Security risk: Identity stole in video games.

Online Security at risk.

Nature of the risk:   

 

Video games developers has been changing every year the way a player can play, enjoy, and overall interact with other players. These days, players can perfectly interact with other players that are in the side of world, by now only shooting bullets to each other’s, as is the goal in the video game named: “Counter Strike”, which is a shooter.

Players can also interact with each other’s by taking advantage of the command voice, this to give indications to other players what to do in the game. These players can use text chat in game and outside the game. One platform that offers this interactivity is Steam®. 

The company persuades new and veteran players to join their community with the following advert:

Meet new people, join game groups, form clans, chat in-game and more! With over 40 million potential friends (or enemies), the fun never stops. 

The advert above can push new players to enlist in the Steam® community and get involved in the ways the advert is describing. However, with this fascinating idea of make new potential friends from around the world and have fun by playing together the latest video game titles, there always people ready to take advantage of vulnerable players that are not aware of what I called “the dark side of the video games”.

One of the common issues is the scam, specially the stolen of identities. As we see, in Steam® players can use “text chat” to send text messages but also links. While Steam® aware players “to not interchange or disclose passwords” with other players, these players, are still exposed to accidentally or by curiosity open links to websites that can potentially stole the account details of such players.

These video game “pirates” make usage of Trojans and worms to:

a)    Stole Information of the account.

b)    Send information as, passwords and other very delicate information to a remote server.

c)    Can emulate the website were the players is login in to access the games.

Warning sign of this risk:

A real example is the players “titussteel”. This player is an enthusiastic follower of the Wold of Warcraft series. In this forum post, the player is explaining how he is facing this issue, describing what the thief did to him and that he is looking for advice to this doesn't happens to him once again. 

As we can see, the first action a thief will do is the change the login details of the account:

a)    Email address linked to the account.

b)    Password linked to the account.

c)  And other details like password “hint”.

d) Even some websites offer the option to recover the account by sending an SMS with a special code that will gain access to the owner; however this can be changed as well.

How this operates:

A player (aka the thief) can easily send a malicious link to other player (the victim) by using the chat or email feature of the game. If the victim opens the link, this might redirect him/her to a fake website that will content the malicious virus, Trojan or worm. 

Please note that all this passes undetected by the user, especially if the user doesn't have a proper antivirus or antimalware installed in his/her computer. All is sorted to when the victim login again in his account, the username and password can easily stole by using the piece of software secretly installed by the attacker.

With that in mind, once the victim tries to log in his/her account for third time, sadly the victim will face the horrible surprise that he is not able to access to his/her game. And when he attempt to recover the password the system will reject his request as the email address will not recognized as it has been changed in the video game developer database.

The potential damage that his can cause:

Hackers are always looking to benefit they self’s from stole not only the identity of his victim’s, but also acquired vital information from the victim. The most common in the video game industry is to gain credit card details or any other way of payment, like PayPal accounts. Keep in mind that some players link their credit card details to the account, so for there is easily to buy in-game content as:

Steam Account Transactions.

                     

            a)   Add-Ons.

      b)  In-game currency.

      c)  Vehicles, Weapons etc.

If the hacker gets access to this vital information, they can use these details to clear any current balance in these credit cards and the victim might not notice it. 

What to do to protect me or my family from this internet threat:

First of all you need consider as an urgent manner, the installation of an Antivirus, while antiviruses doesn't protect you at 100%, it can prevent that  You to be another victim of this scheme. Remember that the antivirus database for virus, Trojans and worms is constantly updated by the developer and new threats can be easily avoid by having an antivirus installed and updated in your PC.

The second part is to teach yourself and the members of your family to NOT share any personal information with third parties, this can include:  in real life friends or even close family, as passwords, usernames, email addresses, payment details.

Third, teach yourself to research a link before you open it, one tool that you might want to take advantage of is Sucuri. You can easily copy the link and paste it in the box and then click the button, all information related to the website will be displayed to you and is up to you to access to it or not.

Fourth, never open attachments in that a friend of you has sent you via email. Sometimes this files might contain virus, malware or Trojan that will harmful your PC.

If one day you are a victim of one this attacks, first of all contact the customer support of the video game you are currently playing to find out how they can help you. Please consider a security check for your PC, you might need a IT technician to do this task in your behalf.

If money is involved, remember that every credit card has insurance and you might consider contact your bank or Credit Card Company immediately you detect any potential risk in your account.

I hope that the information listed above helps to understand that playing video-games is not a game, is a serious business when we’re talking about Internet Security.