It's been more than a year since PlayStation 5, Xbox Series X and Xbox Series S hit store shelves. These releases, combined with the ongoing pandemic, have led to an unprecedented number of people taking up gaming in their spare time. Many also play games on social media. But with this increase comes more interest from hackers and scammers hoping to take advantage of unsuspecting gamers.
Gaming is becoming a bigger and bigger target for hacking
People spent more than $60.4 billion on video games in the US last year - up 8% from 2020. The first lockdown saw a 54% increase in game-related phishing attacks.
But it's not just the money that makes games attractive to criminals - it's also the wide range of information that can be stolen and turned into real-world cash.
Criminals exploiting online games through hacker attacks can steal in-game currency, steal items obtained in-game or even sell entire accounts. Some convert in-game items such as skins or rare items into cash on Ebay or use stolen currency to buy and sell expensive items.
The price of convenience
To avoid interrupting the gaming experience, game makers have made it easy to store payment details. Of course, adding credit card details to your account makes the information available to anyone who logs into your account - legally or not. With an increase in attacks that steal login credentials, it's more important than ever to protect your gaming account from hacking.
Increase your IT security
You should follow basic security measures, such as using unique and strong passwords, for all your accounts. This includes online games, subscription services and payment methods. A password manager can detect weak, reused or compromised passwords and tell you if two-factor authentication (2FA) is an option.
Note: You should always enable 2FA for an extra layer of security.
If you want to sell or give away an old console, be sure to clear the history of all your accounts to prevent accidentally giving someone access to your personal information.
Think carefully about who has access to your console and whether you are comfortable enough with them to use your profile and store account. Let's say you've just moved into an apartment with total strangers and decide to plug your PlayStation 4 into the TV in the living room. Until you're comfortable with your new roommates, it's probably a good idea to set a password for your PS4 profile and log out after each session.
Forget the defaults - make your accounts custom
The default settings on your console and PC aren't necessarily the most secure. Check your account settings to make sure your accounts are as secure as possible. Here are a few examples of security settings that are often available but need to be manually enabled:
- Enable PINs for multiple accounts
- Remove the ability to automatically log in
- Create a password to complete digital store purchases
- Make entering a password mandatory for changes to settings
- Set up automatic notification when a purchase is made
- Add security questions - but add a random answer that you can remember, instead of using actual information
- Turn on multi-factor authentication
These additional security steps will make your accounts more secure from anyone trying to gain access. Most gaming companies have a resource page with additional security features - find that page to check if there are other features you can make use of.
Scammers' favourite game: phishing
Phishing scams, which offer free currency inside a game, have become increasingly common in the gaming industry. Malwarebytes, a provider of anti-malware software, has learned that the popular FIFA series is often targeted by criminals due to its complex in-game economy, which includes a combination of in-game currencies earned and purchased with real-world money.
Many players are desperate to amass both to buy better footballers for their fictional teams, leading them to scam sites that offer too-good-to-be-true deals.
The popular game Fortnite has also had a number of successful phishing scams that exploit young players' limited access to real-world currency.
We recommend enabling 2FA on your game accounts to reduce the consequences if you are caught by one of these scams and get hacked. This way, even if scammers get your login credentials, they won't have the second authentication factor needed to log in.
But the easiest way to avoid these types of phishingis to resist the temptation to cheat. Few games actually have cheat codes you can buy or access in-game - and if they do, the vast majority probably know about it. It's just not worth risking losing your entire account to get extra currency or items.
Only download games from verified sources
Many of today's games are free to download, which has created a huge market of fake download links for games and content expansions. The game Apex Legends is available to play on Windows, PlayStation and Xbox platforms, but scammers released a fake link to play the game on mobile in 2019, which got over 100,000 to click on the link in less than a week.
When you download files from an unverified source, you make yourself vulnerable to malware, such as viruses or ransomware. To prevent downloading fake free games or content extensions, always make sure you get your games from reputable sources, such a verified app or a well-known website. Check the URL carefully before entering any personal details or clicking on the download link.
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.