The FIFA 14 “Free Coins” scam

Today is European Data Protection day 2014, or ‘Privacy Day’ if you live outside of Europe. Happy EDP or PD depending on where you live.

One of these accounts asked for my email username and password to get free FIFA coins
One of these accounts asked for my email username and password to get free FIFA coins

To celebrate EDP/ PD, I thought I’d share the latest scam going around on EA Sports FIFA 14 and Twitter, mainly targeting children.

FIFA 14 has one of the best monetisation strategies of all computer games which leaves Candy Crush and Farmville well behind.

Firstly, the game costs around £40 to buy, and to play it online on the Xbox, you need to buy a subscription to Xbox Live, which is a further £40 per year. And that’s only the beginning of the journey because many online gamers have quality football ‘players’ in their squads.

There are two ways of getting decent players into your own team – either to trade players in a marketplace or buy ‘packs’ of players (a pack contains a random selection of players which are undisclosed until purchase).

The currency for these transactions are FIFA points. You can buy FIFA points with real cash or through trading players. A brief survey of my kids’ friends revealed that the average amount of money spent on FIFA coins is around £10 per month. Playing FIFA is a £200 per year hobby.

The trading option provides the perfect environment for scammers – it’s the combination of naïve children who constantly want more FIFA Coins.

There are dozens of websites and Twitter accounts setup offering ‘free’ or cheaper coins. Remember that we’re dealing with children who want more coins quickly. So these websites ask for personal details in return for the coins. These personal details appear logical to a child.

I saw a Twitter scam as follows:

  1. The ‘Free coins’ account asks the gamer to follow them in return for coins. The reason for asking a gamer to follow the account is because following a Twitter account enables both parties to Direct Message (DM) each other. This means that further communication can’t be publicly viewed.
  2. The ‘Free coins’ account now DMs the gamer, dangles the carrot of ‘Thanks for following, do you want 100K or 500K coins?’
  3. The gamer responds
  4. The ‘Free coins’ account now asks for the FIFA team name and the Xbox Live account name. Both appear reasonable and are easily justified as “I need to know who to send the coins to.”
  5. The gamer replies.
  6. Now the clever part… the free coins account claims the transaction didn’t work correctly. They will ask the gamer to re-confirm their details. It builds the frustration and emotion for the gamer.
  7. The free coins account now explains there must be some sort of technical problem and asks for the gamer’s email account and password.

At this point, the DM conversation may have taken under 5 minutes from the gamer following the account. Once any hacker has control of a person’s email account, they have an open door to many other services because they can visit other sites and press ‘Forgotten password’, and keep resetting these services. And of course, the hacker’s first job is to change the email password and backup email account/ phone number.

Remember that we’re mainly dealing with children who undervalue security.

There are two steps to prevent this scam:

  1. Explain to your child the importance of never giving away their email password to anyone, no matter what the ‘offer’ is. It’s the online equivalent of giving a stranger your house keys.
  2. Explain no one on the Internet is likely to give you something for nothing, especially just for following them on Twitter. Back to the first analogy, it’s like someone on the street offering to buy you some chocolate for free, but they need your house keys to leave the chocolate in the fridge.

Parents of children who have fallen for this scam are rightly upset. The psychological impact is that a stranger has managed to break into the family home and steal from the children, all without parents noticing.

With more apps and games offering freemium options and monetised gamification, these scams will become more common.

Have a happy European Data Protection day.

9 thoughts on “The FIFA 14 “Free Coins” scam

  1. You forget to point out that’s it’s kids and teenagers running the scams. Personally I think ea are the biggest scammers of the lot. I also believe buying packs is a form of gambling and should abide to the Same rules as gambling ea are promoting and stealthily instigating underage gambling and no one seams to even notice??

    1. I have no evidence that it’s kids and teenagers running the scams – do you? I’d like to see it.
      Whilst I don’t necessarily agree that the EA model is like gambling, it is on the thick grey borderline of monetising a relatively addictive computer game which is popular among children.

    2. I agree completely – in fact it was my 13 year old who brought this to my attention. He had worked out for himself that a scenario where you give someone money (EA in this instance) and you get something in return that may or may not contain something of value is pretty much the definition of gambling. Couple that with the excitement and anticipation of opening the packs one-by-one and hoping that the next one contains what you’re wishing for, then it’s no different to scratch-and-win (more likely scratch-and-lose) cards at the lottery counter

  2. This sadly happened to my teenaged brother today…he was scammed out of $140 from his own personal savings…he is only 13. Let’s bring this site down: serviceforfut.yolasite.com and so many other young kids are falling for it too!

    1. Sorry to hear about this Vanessa. I recommend you send an email to EA Sports, and also sit your kids down and tell them about the dangers of handing over any information online.

  3. It’s interesting that 3 years later this is still going on. I moderate a software support forum and we keep getting spam walls of text on the forums, pointing to websites that sell fifa 16 coins. It points to websites like fifavip , fifafest, eafifacoin (all dot com) which seem very well made, almost legit to be honest.

    Ironically it’s the *only* spam we seem to get on our forums. So it must be a pretty intense business.

Leave a Reply

Your email address will not be published.