Gaming-Related Phishing Trends
Researchers at Kaspersky have found that the vast majority of gaming-related malware lures are targeted at Minecraft players. Roblox came in at a distant second, and the researchers note that both of these games are frequently played by children, “who have much less knowledge of cybersecurity due to a lack of experience.”
“When downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device; and in an attempt to download a desired game for free, find a cool mod or cheat, gamers can actually lose their accounts or even money,” the researchers write. “The research revealed an increase in attacks using malicious software that steals sensitive data from infected devices. It included such verdicts as Trojan-PSW (Password Stealing Ware) which gathers victims’ credentials, Trojan-Banker which steals payment data, and Trojan-GameThief which collects login information for gaming accounts.”
Unsurprisingly, most gaming-related malware lures target some of the most popular games.
“Attackers often purposely seek to spread threats under the guise of games and game series that either have a huge permanent audience (such as Roblox, FIFA, or Minecraft) or were recently released,” the researchers write. “We found that from July 1, 2021 through June 30, 2022, the TOP 5 game titles that cybercriminals used as a lure to distribute secret-stealing software included Valorant, Roblox, FIFA, Minecraft, and Far Cry.”
Attackers also use phishing sites to compromise accounts for multiplayer games that have in-game currency, such as Grand Theft Auto 5 and Counter-Strike.
“This year, cybercriminals have learned to mimic the entire interfaces of the in-game stores for many popular game titles,” the researchers write. “The most notable examples include fake marketplaces launched under the names of CS:GO, PUBG and Warface, which are popular esports disciplines. To achieve better results, players need a decent arsenal of weapons and artifacts that are available in the in-game stores. The scammers created fraudulent stores by copying the appearance of the actual in-game marketplaces to fool players, with the final aim of taking over their accounts or stealing their money.”
New-school security awareness training can teach your employees to follow security best practices so they can avoid falling for social engineering attacks. And they can pass on what they learned to their children, too.