Automatic Detection and Analysis of the “Game Hack” Scam

  • Emad Badawi Faculty of Engineering, University of Ottawa, Ottawa, Canada
  • Guy-Vincent Jourdan Faculty of Engineering, University of Ottawa, Ottawa, Canada
  • Gregor Bochmann Faculty of Engineering, University of Ottawa, Ottawa, Canada
  • Iosif-Viorel Onut IBM Centre for Advanced Studies, Ottawa, Canada
Keywords: Game scam, scam analysis, fraud detection, cyberattack


The “Game Hack” Scam (GHS) is a mostly unreported cyberattack in which attackers attempt to convince victims that they will be provided with free, unlimited “resources” or other advantages for their favorite game. The endgame of the scammers ranges from monetizing for themselves the victims time and resources by having them click through endless “surveys”, filing out “market research” forms, etc., to collecting personal information, getting the victims to subscribe to questionable services, up to installing questionable executable files on their machines. Other scams such as the “Technical Support Scam”, the “Survey Scam”, and the “Romance Scam” have been analyzed before but to the best of our knowledge, GHS has not been well studied so far and is indeed mostly unknown. In this paper, our aim is to investigate and gain more knowledge on this type of scam by following a data-driven approach; we formulate GHS-related search queries, and used multiple search engines to collect data about the websites to which GHS victims are directed when they search online for various game hacks and tricks. We analyze the collected data to provide new insight into GHS and research the extent of this scam. We show that despite its low profile, the click traffic generated by the scam is in the hundreds of millions. We also show that GHS attackers use social media, streaming sites, blogs, and even unrelated sites such as or to carry out their attacks and reach a large number of victims. Our data collection spans a year; in that time, we uncovered 65,905 different GHS URLs, mapped onto over 5,900 unique domains.We were able to link attacks to attackers and found that they routinely target a vast array of games. Furthermore, we find that GHS instances are on the rise, and so is the number of victims. Our low-end estimation is that these attacks have been clicked at least 150 million times in the last five years. Finally, in keeping with similar large-scale scam studies, we find that the current public blacklists are inadequate and suggest that our method is more effective at detecting these attacks.


Download data is not yet available.

Author Biographies

Emad Badawi, Faculty of Engineering, University of Ottawa, Ottawa, Canada

Emad Badawi earned his Bachelor’s Degree in Computer Systems Engineering from the Arab American University in Jenin (AAUJ). After that, he moved to the United Arab Emirates in 2015 and joined the Master’s program in Computer Engineering at the American University of Sharjah (AUS), from which he obtained a Master’s Degree in Computer Engineering in 2017. His thesis research was about parallel implementations for Finite State Machines mutants elimination algorithms, based on OpenMP, MPI, and CUDA. Currently, he is continuing his higher studies as a Ph.D. candidate at the Department of Electrical and Computer Engineering at the University of Ottawa, which he joined in September 2017. His current research is about software security, in particular, cyber-attacks detection.

Guy-Vincent Jourdan, Faculty of Engineering, University of Ottawa, Ottawa, Canada

Guy-Vincent Jourdan is a full professor at the Faculty of Engineering of the University of Ottawa. He joined the School of Electrical Engineering and Computer Science as an associate professor in June 2004, after 7 years in the private sector as C.T.O. and then C.E.O. of Ottawa-based Decision Academic Graphics. He received his PhD from l’université de Rennes/INRIA in France in 1995 in the area of distributed systems analysis. His research interests include distributed systems modeling and analysis, software security, cybercrime detection and prevention.

Gregor Bochmann, Faculty of Engineering, University of Ottawa, Ottawa, Canada

Gregor Bochmann was a full professor at the University of Ottawa from January 1998 to June 2016. Before, from 1972 to 1997, he was professor at the Université de Montréal. When he left, he was honored with the title of professeur émérite at the University of Ottawa. He received his PhD from McGill University in Canada in 1971. His research group works on methods for the development of communication protocols and distributed systems, on the use of formal methods for the analysis, design and implementation of communication protocols, and software development in general. Practical applications of these methods are pursued in relation with network protocols (e.g. Internet and optical networks), Web Services, workflow management, peer-to-peer systems, and analysis of Rich Internet Applications. In the past, they have also done much work in the areas of quality of service management for distributed multimedia applications and development of test suites with known fault coverage, diagnostics and testability.

