Adam's blog: Meeting a scammer in Minecraft
A few days back my friends and I were searching for a new Minecraft server to play the Bedwars gamemode on. Little did we know what rollercoaster it would take us and that we had a new old friend already waiting for us.
Joining a new server
Most of the time when playing Minecraft minigames competitively, since the closing of Mineplex, we are playing on a Hypixel server – the most popular server there is, which comes with a super-scary anti-cheat or anti-scam watchdog. However, this server is running on the pre-1.9 version, which features an old Minecraft combat system, while we prefer the newer one. This is why we decided to venture and find a new server and we landed on Cubecraft.
Immediately after joining my friend was greeted by some “old friend”! Said “old friend” tried to get in touch again after a few years they played together. They even knew they were from Czechia!
Being welcomed immediately after joining a server
Welcoming chat - Scammer (red), my friend (blue)
At this point, we were hooked and wanted to see where this friend went.
Quick Q&A:
- Why was my friend approached? A friend of mine has a special cosmetic item in Minecraft and accounts with this special cosmetic item – a cape – are being sold for a lot of money, so stealing them is a good business. He is contacted quite often with offers and regular phishing, however, meeting someone pretending to be his friend was first for us all.
- How the scammer knew my friend is from Czechia? They have Czech flag on their NameMC profile.
- How was the scammer able to single out my friend seconds after joining a new server? No idea, this was honestly super impressive.
Playing with a new old friend
We have played a few rounds, in which the scammer was super nice to us – they gave us diamonds even when they were on different teams and never attacked us (which is a bannable offence in this game, FYI) and even invited one more of their friends into the group. We all were having fun! You know what is more fun? Calling with friends while we are playing.
After a few rounds, they asked us to join their Discord server for a call - Scammer (red), scammer’s friend (pink), my friend (blue)
And this was the other shoe – an invitation to a Discord server discord[.]gg/furnace. All we need to join this server and verify our Minecraft accounts to be able to join the voice call. Interestingly, when we invited them to our own Discord server they did not join and instead pressured us to join their server. Weird, right?
The verification is nothing sinister, pinky promise - Scammer (red), scammer’s friend (pink), my friend (blue)
By the way, this is where the friend of the scammer came into play – they were supposed to show us how easy is to join the Discord server.
Verifying Minecraft account
As stated above, when you join the public Discord server, you have to “verify” your account before you are able to do anything else. There is a Q&A about why the link is necessary and a big green button with the text Link account.
Verify your Minecraft account by giving a random Discord bot your Microsoft email and Minecraft username
After clicking the button, you find out that the verification itself is very easy. All you need to do is enter your Minecraft username and Microsoft account email (Minecraft username can be anything, the Microsoft account has to exist).
Last step of verification is a 6-digit code from your mail, easy, right?
Then you just fill in the code that gets to your email and you are verified!
My “verification code”, or is it?
Wait a second, do you see the code that arrived? This code is not for some verification, it is for a Microsoft account sign-in!
This is what the scam is all about
So the scam is supposed to get you to join their Discord server through their “verification” process that will steal your Microsoft account. And because your Minecraft account is tied to your Microsoft account, the scammer will gain full access to both accounts for the price of one password reset.
As the list of Discord server members is public, we can see how many people were possibly scammed. Unfortunately, there is no clear indication of how many of these are scammers, but given that the server population is currently approx 500 accounts, we can guess that at least some of them are victims.
Conclusion
This was the first time I have encountered this type of scam – a scammer posing as an old friend of yours asks you to join their Discord server with a slight catch. To join the Discord server, you have to “verify” your account which will lead to your Microsoft account being stolen. The main reason for this type of scam is not only the classic one but also to get high-value accounts that can be sold for a considerable amount of money.
As with many social engineering scams, the scammers are using psychological tactics where they are first pretending to be your friends to incentivise you to do what they want you to do. What is especially sickening is that given the main audience of Minecraft is kids, they may also be the main target of the scammers. They are able to do this with impressive speed as my friend was approached within seconds of joining a new Minecraft server.
We have of course reported the scammer both to Discord and Cubecraft. At least on Cubercraft, we can confirm that both their accounts were banned. This won’t stop them for long but hopefully will make their day a little worse.