PlayStation Network and Xbox Live have a porn bot spam problem

PlayStation Network and Xbox Live have a porn bot spam problem
Porn bots are proliferating on XBL and PSN Amanda Farough/Unsplash
Porn bots are proliferating on XBL and PSN Amanda Farough/Unsplash
opinion
Mic invites contributors and staff to offer commentary and context about news and timely issues.

It’s midnight and I’m watching Ozark on Netflix — as one does in the middle of the night when sleep is evasive — when I see three messages pop up on my TV, all from accounts that I don’t recognize. Normally, I’d ignore them (as they were on my partner’s Xbox Live profile), but we’d encountered a similar set of messages on PlayStation Network earlier the same evening.

These accounts weren’t just spamming him, they were sending somewhat explicit messages in an attempt to entice him to join a private webcam chat with a 22- or 23-year-old woman, depending on which of the six porn bots he engaged with. (You know, for research.)

The porn bot problem isn’t new. It’s a lucrative endeavor, especially when you can hit critical mass on a place like Twitter. But it’s a fairly new issue for platforms like PlayStation Network and Xbox Live. If you’re unfamiliar, PlayStation Network (PSN) and Xbox Live (XBL) both have messaging platforms that allow users to interact with one another. It’s a bit ungainly to type on a controller, but they have mobile apps and Xbox Live is also connected to Windows 10 systems by default.

There’s a greater issue at work here, though: While Twitter, Skype, Facebook and even Snapchat enforce age restrictions, as per the Children’s Online Privacy Protection Rule, parents are able to create sub-accounts for their little gamers (under the age of 13) on XBL and PSN.

If those sub-accounts are set up improperly (or if chat is enabled), children could be susceptible to receiving these messages and risking exposure to pornographic content before they’re old enough to understand what they’re looking at.

Porn bots on PlayStation Network and Xbox Live: How it starts

The messages started fairly benign, and we immediately knew what we were dealing with based on language alone. It was stilted and misspelled, and while that’s a common issue when typing with a controller, this didn’t feel like your average PSN user.

Something’s not quite right here.
Something’s not quite right here. Amanda Farough/Mic

So, in the name of research, we continued our engagement, genuinely curious about where the porn bot would send us. This one didn’t end up sending us anywhere, as we inadvertently shut down the conversation with a flippant remark about “not playing competitive” in response to a “do you want to have good time” comment.

Mistakes were made.

On to the next one.

Yes, we used voice lines from ‘Overwatch’ to further the conversation.
Yes, we used voice lines from ‘Overwatch’ to further the conversation. Amanda Farough/Mic

Now we’re starting to get an idea of where we’re going with this particular bot. The real question that we had was — is this is a real “cam girl” or what?

The same conversation, continued.
The same conversation, continued. Amanda Farough/Mic

If you follow the link to GamersLust.com, you’ll find it’s a domain mask for FlingSociety.com. I was curious if there was an age gate, like any website that had adult content, so I went ahead and signed up (under a fake name).

Turns out that you need a credit card, which is a fairly effective age gate (unless it’s a teen who has access to Mom or Dad’s card).
Turns out that you need a credit card, which is a fairly effective age gate (unless it’s a teen who has access to Mom or Dad’s card). Amanda Farough/Mic

So, with the age gate in place, that should be the end of it... right?

Digging into the FlingSociety porn-bot scam

FlingSociety.com is a scam. It’s not a small scam, either. It’s a scam large enough to have built a myriad of bots to hawk its sexy-time wares. For the unlucky ones who have bought into the scam — which, for research purposes, I almost did — they forked over their credit card information and received no digital booty in return.

“They will ask for your credit card information and say they will send you a sexy video of them. It’s a scam, they won’t send the video,” said Reddit user BackdoorAlex2.

There’s no way to get in touch with FlingSociety, either through the website or through the Whois lookup information, which has masked most of the owner’s contact info save for an address and phone number. Masking Whois information is pretty common, especially to protect someone’s name or to keep a domain owner’s email address from being spammed.

But in the case of a website that doesn’t have any visible contact information, Whois is the next best thing. And if the masking (both in terms of its domain name and its Whois) is the only noticeable thing about a site, the internet is bound to give it some red flags.

Multiple anonymous people on the Scamner page dedicated to FlingSociety.com have indicated that this is, in fact, a scam. So if you have unwittingly given your credit card information to this porn-bot scam ring already, you may want to cancel that card preemptively.

Can kids can be targeted by porn-bot spam on PlayStation Network and Xbox Live?

Keeping kids safe online is a parental (and sometimes societal) imperative. If our young ones are going to be playing games on the same consoles as grownups, there are a number of tools we can use, including the ones baked into the consoles. But if parents aren’t making use of sub-accounts on Xbox Live and PlayStation Network, children could be at risk of receiving these kinds of messages.

We tested out one of the porn bots on Xbox Live to see if age was an actual gate, if the question was asked. Note that age was only asked for twice out of the six bots that we responded to.

If we responded that we were underage, the exchange ended.
If we responded that we were underage, the exchange ended. Amanda Farough/Mic

Over the course of 24 hours, my partner received a number of messages from these XBL and PSN porn bots; I, however, did not. But it didn’t have anything to do with my gender — I have rigid privacy settings on both my Xbox and PlayStation profile that prevents people I don’t know from messaging me.

One of my sons has his account set up to be private. You can search his profile if you know his username, but you can’t see anything about him. My older son has a more visible account, but it doesn’t accept messages. But recently, it was set up differently, allowing him to talk to people he knew about Overwatch. The privileges were revoked, but prior to that, was there anything stopping a porn bot from messaging a 9-year-old child and engaging in a conversation?

So, what are Microsoft and Sony doing to combat these issues? According to a Microsoft spokesperson, whom I spoke with over email:

“Our code of conduct helps ensure everyone has a safe, secure, and enjoyable experience, and any activity that violates these terms may result in enforcement action. We encourage anyone who receives an unsolicited or spam message to report it to the Xbox Live Policy and Enforcement Team, which will investigate and take the appropriate action.”

Without the age issue, which is something that means a great deal to me as a parent, it’s creepy. Once you throw in underage kids and teens potentially being targeted for this kind of messaging, it veers off into dangerous terrain.

Mic has also reached out to Sony for comment and will update with any response.

More gaming news and updates

Check out the latest from Mic, like this deep dive into the cultural origins of Gamergate. Also, be sure to read this essay about what it’s like to cosplay while black, a roundup of family-friendly games to play with your kids and our interview with Adi Shankar, producer of the animated Castlevania Netflix series.