According to an article published in 2019 by experts at security firm Akamai, about 12 billion cyber attacks against online gaming sites were observed in the 17 months prior to its publication. This figure is not surprising when we consider the growing profits for companies operating in the sector. According to a recent Report, approximately 2.7 billion players spent approximately $ 159.3 billion on games in 2020, and analysts predict it will only exceed $ 200 billion by 2023. While revenues earned from mobile games were around $ 77.2 billion in 2020, up 13.3% year-on-year. These revenues are the result of the intense activity of the communities of players that revolve around the main online games, such as personalizing characters with the purchase of costumes, weapons and other features. Major games also allow players to transact using an in-game currency, and as we will soon see these micro-economies appeal to cybercriminals.
Many are familiar with the popular game Fortnite, developed by Epic Games which in May reached 350 million registered players on mobile devices, Nintendo Switch, PC, PlayStation 4 and Xbox One. According to a report published in recent weeks by the company Night Lion Security, tens of thousands of Fortnite accounts are sold in the main online black markets every day for a turnover of over 1 billion dollars a year. You read that right, a billion dollars! According to experts, groups of cybercriminals use automatic tools that can check whether the credentials from multiple online data breaches allow access to an account of the popular video game.
In many cases, botnets – groups of machines previously compromised with malicious code – are used to verify entire stores of login credentials from past data breaches. This type of attack is known as “credential stuffing ” and is one of the main criminal practices for identity theft and compromise of accounts to multiple services. Specially developed software allows criminals to verify around 500 accounts per second. But what to do once you have a Fortnite account? Well since the game’s release there have been several seasons of the Fortnite game, the so-called seasons, in each of which specific weapons and skins (costumes of the characters of the game) were available, no longer available today unless I bought the account of a player who had caught them at the time. We therefore have the demand for this type of goods supported by players who want accounts with special skins and weapons, to respond to which a special market has been born in which criminal groups have begun to resell stolen accounts. An account can be sold for around $ 250, but I have also personally checked the availability of accounts at prices ranging from $ 100 to $ 400 depending on the virtual items they contain, including v-bucks. The v-bucks are game currency used in Fortnite that can be used to buy items such as costumes, weapons, and emotes Pass battle. The sale of accounts is obviously illegal and banned by the company Epic Games, but despite this, according to Night Lion, there are numerous illegal shops that sell game accounts through the Telegram and Discord platforms, the latter very popular among video game players.
The phenomenon is common to many other titles, games such as World of Warcraft and Minecraft and are equally profitable for criminals, earning several hundred million Euros from compromised account sales each year are estimated. If the hacked profiles are connected to a credit card or to an active PayPal account, their value is certainly higher because the criminal will be able to buy game goods and currencies before putting them back on sale. One might think criminals are target these type of games as it attract younger audiences who are easy susceptible to such scams but that is not the case. Let’s say an adult like you who is a fan of fantasy football, basketball or hockey. Well then be careful when surfing around to internet to buy Hut coins or Fifa points for your favorite fantasy game for those are not safe either and remember adults have better access to credit cards than teenagers.
Another attack technique widely used by criminals to target players is obviously phishing. In the past, phishing campaigns have been observed targeting specific gaming communities related to popular games. To convince players to provide their credentials or financial information (i.e. credit card data), the emails offer discounts for the purchase of goods related to the specific game, gadgets and in some cases international competitions. Malware attacks on gaming communities are also very common; it is very easy to come across programs that promise players to get unlimited game currency (currency generators) or mobile versions of popular games just released for gaming consoles only. These applications are actually malicious codes that allow criminals to take possession of the victim’s device. Getting back to the previous example, if you are not willing to shell out a few bucks to buy Hut coins or Fifa points through proper channels and look to try these currency generators, then don’t be surprised if your account gets hacked or you get banned at the very least.
To conclude you must be very careful when sharing your personal information especially banking info on the internet and as rule of thumb if you are willing to go through shady channels to acquire cheap gaming accounts or items then more often than not you will be duped out of your hard earned money.