Iosif-Viorel Onut, IBM Centre for Advanced Studies, Ottawa, Canada

Iosif-Viorel Onut is currently affiliated with IBM Security Systems and Center for Advanced Studies (CAS) at IBM. He also is Adjunct Professor at University of Ottawa. He completed his PhD degree at the Faculty of Computer Science, University of New Brunswick and specializes in topics related to network security, such as simulation, detection, prediction, and visualization of network attacks, and in-depth study of network features for attack detection. Currently, his main research focus is in the area of Web 2.0 application security, compliance and crawling, but also intelligent sensor technologies for context-aware security risk assessment. Throughout his career, he was part of many Research and Development collaborations with institutions such as: DaimlerChrysler AG Research and Technology center in Berlin, Germany; National Research Council of Canada, Institute for Information Technology, Fredericton, Canada; City of Fredericton, Network Infrastructure, Fredericton, Canada; Q1Labs, Boston, US; and recently CAS-IBM, Ottawa, Canada. He authored more than 40 patents, journals, conference publications and technical reports at prestigious international journals and conferences such as Elsevier Computers and Security, Springer’s Lecture Notes in Computer Science and Information Security Conference.


List: The two-letter country code/country abbreviation.,

Daniel Arp, Spreitzenbarth Michael, Hubner Malte, Gascon Hugo,

Rieck Konrad, and Siemens C. E. R. T. Drebin: Effective and explainable

detection of android malware in your pocket. Ndss, 14:23–26,

A. M. Aswini and P. Vinod. Droid permission miner: Mining prominent

permissions for android malware analysis. In The Fifth International

Conference on the Applications of Digital Information and Web

Technologies (ICADIWT 2014), pages 81–86, Feb. 2014.

Emad Badawi, Guy-Vincent Jourdan, Gregor Bochmann, Iosif-Viorel

Onut, and Jason Flood. The “game hack” scam. In International

Conference on Web Engineering, pages 280–295. Springer, 2019.

Morvareed Bidgoli and Jens Grossklags. “hello. this is the irs calling.”:

A case study on scams, extortion, impersonation, and phone spoofing.

In Electronic Crime Research (eCrime), 2017 APWG Symposium on,

pages 57–69. IEEE, 2017.

Tom Buchanan and Monica T. Whitty. The online dating romance scam:

causes and consequences of victimhood. Psychology, Crime & Law,

(3):261–283, 2014.

Carolyn Budd and Jessica Anderson. Consumer Fraud in Australasia:

Results of the Australasian Consumer Fraud Taskforce Online Australia

Surveys 2008 and 2009. Australian Institute of Criminology, 2011.

Compute Canada. Research portal home – compute canada. https://ww, 2019.

Oscar Celestino. Survey scams aimed at social networking netizens. bit.

ly/2Jr9UXK, 2012.

JasonW. Clark and Damon McCoy. There are no free ipads: An analysis

of survey scams as a business. In Presented as part of the 6th USENIX

Workshop on Large-Scale Exploits and Emergent Threats, Washington,

D.C., 2013. USENIX.

Cassandra Cross, Kelly Richards, and Russell G. Smith. The reporting

experiences and support needs of victims of online fraud. Trends and

Issues in Crime and Criminal Justice, 518:1–14, 2016.

Qian Cui, Guy-Vincent Jourdan, Gregor V. Bochmann, Russell Couturier,

and Iosif-Viorel Onut. Tracking phishing attacks over time.

In International World Wide Web Conferences Steering Committee,

pages 667–676, 2017.

Nishant Doshi. Survey scammers moving to pinterest.

Z, 2012.

F. Idrees and M. Rajarajan. Investigating the android intents and

permissions for malware detection. In 2014 IEEE 10th International

Conference on Wireless and Mobile Computing, Networking and Communications

(WiMob), pages 354–358, Oct. 2014.

L. Jing. Mobile internet malicious application detection method based

on support vector machine. In 2017 International Conference on Smart

Grid and Electrical Automation (ICSGEA), pages 260–263, May 2017.

Daniel Jurafsky and James H. Martin. Markov assumption.

zsjAy, 2014.

Daniel Kaszor. How free-to-play games make money.,

Kate Kershner. How do free-to-play games make money?

uU, 2018.

