email with TheKamikazeYT, it's somewhat less suspicious – in part because he gets a decent amount of comments and likes/dislikes. Most of the content on his new channel seems legitimate, and although I don't speak Spanish, it does sound like the same guy. The only thing on ZurLoko worth noting is a referral link to G2A – a grey market for download keys we've covered extensively on this website, and a place where Carmona could have sold game keys with little to no oversight.

"This specific encounter didn't come up in our communication with G2A, but this is something that we see all the time. We brought several people to G2A's attention, but even when they are banned, they can just create a new account and continue their shady business," Vakhrusheva said. "It's a perpetual loop."

G2A came up multiple times in my conversations with PR and developers, in part because the contentious relationship between G2A and the rest of the games industry only gets more volatile with each passing day. Although a GameStop equivalent for digital downloads wouldn't be the worst thing in the world (can you imagine being able to offload all those extra Humble Bundle keys with ease?), G2A has been at the center of many controversies, including a story on Kotaku where a key scammer endorsed G2A as a good place to fence stolen goods and a feature on this very outlet where yours truly accidentally purchased stolen property off the marketplace.

Vakhrusheva believes that G2A's open market is partially to blame for the plague of key scammers, since it's so easy to just turn around and sell keys. "We think that every company distributing our product needs to be authorized by us. If we had that level of control, it would drastically hurt gray marketplace and key scammers," Vakhrusheva said.

Raw Fury's David Martinez put it a little more succinctly. "If someone really wants to play our games for cheap then we'd understand if they 'borrow' our titles from a 'friend.' We'd rather they do that instead of giving money to G2A's 'business,'" Martinez said.

When reached for comment, G2A did not tell us of any specific plans to combat fraud on the platform. "Actual instances of fraud on G2A are extremely low," said G2A head of PR Maciej Kuc in an email interview, claiming the site's percentage of fraudulent transactions was "far below" one percent. "The illegitimate or stolen key narrative is just a farce. What developers dislike is that we empower consumers – that's what has found us so many enemies."

Becky Taylor disagrees. "The fight is usually 'Why shouldn't customers be able to sell their unused keys – or resell games like GameStop does?' Well, that's the big question right there. Could G2A redeem itself if they were able to block stolen keys easily?" Taylor said. "Though, there might have been a tussle [regarding stolen product at GameStop] at some point, I truly don't believe GameStop has even 1% the same amount of stolen games as G2A."

Although we cannot verify the level of fraud conducted at GameStop or G2A, GameStop is somewhat protected by state-level secondhand dealer laws in the United States. When trading games in my home state of New York, I had to provide an address and some form of government ID. Florida requires a physical description and a "right thumbprint." Three years ago, Philadelphia GameStops came under fire for taking the fingerprints of trade-in customers. eBay is maybe a better 1:1 comparison than GameStop, but I can't imagine anyone looking to offload stolen goods would bother with shipping items across the country when they could sell them locally for cash.

According to Kuc, G2A's current seller verification process requires users to provide a phone number, a social media account "with history," and a PayPal account. It took me about a minute to figure out how to set up a dummy PayPal account – I already knew about Google Voice and the myriad of ways you can make a social media account look real. I brought this to Kuc's attention, but he insisted the site would still be able to ferret out scammers.

"While someone could put in the time to set up a seller’s account that is not tied to their personal information, they will always have to provide us with that personal information if they want to withdraw their money from G2A," Kuc said. He also told Destructoid that G2A is developing "an even more detailed verification process," but declined to share any details, as the process is still "in the end stages of development."

In response to game key fraud, developers and PR firms have created whole sites to combat the issue, like Vlambeer's Do Distribute or Evolve PR's Terminals. There's also the relatively new Woovit and KeyMailer, which specialize in connecting YouTubers/streamers to game publishers. These websites restrict key access to verified individuals – this doesn't completely eliminate key scammers, but it certainly helps weed them out. "The other day I got a request on Do Distribute from a guy who wrote for 'a website' and just linked awebsite.com," said Mikael Forslind. "That's hilarious."

Tom Ohle, the director of Evolve PR, spoke with us about their key management site Terminals, which is currently exclusive to Evolve clients – although the company plans to open the site to other developers "sometime in June."

"We absolutely deal with key scammers all the time, and we built Terminals – in part, at least – as a solution to the issue. In fact, we get so many requests from key scammers – I'd say a good half-dozen a week, and that's just the products I work on directly – that dealing with them has become so routine, and it's actually hard to pinpoint any particularly interesting ones," Ohle said. "We have the verification process in place on Terminals to help with this, and while it does mean we have to dedicate people's time to verify our contacts, I think it's worth it in the long run."

Most of the PR reps I spoke with for this story cautioned independent developers without PR representation to not just hand out codes willy-nilly. Even if you think you're speaking with someone you recognize, be sure to double-check if you see anything even remotely suspicious. Even traditional media outlets can be impersonated – we were forwarded email correspondence where a particularly savvy con artist impersonated PC Gamer's Wes Fenlon and came pretty close to getting away with a bunch of keys.

Eventually, key scammers will likely come up with a new way to fool developers, but for now, better to be safe than spending your free time hunting down fraudulent keys on G2A.

(Verdin, Carmona, and UnendingGaming did not respond to requests for comment, but we will update this story as necessary.)


You are logged out. Login | Sign up

 
 

 

TwitterRedditEmailFacebook
 
Mike Cosimano
Mike CosimanoSenior Reporter   gamer profile

It takes a lot to make a stew. more + disclosures


 



Filed under... #Destructoid Originals #Developer stuff #features #halt criminal scum! #Top Stories

READER COMMENTS LOADING BELOW...


LET'S KEEP THE COMMUNITY GREAT


You're not expected to always agree, but do please keep cool and never make it personal. Report harassment, spam, and hate speech to our community team. Also, on the right side of a comment you can flag nasty comments anonymously (we ban users dishing bad karma). For everything else, contact us!



 
 
 
 
spacer