From Theresa's Wiki
Jump to navigation Jump to search

A scam is an attempt to trick a person into giving away their valuables and/or personal information to the perpetrator for any purposes that would be harmful to the victim. The primary motive for scamming is personal gain, but in any case, it is a malicious act. Scamming is considered to be a very widespread issue on Toad Town Online.

Transaction scams

The following are common scams that involve Stars, via some form of on-site transaction, although they do not involve any phishing. These types of scams often cause the victim to lose substantial amounts of Stats, although the Stars may be recovered by contacting

  • Classic defrauding: The perpetrator advertises a service or product for a fixed fee, usually sold through T-shirts.
    • Drawn portrait scam: A common example of defrauding, the perpetrator runs a series of advertisements on the site and advertises that the victim can "get drawn" for a fixed fee, through the purchase of an item. Once the victim purchases the item, the perpetrator refuses to follow through with the drawing and may block the victim to prevent further contact. Many of these items have since been deleted by moderators, although some can still be found on the website. This scam has since dwindled as moderators continue to remove these items from the catalog.
    • "Invisible" shirt scam: A user publishes an advertisement that claims a certain piece of clothing will cause the player's Toad(ette) to become invisible. The clothing is instead simply transparent, which does not create an invisible Toad(ette). If no preview is seen in the catalog for the item, the perpetrator may claim that the image is "broken" when in reality the image has been rejected by moderators.
    • Color-changing shirt scam: A user publishes clothing and claims that it's a GIF and changes color in any game. However, the clothing is simply nothing, which is why it doesn't load online. There are videos claiming that the clothing works which were edited using a green screen and some errors can be seen in some moments. This scam should not be confused with clothing that is partially transparent and changes color based on the avatar's skin color. 
  • Free Stars scams: The perpetrator promises the victim free Stars as long as they enter their information into a site. Once the user enters the information, the player's account will be stolen.

Phishing scams

These scams take place when a user gives their sensitive information to a seemingly-legitimate service, only to receive malicious results. The damage ranges from losing Stars and Coins, to account compromise, and to malware infections. Phishing scams are very common and are often targeted towards new or young users who have not made purchases on their account, as Stars and Membershp are desired by many players but cost money that they may not want to spend or cannot afford.

In most cases, once a user is phished, their account is added to a botnet with which the thief uses in order to spread more scams. This, in turn, may result in the victim's account being terminated if it is reported for spreading these scams.

If TTO+ is enabled, when directed to a known phishing site, extension, etc., the extension will automatically close the tab with the phishing URL.

  • Login info via TTO messages: The scammer messages a user and asks for his/her username and password in return for Stars or services, such as Membership. This can result in account loss. In 2016, this scam became more common and was often done by sending a message to the player. After the victim is scammed, the victim's account is then used by the scammer to scam others.
  • Fearmongering: The scammer messages a user and asks them if they are the rightful owner of their account, citing an apparent increase in the user's account value and claiming they have already messaged another user who failed to provide 'proof' and had their account terminated. If the user ends up giving an explanation, the scammer will ask them to contact them on an offsite program or URL, after which the end result would be the victim's account being phished or hijacked, usually because the scammer asks the victim to send an image of their password reset email with the link shown or is asked to use Inspect Element in order to extract their .TOADSECURITY cookie and send it to the scammer. This scam is mainly aimed towards those who have a high average value of limited items in their account.
  • Login info via friend request: The scammer follows and sends a friend request to the user with usernames that persuades the user to click on his/her profile. The perpetrator's profile description contains an offsite link that will prompt the victim to input his/her login information, usually for a 'reward' of Membership or Coins. This scam is more effective than TTO messages alone since users can limit the number of people who can message them.
  • Login info via email: The scammer leaves comments asking for users to give account information to an email address, listing false reasons that can seem convincing to a newbie TTO user.
  • Login info via exploits: The scammer leaves comments directing users to a link that gives an exploit tool for TTO, which will then ask for login info.
  • Malicious programs: The perpetrator directs users to a link that downloads an executable program (.exe), often advertised as "hacks" or "exploits" onto the user's computer. When executed, the program injects malicious code into the system to gain information and provide complete control of the user's desktop. This not only compromises a user's TTO account but their entire computer. This can include banking information, several passwords, document information, and might destroy Windows or TSUG Installation. Antivirus programs will try to quarantine the executable program a user has downloaded. Users should never download files (especially .exe files) from unknown sources.
    • Recent executable files have also been known to log .TOADSECURITY cookies. Because the program only takes cookies and directs them towards a webhook, antivirus applications fail to find its intentions malicious, resulting in accounts being stolen and sold frequently.
  • .TOADSECURITY scam: The perpetrator convinces a user that the TOADSECURITY cookie must be given to them. Read this article for more information on the .TOADSECURITY cookie.
  • AuthTicket scam: Similar to the .TOADSECURITY scam, the perpetrator gains access to a user's AuthTicket, required to join the game and authenticate your user. If they were to get this, they could join games under a player's username with a simple batch command and buy in-game purchases without their knowledge. TTO+, a Google Chrome extension, warns players when they input the AuthTicket link.
  • Fake websites: These fake websites have a login form and a domain name that looks very realistic but is fake and claims to give a fake reward that needs to be posted in several places. This just steals a user's log-in information and promotes the scam using the stolen account.
  • Botted Toad Houses: A Toad House that tells the user to go to an offsite link that claims to give out free Stars or Membership, botted with bot accounts in the thousands in order to get the game on the front page, and sometimes botting likes. These games are usually taken down very quickly.
  • TTO-related advertisements: These advertisements promise things such as free Stars or Membership. They may redirect to another VidSpace channel or a phishing site.
  • Login info via chat: What it means is that a bot sends the player the friend request. If it gets accepted, they'll say scam messages.   
  • Phishing GUI: Commonly found in fake "Free Stars" games, a realistic-looking GUI posing as a login screen or error will prompt the player to input their login information. The victim's login information will then be stolen.
  • Free item scam:: A user receive messages from friends or other random users saying "hey, if you use the code "(fake code)" on (scam website), you get a free (valuable item)". Visiting the site, users are shown a login screen similar to that of TTO's official login site. If the user enters their username and password, their account will soon be hijacked and looted for its Stars, Coins, and/or limited items. It will also then be used to spread the scam further.

Scam bots

See also: Spam#Phishing spam

Do not visit links posted by a scam bot!

A scam bot is a common nickname used to describe automated accounts that spread messages attempting to lure players to unsafe websites in order to steal their TTO credentials or other valuable information for their owners' personal uses. It is highly recommended to ignore these accounts' requests and/or report them instead.

These types of bots have been around on TTO for years, however certain economy-related changes have been a catalyst for their rapid rise in recent times. Between 2017 and 2018, they often followed a very basic avatar style, and were also seen wearing free items. For a brief period in 2018, they used the default sign-up appearance, but soon after began to wear clothing in the style of the official TTHQ account. In 2019, they have used the appearance of accounts stolen through a phishing method if a user accessed a scam site posted by a scam bot.

Some scam bots are also able to follow and send friend requests to mass amounts of players in order to extend their reach and get the player to go to their site, and they may occasionally join random free-to-play servers to send a scam message in the game's chat before leaving a few seconds afterward. On popular servers, they will quickly join and leave after posting a scam message such as "I just got tons of Stars by visiting [scam site]!".

Initiatives by TTHQ to lessen the impact of scam bots were put into place, such as forcing all users to complete a CAPTCHA before signing up.

Between 2018 and 2019, scam bots were more actively seen on third party sites, such as Discord, VidSpace, and YouTube (where both videos and ads were mass uploaded), as a method to avoid TTO moderation. These bots appear to have slowly stopped appearing and many are being banned by YouTube, VidSpace, and Discord on their respective platforms.