Spam Bots Infest PlayStation 4 Users’ Messages

By Noah Johnson

PlayStation 4 users have been targeted by a slew of automated chat bots, which link users to a cam show website. The infestation began this year, and users on message boards like NeoGAF.com reported they received messages in June.

As the responses grew, videogame news outlets like Destructoid.com even covered the story. Ryan Slavic, a Youngstown State University student living on campus, has had messages from these spam bots.

“I received my first message on Aug. 9 from a bot named valentuna22391_f, who said they found my username from the profile search on PSN Messenger,” Slavic said. “By subsequent messages, you could tell they were a bot.”

While some automated chat programs have advanced algorithms to simulate conversation to fool users, the ones using the PlayStation Network are more primitive. It quickly becomes clear they primarily respond to the simple act of receiving a response rather than its content.

For Isaac Hraga, another YSU student, simply receiving a message from an unknown user is suspicious enough. He said people don’t usually message just to talk.

“I usually tend to ignore bots on PSN outright,” Hraga said, “… and can spot them based on the general culture on PSN.”

Most of these messages begin with some variant of greeting, “hi bb,” or simply, “hey.” After a user responds, they claim they found the recipient through the profile search before immediately questioning a user’s age.

Unless a user explains they are under the age of 18, the bot will respond with their own information, such as the bot girlzy92.

“22/f… whats up?” said girlzy92. “Ahh, i just got done playin cod and i’m gonna start studying cuz i’m still in college right now. i just started back a lil over a month ago and i’m already lookin forward to thanksgiving break lol”

The messages generally follow the same format, though messages from June referenced the summer break instead of Thanksgiving like girlzy92’s, which was sent in October. After feigned small talk about playing the latest “Call of Duty” video game, the bot will then get to their intended goal, soliciting users for a free trial on a cam show website.

The link sent by girlzy92 shows up as shortcamlink.com/amya, though this is simply a cover for facetimecammers.com, which itself finally redirects to realmemberflings.com. The realmemberflings website exhibits several unusual characteristics.

The appearance of the website will arbitrarily change between refreshes. The site is devoid of any form of documentation or contact information except for one of its three arbitrary permutations. This rare version of the front page does contain a privacy statement, and an email address, [email protected], which doesn’t appear to exist.

Concerned users have brought the issue attention on Sony’s help forums, and moderators recommend they block and report the bots. Any user can discern a bot by examining its account.

While they claim to be fans of the “Call of Duty” series, none of the bots will have any games shown in their play history or trophies on their account.

Andrae Reed, a professor teaching website development, said some further tips for users concerned about their security online include paying attention to the URL address. He said the site may look legit, but a lot of times the URL is a dead giveaway.

“A few weeks ago, I received an email saying my tech desk problem has been fixed, and to click a link to verify the work order,” Reed said. “The URL did not even have ysu.edu anywhere to be found, and I suspected it was a man in the middle attack, where the site takes your login info by looking legit, and once you press submit, it takes you to the real site.”

One can set up a free PSN account quickly, and the messaging service does not require premium PS+ membership. These fake accounts could be produced in multitudes with several taking the place of any one that gets banned after being reported.

PSN has had security issues in the past. Users with credit cards on their accounts can become victims when Sony’s service is hacked. Reed has his own precautionary measures for such attacks.

“When I use PSN or XBOX Live, I use a prepaid credit card that only pulls money from my bank when I allow it to,” said Reed. “I only keep enough money on the prepaid card for a purchase I am going to make.”

Reed said the prepaid card route is more work, but it provides an extra layer of security.

1 comment

Comments are closed.