Cybercriminals targeting online gamers, by the thousands

Julio Franco

Posts: 9,092   +2,043
Staff member

Phishing sites and emails designed to look like official bank notifications are nothing new, but perhaps you should look closer next time you get a suspecting email for your favorite online game. Kaspersky Labs is reporting that during 2012 they tracked over 7,000 daily attempts to break in gamers online accounts, mostly via email containing malicious links.

As is the case when you receive fake bank emails, cybercriminals are recreating emails you would normally get from popular online games, mentioning names of well-known gaming worlds to look legit and enticing users to click through. Once that's done, the sites will try to get your username and password information, and ultimately get access to in-game items that can be sold for real money.

cybercriminals kaspersky hacking cybercrime

The worrying part is that emails are actually being quite effective. Kaspersky tracked 15 million attempts to access phishing sites posing as pages from popular online game developers.

Even though game names are not specifically mentioned in the article, it would appear obvious that those that let you accumulate virtual goods that can be transfered or sold for real money would be the most appropiate targets. To name a few that will let you do that: Diablo 3, Second Life and Ultima Online.

Also note there's additional potential risk if a user fooled into giving away his login credentials reused the same data for accessing his email account, from there the hacker could work his way into other online accounts. According to Kaspersky's data, gamers are being targeted worldwide but top countries where they are observing the attempts include Russia, China and India.

Permalink to story.

 
Its not bad enough that we have to deal with gold/gil/currency farmers that monopolize the best in game spots to make money. Its not bad enough that practically EVER Notorius Monster that drops any sort of useable gear is over camped. This isnt even as bad as the experience points parties ran by gold sellers. This is worse then all of the above. Now their greed knows no boundries. Something HAS to be done about these people. I know I have personally broken 3 gil selling groups by useing my own time and tracking how they worked then reporting the findings to GM's. This however is far beyond putting in some personal time. They are going after the gamers without being in a game. I play on XBOX so Im pretty sure I would be safe. But others play on PC, and normally more then one person uses that PC. This is a disaster brewing. There has to be someway to stop these individuals.
 
The only way to stop them would be for the players to stop buying their ****... if they arent making a profit they would die out... but as long as people buy from them they will always be there
 
The only way to stop them would be for the players to stop buying their ****... if they arent making a profit they would die out... but as long as people buy from them they will always be there

That's true for games like WoW where you're not supposed to buy gold, but people do and it keeps the black market going. But there are other games where purchasing things for money is allowed, and people have no idea who they're buying from.

More games need to use Blizzard's authentication model. You have an app on your phone (or you can get a physical device) that gives you a code you have to enter. You only use it once a week or so, but if you try to log in from a different PC or even the same PC on a different network it makes you enter your code again. The code changes every 10 seconds or so, so keyloggers/fake sites etc wouldn't be able to use it.
 
RubinOnRye, I didnt' mean to imply it was their idea. The company I work for has been doing it for years as well if we want to log on from home. Blizzard is just the only game company I know of that realizes their customer's info is sought after in the same manner as someone's bank account, and they have the security to match.
 
I've constantly seen in my junk folder, a good 10-15 Runescape emails daily. Despite never joining the game once, possibly someone used the address as a reference or something? That said though, I see a bunch of Diablo 3 / World of Warcraft spoof emails, none which bother me because it's all common sense.

I don't play ANY of those games, even if I did play em I'd expect no such emails. There's always people clueless enough, to actually continue clicking these fake links. Anyone with half a logical brain, would check the link before clicking. Just because it says in the email "battle.net" or w/e, doesn't mean it's the real thing. Honestly.. they need 5 seconds to highlight an email address, check the link for matching and move on.

I've also seen some places, actually take spam/spoofed emails from users. Just so they can be aware of things, since there's always new bots out there. I don't know what to expect honestly, except a lot of upset players. Until they think logically, there's little you can honestly do.
 
I rarely actually see any of these emails in my personally email inbox - they usually get grabbed my gmails spam filter, and then I never see them.
I do laugh a bit when phishing emails for games show up at our work emails. It just seems strange the spammers try to even send these to domains that obviously for business :p.

Back on topic - it really doesn't require a whole lot of logic to foil almost any phishing email. Occasionally I will get one that I have to look at closely because it looks like a legitimate order. But those emails are usually given away by bad grammar or some mention of a foreign country.
 
Back