Amin Kharraz, William Robertson, and Engin Kirda. Surveylance:

Automatically detecting online survey scams. In 2018 IEEE Symposium

on Security and Privacy (SP), pages 70–86. IEEE, 2018.

Christian Kopp, James Sillitoe, Iqbal Gondal, and Robert Layton. THE


Journal of Psychological & Educational Research, 24(2):144–161,

Mike Laanela. Canada’s top 10 scams earned crooks $1.2 b last year,

say bbb j cbc news., 2016.

Sophie Le Page, Guy-Vincent Jourdan, Gregor V. Bochmann, Jason

Flood, and Iosif-Viorel Onut. Using url shorteners to compare phishing

and malware attacks. In In APWG Symposium on Electronic Crime

Research (eCrime), pages 1–13. IEEE, 2018.

Manzhi Yang and QiaoYanWen. Detecting android malware with intensive

feature engineering. In 2016 7th IEEE International Conference on

Software Engineering and Service Science (ICSESS), pages 157–161,

Aug. 2016.

Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis. Dial one

for scam: A large-scale analysis of technical support scams. arXiv

preprint arXiv:1607.06891, 2016.

Satnam Narang. Instascam: Instagram for pc leads to survey scam. sy, 2013.

Online. Dns-bh malware domains.,

Online. hphosts online, simple, searchable & free.,

Online. Malcode database., 2017.

Online. Mdl: Malware domain list.

m/, 2017.

Online. Sans: Suspicious domains., 2017.

Online. The swiss security blog., 2017.

Online. Avast download free antivirus for pc, mac and android. https:

//, 2018.

Online. Avg 2019 free antivirus, vpn and tuneup for all your devices., 2018.

Online. Beautifulsoup., 2018.

Online. Beware of music g8 at – it is a fraudulent website., 2018.

Online. Bitdefender antivirus – discover the complete security solution., 2018.

Online. Chromedriver – webdriver for chrome., 2018.

Online. Google safe browsing api., 2018.

Online. Kaspersky lab antivirus protection and internet security software., 2018.

Online. Selenium with python, selenium python bindings.

Jn, 2018.

Online. Virustotal., 2018.

Online. Country codes, phone codes, dialing codes, telephone codes, iso

country codes., 2019.

Online. Google trends.,

Orla. Technical support phone scam., 2010.

Stelian Pilici. How to remove “2017 annual visitor survey” adware

(virus help guide)., 2017.

Stelian Pilici. How to remove “chrome opinion survey” pop-ups (survey

scam)., 2018.

Sampsa Rauti and Ville Leppänen. “you have a potential hacker’s infection”:

A study on technical support scams. In 2017 IEEE International

Conference on Computer and Information Technology (CIT), pages

–203. IEEE, 2017.

Merve Sahin, Marc Relieu, and Aurélien Francillon. Using chatbots

against voice spam: Analyzing lenny’s effectiveness. In Thirteenth Symposium

on Usable Privacy and Security (SOUPS 2017), pages 319–337,

Santa Clara, CA, 2017. USENIX Association.

Bharat Srinivasan, Athanasios Kountouras, Najmeh Miramirkhani,

Monjur Alam, Nick Nikiforakis, Manos Antonakakis, and Mustaque

Ahamad. Exposing search and advertisement abuse tactics and infrastructure

of technical support scammers. In Proceedings of the 2018

World Wide Web Conference on World Wide Web, pages 319–328.

International World Wide Web Conferences Steering Committee, 2018.

P. Tiwari, G. Tere, and P. Singh. Malware detection in android application

by rigorous analysis of decompiled source code. In 2016

International Conference on Computing Communication Control and

Automation (ICCUBEA), pages 1–6, Aug. 2016.

Vanessa. Detailed information about 888.980.9787 or 888.980.9787

phone number in free number 888 free 8xx us., 2018.

Monica T. Whitty. Anatomy of the online dating romance scam. Security

Journal, 28(4):443–455, 2015.

Monica T. Whitty and Tom Buchanan. The online romance scam: A serious

cybercrime. CyberPsychology, Behavior, and Social Networking,

(3):181–183, 2012.

CandidWueest. Fast-flux facebook application scams.

F, 2011.

Zhongyuan Qin, Yuqing Xu, Yuxing Di, Qunfang Zhang, and Jie Huang.

Android malware detection based on permission and behavior analysis.

In International Conference on Cyberspace Technology (CCT 2014),

pages 1–4, Nov. 2014.