Security Alerts

Thousands of Websites Hijacked for Scams Targeting Children Playing Roblox and Fortnite


Joseph Morgan


17 August, 2023


The scams are often disguised as promotions, and they can all be linked to one network.

Over the last five years, thousands of websites belonging to US government agencies, leading universities, and professional organizations have been hijacked and exploited to promote scammy offers and promotions, targeting children. These scams often attempt to trick kids into downloading apps, malware, or submitting personal details in exchange for nonexistent rewards in popular games like Fortnite and Roblox.

Zach Edwards, a security researcher, has been tracking these website hijackings and scams for more than three years. He has discovered that they can be traced back to the activities of affiliate users of a single US-registered advertising company.

Concept - Computer Keyboard with red key that says SCAM ALERT, online dangers
Hooded computer hacker stealing information with laptop

How the Scams Work

  1. Vulnerabilities in Websites: Attackers exploit vulnerabilities in a website’s backend or its content management system.

  2. Uploading Poison PDFs: Attackers upload malicious PDF files, which Edwards calls “poison PDFs”, to the compromised websites. These documents are designed to show up in search engines and promote fraudulent offers such as “free Fortnite skins,” Roblox in-game currency generators, or cheap streams of popular films.

  3. Clicking on Links: Users clicking on links in these poison PDFs are directed through multiple websites, ultimately ending up on scam landing pages that often appear to be tailored to children.

  4. Collecting Information: These landing pages typically ask for in-game usernames and operating systems, followed by a request for personal details or actions such as app downloads, allegedly to “unlock” rewards. However, no rewards are ever given.

Link to CPABuild

The fraudulent activity is primarily traced back to CPABuild, an advertising firm. All the compromised websites with uploaded PDFs call to command-and-control servers owned by CPABuild. The company, registered in Nevada, allows affiliates to attempt to get people to complete customer-hosted tasks. However, many of its users have engaged in ongoing fraudulent activity despite the company’s claims of conducting daily fraud checks.

Risks for Parents

Solutions for Parents

Online scams targeting children are a growing concern, particularly as children spend more time online for both education and entertainment. These scams often prey on the popularity of games like Fortnite and Roblox, promising in-game rewards in exchange for personal information or actions. By staying informed and taking preventative measures, parents can help shield their children from scams and online predators. It is crucial to educate your children about the potential dangers lurking online and to foster open communication about their online activities. By working together, we can create a safer digital world for our children.

Happy teenager winning at video games