Social media phishing with fake Freefire gift card detected

Posted byAnti-phishing Leave a comment on Social media phishing with fake Freefire gift card detected

These screenshots show a phishing campaign that uses fake Free Fire gift cards as a lure to steal login credentials for various platforms (game accounts, social media, or Google). The victim is promised a free gift card (210, 530, 1080, or 2200 units) and then asked to log in, handing over their phone number/email and password.

Pay attention to the domain of the website.

Spoofing Freefire gift card

An authorization request appears on the phishing page.

Google phishing with fake Freefire gift.

Twitter phishing with spoofing Freefire gift.

Facebook phishing with fraud Freefire gift.

Threat Analysis: Free Fire Gift Card Phishing – Credential Harvesting

How the scam works:

  1. The Lure – The victim sees an ad, social media post, or direct message promising a free Free Fire gift card. The page displays gift card options with different values (e.g., 210, 530, 1080, 2200) and instructs the victim to “Choose your Card!”
  2. Login Page – After selecting a card, the victim is taken to a page that says “Log in to the game account” and asks for:
  • Phone number or email address
  • Password The same login form appears across multiple variants (Twitter, Google, generic game account).
  1. Credential Theft – When the victim enters their credentials and clicks “Login,” the information is sent to the attacker. The victim may then be redirected to the real game or social media site, making the scam less noticeable.

The goal:
The attacker steals login credentials to:

  • Take over the victim’s Free Fire (Garena) account linked to Facebook or Google
  • Access the victim’s social media or email account (depending on which platform’s login was mimicked)
  • Use compromised accounts to spread the scam further
  • Sell accounts or credentials on criminal markets

Red flags to watch for:

  • Free gift card promise: Garena / Free Fire does not give away in-game currency through external websites.
  • Login page on a suspicious domain: The URL contains edutexme.xyz, not an official Free Fire, Facebook, or Google domain.
  • Login form after selecting a gift card: A legitimate giveaway would not ask for your password to claim a prize.
  • Generic design: The pages lack official Free Fire branding and security indicators.

What to do if you encounter this:

  • Do not enter your phone number, email, or password.
  • If you have already entered credentials, change your password immediately on the real platform (e.g., Free Fire, Facebook, Google) and enable two‑factor authentication.
  • Always access official giveaways through the game’s official website or social media channels – never through random links.

Protective measures:

  • Remember: no legitimate giveaway requires your password.
  • Check the URL carefully – official Free Fire domains end with garena.com or freefire.com.
  • Use a password manager – it will not autofill on fake domains.
  • Enable two‑factor authentication on all gaming and social media accounts.

Leave a comment

Your email address will not be published. Required fields are marked *