Internet courtship: Why would a hacker buy me poker chips?

I interpret your question as:

What's the motivation for someone to use an alien Facebook account to play poker and stock it with chips?

It's not that strange if you think about it this way:

As poker is a game where knowledge about the dealt cards gives you a significant edge in the game, you'd like to use sock puppets at a table to know more about the card distribution.

Thus, using sock puppets that are valid, active - real - Facebook accounts are the only way to gather more information without being spotted easily by heuristics.

Düsseldorf is where one of the big data centers in Germany is located, so there is a good chance that session was held by a bot on a server, not a real person.

Using two or three such bots on a table that are connected gives them a significant statistical edge to beat the other - real - players.

This (collusion) is probably illegal in most poker games and thus real accounts are used to make detection hard. Also, that's probably not the attacker's real name, their mail address and/or PayPal account.

It is probably the account of another victim of identity theft.

In the light of the other answer, I assume that Facebook handles the legal things when you marked the activities as fraudulent.


Update for modified question:

As there seems to be no real money gains involved in this poker game instance, there is another valid reason to use your mom's account:

Because it offers anonymity. If the stolen PayPal account owner tracks the usage down, it'll be your mom as a suspect, not the actual hacker.

Using real, alien Facebook accounts offers another layer of protection with respect to law enforcement.


There still remains the question of how the account was taken over. There are questions here that might answer that.

If your mom does do password reuse, you might educate her about the implications and urge her to change all passwords and use different, strong ones for all accounts.

This would be a good time to introduce her to the famous xkcd about diceware and/or a password manager, as David suggested in the comments.

Also, as S.L. Barth suggests in the comments, using two-factor authentication wherever possible is a good call in any case.


To me it seems as if someone is doing fraud from your account.

They load your FB with money (from a stolen credit card). Lose at poker so the money goes to another FB account. Withdraw that with an anonymous prepaid credit card. There are lots of different ways of doing carding (fraud).

I'd contact FB and maybe the police as you might get a loud knock on the door due to fraud being done from your FB account.


OP has clarified that this is Zynga Poker, in which no real money changes hands.

That being the case, the most likely reasons for a fraudster to put money into your mother's account is that this scamp has acquired/purchased a block of PayPal account details and is systematically testing them to see if they work by hacking into Facebook accounts and using those as mules to test whether the PayPal accounts have been frozen.

By verifying these accounts, he can gain a dramatic return on his investment. A thousand untested PayPal accounts culled from a 'data dump' might retail for a just a few dollars whereas a block of ten "proven active" PayPal accounts will sell for as much as $10-15 apiece, or even more if the account contains money and assuming he's logging in from a relatively secure location (such as an internet café), his chances of being captured range from slim to none.