Internet Security Fundamentals - Online Edition

19 Fake Games

Gamers have always been a target for cyber criminals as they tend to have high spec PCs with fast internet links, which makes them perfect for zombie botnet infections. Also, gamers are in the habit of downloading large programs from the internet in the form of game demos or game modifier packs. Typically, users are tricked into visiting fake game demo websites, loaded with exploit kits and malicious web links. More recently though, criminals have started to create actual playable game demos, albeit with malicious elements embedded into the program. Sometimes they have re-engineered the code from a legitimate game demo, while in other cases a whole new game has been created, either way the result is the same.

 

Websites that let you download modifiers ‘mods’ and ‘skins’ to change the appearance of your character in games like Minecraft are being cloned and may actually contain the stuff people are expecting to download as well as a few surprises. Typically, the website will contain an exploit kit that checks every visitor for particular software vulnerabilities in order to secretly install viruses and trojans, or the user is asked to download the virus which is posing as the game demo.

 

Online game streaming services like Steam have also been targeted either through their internal messaging service trying to get people to click an image to visit an infected website or through fake steam game pages based on real game demos. Mobile games are also being targeted, with gamers being tricked into downloading fake mobile games that are not available for their mobile platform. For example, the extremely popular Fortnite by Epic Games for months did not have an Android mobile version in the Google Play Store, yet there were websites and YouTube videos claiming to have access to the beta version or the actual full version. It was all a scam though, and while you get a copy of the app icon from the iOS version of the game, everything else is malicious. To get a legitimate version of Fortnite on Android, all you have to do on the device itself, is visit the developers website fortnite.com/android or visit https://www.epicgames.com/fortnite/en-US/mobile/android/sign-up

 

Also, beware of bogus beta version signup websites, claiming to give you early access to the ‘beta’ test version of a hotly awaited new game. You could be asked to give personal information as well as be directed to download malicious software. To reduce the risk of being tricked, stick to the official game developer’s website and official app stores for games, demos, beta tester requests, add-ons and for any links to third party ‘mods.’  If possible, avoid all third party ‘mods’ and do not follow links from social media or other gaming related websites. Patience is a virtue, and not buying into the hype and trying to be one of the first to play a (let’s face it) unfinished game, will help you avoid making a very costly mistake.

 

Another area where criminals are heavily targeting gamers is fake websites offering in-game currencies or virtual currencies, which have become the modern way many game developers now make the bulk of their money, running into the millions. As the focus is no longer on just selling you a game (many are now free as a result) but instead selling you an in-game currency or virtual currency that allows you either unlock additional content, progress faster or more often than not, a way to change the way your character appears within the game, making you stand out among the crowd on a purely cosmetic level. 

 

The downside for gamers that do not buy any virtual currency is that progress within the game is extremely slow. So, the criminals offer as bait, free in-game currencies like Fortnite’s V-Bucks or Robux from the gaming platform Roblox, that can easily be worth hundreds of pounds or dollars. These are advertised throughout social media and often appear as YouTube videos showing you how to ‘hack’ the game to earn vast amounts of in-game currency. If you visit one of the thousands of these scam websites, many ask you to fill in a survey and offer you the opportunity to earn in-game currency in return for sharing your friends email addresses. Of course, to give you the credit they need your username and password for the gaming account concerned (which is something you should never share or enter anywhere except official sites). They may even offer you a way of purchasing in-game currency at a massively reduced rate, whereby you will have given them your credit card information as well as the personal information gleaned from the survey. This is just about everything the criminals need to perform credit card fraud, run credential stuffing bots, and a whole lot more. To give you an idea of the scale of the problem, it was recently reported that there are over 4000+ registered scam web domains aimed at the game Fortnite alone.

 

Remember the adage, there is no such thing as a free lunch, and if someone is offering you something potentially worth a lot of money, either for free or at 90% off, it is probably a scam. Lastly, protect yourself with the free two-step verification offered by many of these games to protect your account, in case you do end up being tricked.

Index or next chapter Ecards


Like what you see? Purchase an offline copy (PDF is updated quarterly)
Also, volume Licensing available for up to 100 copies from £0.40 a copy