Time is Money, and Online Game Scammers have lots of it

Source: ESET WeLiveSecurity

Written by: Márk Szabó

time_is_money

*Gamers and cybersecurity professionals have something in common – the ever-terrible presence of hacking, scams, and data theft – but how and why would anyone want to target gamers?*

One of the more worrying trends of the past few years within the gaming sphere has been the introduction of microtransactions, which ask you to provide your money in case you want to fast-track an in-game event or buy better equipment, or additional skins for your character, for example. Nowadays, this can ring true both for multiplayer and single-player games; hence there are many more opportunities for malicious actors to take advantage of you.

The ubiquity of scams within online gaming enables a degree of interaction between players through in-game chat or voice services. Most often, these places represent the first contact points between scammers and their victims, which can impact not only adults but also kids due to the nature of these games.

 

Fishing for money

Cybercriminals exploit online games as a means of earning income, either by stealing and selling user data or by tricking them into giving up their bank account information. With that, ransomware, viruses, and trojans are also used to target players and try to siphon money from them.

The most significant opportunity in this regard is virtual currencies, skins, weapons, and similar, as many game developers sell these for various amounts of money, with some skins costing hundreds of dollars or more due to their rarity.

A scammer can easily create an account for an online game and then use stolen credit card details to purchase said things, and once the account is fully stocked, it can be sold off for tidy sums. Some accounts can sell for thousands, exchanging virtual objects for real-world currency.

 

Sanctuary under attack

Of course, online games do employ various levels of protection to secure the users’ accounts; however, account hijacks still happen, as the data within these accounts can have tremendous value, either because of the player’s accumulated in-game wealth or the various licenses they might own on online game stores, as well as their personally identifiable information, like phone numbers, address, emails, and financial information.

All it takes is one weak password, and your account might fall out of your hands entirely, especially when people tend to still use the same weak passwords as always, instead of opting for stronger ones or, even better, use a secure password managers.

An added problem also is that many game services lack additional authentication methods, or the provider could suffer a data breach exposing passwords. In a way, it is like the various wars between the Horde and the Alliance in Warcraft; one gains, the other loses, but the end results could also become permanent.

 

Friendly fraud

One of the perhaps lesser-known scams within the online world is Friendly Fraud.  Despite that, it is monumental, as just in the United States, eCommerce merchants report as much as $11.8 billion in losses. This has become an increasing issue due to microtransactions. How it happens is that a child could overcharge their parents’ credit cards by making in-app purchases to get some special skin/in-game currency, for example. A parent might not know about this and dispute the charges on their bank account with their bank or the game company.

While maybe unintended, these disputes can still overwhelm the bank and gaming company or make the parents look like scammers. Why? Well, intentional Friendly Fraud also exists, in which case gamers, or people pretending to be gamers, purchase a game/currency and then dispute the charges on their credit card bill to receive a refund. It’s like buying a shirt, wearing it for a day or two, and then returning it to the store to get your money back.

 

Summoner’s fault (mostly)

Apart from the previously mentioned tricks, malicious actors also like to extract credentials through fake promotional material, like free exclusive items and game-time promotions on social media, leading you to a fake login website to extract your personal information and maybe even provide you with malware for free! How exciting, right?

Even in-game trade can be dangerous, as the transactions can happen outside the game’s limits through PayPal, for example, after which the fraudster disputes the payments, leaving you without the desired item and a monetary loss. Notice how many of these scams rely on user error, which is just the reality, as human error is still the leading cybersecurity issue.

 

What can a gamer do to protect themselves?

Thankfully, there are certain security tips a gamer can utilize to protect their precious accounts and game-time from malicious actors. Here’s a few:

  • Use a strong password – This advice sadly needs to be repeated. Try to stay away from simple word + number combinations and mix it up with special characters, capital letters, or try passphrases, which are more complex and yet a more memorable alternative.
  • Use multi-factor authentication – An additional authentication method, best done by using a one-time code generating app like Microsoft Authenticator or Authy is a must when properly securing any account.
  • Try to purchase game content in-house –Try to make your purchases inside the game’s own store, or through an official reseller, not providing your financial details to scammers.
  • Don’t fall for giveaways – Some games can have free giveaways of in-game content, but there can be cases when those asking for your account details are fraudulent – always verify whether the giveaway is done by an officially approved source.
  • Never provide account info to others – This advice gets often repeated in World of Warcraft especially – a game admin or developer would never ask for your credit card number or bank details, especially not inside an online game.

 And in case your account got hacked for one reason or another, on Steam, for example, there are ways you can deal with it to reach a successful recovery. This does not mean that gamers should not stay vigilant. As the lucrative world of gaming will always be under the threat of shady moneymakers and hackers. Stay safe and watch out for any dangers lurking in the shadows.