How I Got Free Games with a Social Engineering Glitch

Written by matejsmycka | Published 2024/03/07
Tech Story Tags: penetration-testing | social-engineering | cybersecurity | video-games | game-review | side-channel-marketing | gaming-industry-trends | gaming-journalism

TLDRStart a company focused on game reviewing. Gain a public domain for the site and email. Create website. Side channel marketing. Message game publishers. Profit. The result is that I managed to get a few steam keys for games.via the TL;DR App

Character stat requirements

  • Web development - level 5
  • Social engineering - level 3
  • Content creator - level 1

How to reproduce

  1. Start a company focused on game reviewing.
  2. Gain a public domain for the site and email.
  3. Create a website.
  4. Side channel marketing.
  5. Send a request to game publishers for a review of their product.
  6. Profit 📈

Idea

I heard from my friend that he gets a lot of exciting places for free purely because he is a journalist. I told myself how difficult it can be to look like a journalist or create a company that will allow me to be one.

This is how the idea of creating our site was born. The plan and its implementation are as follows.

See the site: https://www.gameczech.xyz/

Disclaimer

This experiment was done purely for educational purposes. I don't encourage any unethical behavior.

On the other hand, the line between a legitimate request for a review and my request is small because I will indeed write a review on these games.

Implementation

  • Create a name and catchy phrase. I choose GameCzech - your favorite game review powerhouse.

  • On Godaddy, I got a domain for 1$ for a year named gameczech.xyz, and an o365 email for about 5$.

  • Logo and other graphics were generated using midjourney and gimp.

  • I further used the HUGO framework in Golang, which allows me to write a CMS for content management in markdown quickly and supports various features like tags, which are handy.
  • The resulting site was hosted with GitHub Actions for free.
  • After that, with the help of ChatGPT and handwriting, I created many posts based on Steam reviews or reflecting my opinion on the game.

  • Side channel marketing includes the creation of several accounts on different platforms. This ensures a higher priority on Google search and adds legitimacy to the company.
  • Then I sent emails to multiple game publishers, which looked like this:
Dear XXXXXX,
I am XXXX XXXXX, and I represent GameCzech, an online gaming magazine.

We are interested in reviewing your game and would like to request a complimentary copy. 
Namely, the following title: 

XXX_XXX

offering our readers insight and potentially boosting interest in your game.
We respect the effort put into game development and are committed to representing your game authentically. 
Please let us know if you can accommodate this request and any guidelines you may have for the review.
I appreciate your consideration. 

Best regards
XXXX
  • And wait, and while you are waiting, you can use some service to watch various metrics. I used Google Analytics for status-watching. You can see that most of the mine traffic was from the USA and it is labeled as “Direct“, which are probably links that people clicked after receiving the e-mail.

The summary is that I defacto created a game review magazine, at least its page. This effort was quite significant and lasted about two days.

The final cost was around 6$ and two person-days of work.

Problems

Of course, this shouldn't be possible with someone who has set up policies that include requirements for who can send what and who does proper background checks.

Unfortunately, the world does not work this way, and internal policies often do not cover everything they should.

Another problem occurred with the email; I got caught in spam many times, and I could not reasonably increase the priority of my email. Still, an experienced admin would indeed find a way to solve this.

The GameCzech experiment

The result is that I managed to get a few Steam keys for AAA games. Generally speaking, this tactic didn't work in indie studios and was more successful in big studios. I didn't activate the games I got, and I'm not interested in them. The experiment ended as soon as I got them.

I won't say precisely the titles I gained for several reasons, but let's say the success rate was about 20%. And I got around 100$ worth of steamkeys.

It was exciting for me, and I will try to get to some game conferences and other physical places with the status of a “journalist”.

It's sort of like physical pen-testing but on convention.

I will be glad if you leave feedback, and thank you for reading.

Written by matejsmycka | -
Published by HackerNoon on 2024/03/07
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy