The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.
Although I’ve been doing video game PR since 2006, I didn’t encounter my first key scammer until 2012, when someone impersonated a magazine editor I was already talking to separately. Since then, the problem of people scamming review copies has gone from a funny story shared over drinks at GDC to an annoying issue I deal with almost every day.
When Kotaku recently interviewed me on this topic, a few people suggested in the comments that the solution is not to answer any key requests, ever. Please don’t do that! For potential customers to find out about your game, you need to get it in front of people who can share it with audiences you can’t reach on your own. To do that, you need to send out review copies.
You should start by identifying press and content creators who are good prospects for your game, and send keys to those people proactively. But no matter how thorough you are, it’s impossible to find everyone who might be interested. If you hear from someone who wants to cover your game, are you really going to sabotage yourself by ignoring them?
What’s the harm, then, in sending keys to anyone who asks? Worst case scenario, your game ends up being resold on a gray market site like G2A. That’s not the end of the world. The bigger problem with key scammers is this: when you realize you’ve been duped, it makes you cynical and suspicious and unwilling to trust the next person who asks for a review copy. And that attitude can hurt your chances of getting coverage if the next person who asks is the real deal.
Here are 10 tips to help you spot scammers. When I identify one, I apply a filter to their email address so the next time they contact me, it goes straight into a “scam” folder and I don’t have to waste time on them again.
1) Check the email domain. This is the easiest thing you can do. Does the email match the site they’re requesting the key for? If not, but everything else seems legit, ask them to write back from a sitename.com email (or have an editor do so), or to tweet you from the site’s official account. If they’re genuine, they won’t mind jumping through the hoop. (Also, make sure the site domain really matches. If someone from sitename.org is writing on behalf of sitename.com, dig deeper.)
2) Visit the site. Scammers go to great lengths to create fake sites to fool us. Sometimes these are hosted on free services like wordpress.com or wix.com, but not always. Poke around the site—has content been posted recently? Do their social media links go to real, active accounts? Do all of the site pages (About, Contact, etc.) actually work? Assuming the content is in a language you understand, read some reviews. Even if you’re unable to definitively prove whether the site is real, is it one you want your game to be associated with?
3) Check for plagiarism. Scammers create sites that look real by stealing content from other sites. Paste some random paragraphs from the site’s reviews into Google and see what turns up. If you don’t find a match, that doesn’t mean the content isn’t plagiarized—it could have been run through a translator. But if you do find a match, you know not to waste any more time.
4) Check the site’s Alexa ranking. Enter the URL at http://www.alexa.com/siteinfo to get an idea of their traffic. The bigger the site, the lower their ranking will be. This isn’t a failsafe measure of a site’s traffic, but if the ranking is up in the millions, that’s a red flag.
5) Look at their Twitter. Does an Italian language site have a disproportionate number of Russian followers? Do their followers include a lot of accounts with no avatar or bio, and/or naked women looking for a good time? If it’s only a few, they may still be legit, but the more of these types of followers they have, the more likely it’s a fake account. Also, make sure they’re actually engaging with people on Twitter. If they haven’t tweeted lately or the posts are generic, it’s likely an imposter account.
6) Verify YouTube & Twitch emails. When you hear from a content creator, make sure the email address they’re writing from exactly matches the email on the YouTube or Twitch account. Some scammers use an address that looks the same at a glance, but is off by one letter or character. (I copy the email address from the YouTube/Twitch page and search for it in the email to be sure they’re the same.) If there’s no email listed, you can ask for a tweet from the official account, as long as that account is listed on their YouTube page—someone impersonating a streamer over email wouldn’t have any qualms about setting up a fake Twitter account! If there’s no obvious way to verify their email, just ignore the request and move on. Most big content creators don’t request keys from developers, anyway.
7) Make sure the YouTube/Twitch account is active. If they have written in from the official email and everything else seems kosher, look at when they last posted content. If it was months or years ago, they’re not likely to start up again with your game.
8) Look for patterns. Many of the scam emails we get probably come from the same few people. Organize suspected scam emails into a separate folder so you can watch for trends. For example, here are two emails I got on the same day:
(I’ve blacked out the phone numbers and addresses on the chance that they belong to a real person. They have the correct country codes and appear on a map, but there’s no indication online that these numbers or addresses are associated with these publications.)
Both emails have the same structure:
- The sender gives their name, identifies their role at site URL, and explains what the site is.
- They say what they want: to review the game Unavowed.
- They ask for 3 copies so “me and my coworkers” can review it.
In isolation, an email like this isn’t too strange (except for the multiple copies, which scammers often ask for). But back-to-back, the similarities stand out. The formatting is the same in both emails, with no line breaks between the paragraphs, and the formatting of the signatures is identical. Additionally, when I viewed the source, I found that both emails were sent through the Zoho.com email service.
Here are two other emails I received that day:
These don’t have the same signature as the other two, so they’re not as obvious at a glance, but they have the same structure and formatting, and were also sent through Zoho.com.
The next time I get a request like this, I’ll remember it because I took the time to look at the emails and spot the pattern. Other clues to watch for across emails are text in all bold or bold italics, your game name appearing in a different font or size than the rest of the text, weird line breaks, and identical subject lines.
9) Be wary of Steam curators. I rarely send keys to Steam curators or people asking to do giveaways unless I’m already talking to them in another context. If someone’s reviewing the game for a website or magazine and also plans to review the game as a curator, that’s fine. But if they’re solely a curator asking for a freebie, I believe that goes against the spirit of Steam’s curation feature, and I don’t think the effort involved in making sure they’re legit is worthwhile for the exposure you’d get out of it. If you do decide to send keys to Steam curators, vet them the same way you would a journalist or content creator—make sure the email address is valid, only send one key even if they ask for more, and make sure they actually post a review. If they don’t, remember that for your next game.
10) Don’t be fooled by sob stories. This type of scammer isn’t necessarily seeking a review copy for coverage, but they want a hand-out all the same. I lost my job, my car’s in the shop, I have a big tax bill to pay, I bought the game but deleted it and Steam (or the App Store) doesn’t recognize my purchase, I’m trying to get a website off the ground but had to delay it for health reasons, I just opened an internet cafe and need freebies for my customers—all of these are variations of emails I’ve received. Also watch out for people claiming the code you sent them didn’t work, especially if you’ve never spoken to them before! (Of course, keep track of which codes you send to whom, so you can double check if someone claims to have trouble with a code.)
Bonus tip: Pay attention to freelancers! This tip isn’t exactly “how to spot a scammer,” but as far as getting coverage goes, it’s one of the more important things an indie can do. With all of these scam emails coming in, you may be tempted to ignore anyone who isn’t writing in from a big name site. Don’t make that mistake! When someone reaches out because they want to cover your game, you have an opportunity to build a relationship. This can be especially important with freelancers who might be able to get you coverage in a publication that’s ignored your own PR efforts, or one you didn’t even know existed. And someone who’s freelancing today could be on staff at IGN or Polygon by the time your next game comes out.
Key scammers aren’t only duping developers—they’re hurting freelancers, too. I have heard from some freelancers that they’re getting fewer responses to review copy requests than they used to. Since freelancers are independent, they’re naturally writing in from an email that doesn’t match the site they write for. They might not know yet where (or even if) they’ll get the go-ahead to cover your game, so they don’t have an editor to vouch for them. But if the freelancer has covered games like yours in the past, or they can name some sites where they plan to pitch coverage, or even if they just send a personalized and candid email about why they want to cover your game, it’s in your best interest to take a chance on them.
Scammers occasionally impersonate real freelancers, so you should still verify their email address. Tweet them, send a message through LinkedIn, and/or check their personal website to make sure the same email is listed there.