Free Fire “Anniversary Event” Scam – Facebook Credential Harvesting (Indonesian Variant)
This phishing campaign targets Free Fire players in Indonesia and other Indonesian-speaking regions by promoting a fake “anniversary event” offering free rewards. The scam uses localized language and cultural references to appear legitimate.
How it works:
The victim encounters a link to this scam via social media platforms (YouTube, TikTok, Instagram, Facebook) or messaging apps, often with captions promoting a Free Fire anniversary giveaway.
Step 1 – Fake Anniversary Promotion (First Screenshot)
The victim lands on a page with:
A suspicious URL: dangerous walkmiepaltreks.com/… (clearly not an official domain)
Indonesian text: “EXCEPT YANG DI TUNGBU-TUNGBU PARA BURNHOR DENGAN BERBABAN HADIAN KEREN JIJIN AND ELJIYY SPECIALI FREE DIFFS IN THIS ANNIVERSARY”
(Note: The text contains multiple typos and nonsensical phrases, likely machine-translated or poorly written.)
A heading: “4TH ANNIVERSARY”
A button: “AMBIL HADIAH” (Take Prize)
Step 2 – Login Request (Third Screenshot – second image failed to load)
After clicking “AMBIL HADIAH,” the victim is taken to a page that instructs:
Indonesian: “LIGHT DENGAN AKUR ANDA UNTUK MEDIAPATKAN HADIAN ANDA”
(Rough translation: “Login with your account to get your prize”)
A button: “Login dengan Facebook” (Login with Facebook)
Step 3 – Fake Facebook Login Page (Fourth Screenshot)
Clicking the login button leads to a fake Facebook login page. This page:
Asks for Nomer ponsel atau email (Mobile number or email) and Kata Sandi (Password)
Includes Facebook branding and language options (Bahasa Indonesia, English, etc.)
Is designed to steal the victim’s Facebook credentials
The goal:
The attacker steals the victim’s Facebook login credentials. Since many Free Fire players in Indonesia use Facebook to log into the game, gaining access to the Facebook account gives attackers control over the associated Free Fire account as well.
Red flags to watch for:
Suspicious URL: The initial page is hosted on a domain unrelated to Garena or Free Fire (dangerous walkmiepaltreks.com with obvious typos).
Poor Indonesian grammar: The text contains multiple misspellings and awkward phrasing (e.g., “EXCEPT YANG DI TUNGBU-TUNGBU,” “BERBABAN HADIAN,” “JIJIN AND ELJIYY”). Official Garena announcements use correct, professional Indonesian.
No official branding: The pages lack official Garena or Free Fire logos and copyright notices.
Anniversary timing: While Free Fire does have anniversary events, they are always announced and hosted on official channels (ff.garena.com), never through third-party domains.
Facebook login requirement: No legitimate Free Fire event requires logging into Facebook through a third-party link. Official events are accessed within the game app or on official Garena websites.
Multiple typos: The heading “4MWERSARY” instead of “4TH ANNIVERSARY” is a clear typo that indicates a fake page.
What to do if you encounter this:
Do not click “AMBIL HADIAH” or “Login dengan Facebook.”
Do not enter your Facebook email/phone and password on the fake login page.
If you are a Free Fire player, always check official Free Fire social media accounts and the official website (ff.garena.com) for legitimate event information.
If you have already entered your Facebook credentials, change your Facebook password immediately, enable two-factor authentication (2FA), and check for any unauthorized activity.
Report the phishing page to Facebook and to Garena.
Why this scam is effective:
Indonesia has a massive Free Fire player base, and anniversary events are highly anticipated. Scammers exploit this by creating fake “anniversary giveaway” pages that mimic the excitement of official events. The use of the Indonesian language (even with errors) makes the scam more convincing to local users than generic English phishing pages.
Protective measures:
Never click links claiming to offer free Free Fire rewards from unofficial sources.
Always access Free Fire events through the official game app or official Garena websites.
Enable two-factor authentication (2FA) on your Facebook account.
Be suspicious of any page that asks for your Facebook login credentials outside of facebook.com.