Resident Evil 8 just the latest game plagued by fake demos and early access scams

Resident Evil 8 just the latest game plagued by fake demos and early access scams

There’s been a number of scams targeting fans of major upcoming video game releases over the last week or two. Why is this happening, and what can you do to ensure both you and your children avoid such fakeouts?

Preview power: the 80s and 90s

Back in the 80s, games reviews were only really found in dedicated gaming magazines like ZZap!64 or Amstrad Action. A couple of magazine publishers had the idea to distribute full games and demos on cassette tapes mounted to the cover. This led to some spectacular covertape related magazine warfare, distribution of games without permission, and copyright breach extravaganzas.

Downloadable demos: 2000s and beyond

When net-connected consoles blasted their way into homes from around the time of the original Xbox onward, this granted a second life to the old cover tapes and discs. Consoles came with demos pre-loaded, you could download demos or full games, and update purchased titles on the fly.

Consoles going digital slowly came with its own problems. Even so, the digital download revolution encouraged new funding models and ways to play games. Early access, where players are granted first look at a title by paying or for free, is where our latest scam lies.

What are the scammers doing?

Scammers are using demos and early access promises as bait for phishing and other forms of attack. The upcoming Resident Evil title, Village, currently has a spin-off demo version called “Maiden” on the Playstation 5 with other versions to follow. Enterprising phishers are distributing fake mails offering “Early access invitations” to play Village itself, which is the full game, set after the events of Maiden.

In this way, they’re trying to ride the wave of popularity for Maiden by encouraging people to get their hands on the rest of the content. The game developers, Capcom, also mention avoiding any files offered up by the phish. This sounds very much like the phishers were also dabbling in malware distribution.

We bring tidings. Bad tidings.

The full Capcom message sent to press reads as follows:

We’re sending this message as we’ve been made aware that there are currently emails circulating that pretend to contain “Early Access invitations” to Resident Evil Village. The sender address is being displayed as “no-reply(at)capcom(dot)com”.

We want to inform you that these messages are NOT from Capcom and appear to be phishing attempts by an unauthorized third party. If you have received such a message, please DO NOT download any files or reply, and delete the message immediately.

If you are unsure of the authenticity of correspondence from Capcom, please contact us directly to verify.

This is perfect bait for younger gamers who may not be aware of this type of scam attempt. No doubt it’ll have caught out many an adult gamer, too. That’s the most recent attempt at tricking people with fake early access. Shall we take a look at a slightly earlier effort?

Fake Beta build scammers come for Far Cry

Far Cry 6 is the soon to be released entry into Ubisoft’s unstoppable game series. Last month, a supposed “beta” build of the game was mentioned in emails to various influencers / content creators in the gaming space. The mail, flagged as being under embargo, comes complete with an access password. When the password is entered, and we’re not sure if they mean to open a zip or on a fake website, an infection is downloaded to the PC. According to potential victims, it “watches your screen and records everything you do”.

That’s bad enough. This is by no means the end of the wave of fake beta/early access/demo invites though.

Gaming a wide audience

In January, THQ Nordic warned of scam mails related to their game Biomutant. As with the other missives, it seems to focus on content creators / developers. Seeing developers state that no early builds of games are being mailed to people is bad news. Could one group specifically be trying this early access build gimmick? Or is everyone at it? Quite often, a new way to go on the offensive is posted to underground forums and then people go off and try it. That could be what is happening with these attacks, or it could just be coincidence.

As far as fake betas go, those have been around for a long time. A good example of this is Cyberpunk 2077, back in July of last year. How about a Fortnite Android beta scam from 2018? We can certainly round things out with a Valorant themed, malware laden closed beta key generator from last April.

Some tips to avoid fake beta/access scams

  1. At least some of these attacks are targeted towards gaming influencers or people with big platforms. As a result, this means you may not encounter a few of them. If you do fall into this category, basic security hygiene applies. Check the security of all your accounts and enable two-factor authentication if it’s available. Run up to date security software, and ensure all your devices are patched and up to date.
  2. Begin locking down your gaming accounts if you haven’t already. It might not just be your PC at risk from attacks. They could be after your console logins / details too. All major gaming consoles have plenty of security features. It’s well worth digging out their security documentation and shoring up any gaps in your defence.
  3. If a games developer emails you out of the blue, it’s fairly easy to figure out what’s real and what isn’t. Major titles announce betas, and early access programs clearly on websites, social media, and gaming portals. It isn’t left to random mail shots and mysterious attachments. If there’s no evidence of whatever you’ve been sent in some sort of official capacity, steer clear. Worst case scenario, you can always contact most developers on social media. They will likely be happy to help if what you’re showing them is a scam.

Press X to continue?

We recommend telling younger gamers in your household about these scams, and also the security solutions used to address them. The “exclusive preview build” technique aimed at influencers probably won’t remain aimed at them exclusively for very long, so watch out for that. You may as well get ahead of the game now before the inevitable next wave of beta invite scams land in mailboxes near you. There’s always something to think about in video game land.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.