{"id":22117,"date":"2020-11-20T20:44:29","date_gmt":"2020-11-20T15:14:29","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/pubg-metro-phishing\/22117\/"},"modified":"2020-11-20T20:45:08","modified_gmt":"2020-11-20T15:15:08","slug":"pubg-metro-phishing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/pubg-metro-phishing\/22117\/","title":{"rendered":"Open season on PUBG Mobile accounts"},"content":{"rendered":"

Free cheese exists only in mousetraps, but businesses everywhere have been desensitizing people to the idea of freemium cheese for years.<\/p>\n

The freemium approach is especially prevalent in the gaming industry. Game developers and publishers commonly offer users minor but genuinely free goodies \u2014 the expectation being that the gamers will get sucked in and end up spending on in-game purchases. The addictiveness of freemium cheese is what cybercriminals are exploiting when they offer giveaways of rare items for the hit title PUBG Mobile<\/em>.<\/p>\n\n

Giveaway for PUBG Mobile\u2019s new season<\/h2>\n

The mobile multiplayer shooter recently launched a new season with items, monsters, and mechanics imported from another popular shooter, Metro: Exodus<\/em>. No sooner had it gone live than numerous websites appeared offering the chance to win new items.<\/p>\n

\"Phishing<\/a>

Phishing pages with a Lucky Spin giveaway for the new season of PUBG Mobile with Metro: Exodus<\/p><\/div>\n

They all look pretty much the same: distinctly gamer-themed with PUBG Mobile<\/em> and Metro: Exodus<\/em> branding, plus an invitation to spin the wheel to win one of the items depicted on it. Those who know PUBG Mobile<\/em> are probably familiar with this wheel; at the start of each new season, the developers of PlayerUnknown\u2019s Battlegrounds<\/em> offer the chance to get unique items by spinning such a wheel. It\u2019s called the Lucky Spin, and it\u2019s basically a win-win (or at least a no-loss) lottery because spinning the wheel doesn\u2019t cost any points, but it could yield a spanking new gun.<\/p>\n

\"Phishing<\/a>

Phishing pages with Twitter or Facebook login \u2014 a familiar option for PUBG Mobile players<\/p><\/div>\n

To receive the item, all you need to do is log in to your account. This stage offers two options familiar to PUBG Mobile<\/em> players: log in with Twitter or log in with Facebook. Either option, however, results in an error message.<\/p>\n

If you try again, it\u2019ll seem to work, but the page will then ask for additional account information including character name, phone number, and PUBG Mobile<\/em> account level. Enter those and the system will return a positive message: Your winnings will arrive within 24 hours.<\/p>\n

\"Form<\/a>

Form for entering additional data, supposedly to verify the user\u2019s PUBG Mobile account, and confirmation that the item will be available within 24 hours<\/p><\/div>\n

How PUBG Mobile\/Metro: Exodus phishing pages work<\/h2>\n

Unfortunately for the player, the item will never arrive. All of the pages \u2014 our researchers came across 260 of them in just a few days, and their number continues to grow \u2014 were created by scammers. They have nothing whatsoever to do with Tencent, the developer of PlayerUnknown\u2019s Battlegrounds<\/em>, or the creators of Metro: Exodus<\/em>. The sites\u2019 purpose is to steal gamers\u2019 data.<\/p>\n

First, they grab Facebook or Twitter login credentials. The calculation here is that between the user\u2019s desperation to get hold of the new item, and the pervasiveness of using a social network login for another app, their suspicions won\u2019t be aroused.<\/p>\n

But the scammers go one step further, asking for additional information, such as phone number and PUBG Mobile<\/em> account level, apparently to help them evaluate the account\u2019s resale value.<\/p>\n

How to avoid PUBG Mobile phishing<\/h2>\n

The attackers prepared thoroughly for the start of PUBG Mobile<\/em>\u2018s new season; the pages with item giveaways are very convincing in terms of both design and requested actions. Still, on closer inspection, certain phishing<\/a> elements give away the giveaway, so to speak.<\/p>\n