We dig into the Game Players Code
Gaming security is getting a lot of attention at the moment. Rightly so; it’s a huge target for scammers and malware authors. Malicious ads, fake games, survey scams, phishing attacks…whatever you can think of, it’s in use. Some target kids and steal their accounts, selling them on. Others go after parents, who have their payment details tied to various platforms and consoles. Whatever the scammer is into, rich pickings can be theirs for the taking.
As we’ve shown previously, you don’t even have to be on a gaming platform to be at risk from shenanigans. You can run into something bad and gaming-related purely from hanging out somewhere else. These attacks, these tactics, are pervasive.
Some organisations are trying to turn the tide, however.
Step up to the plate, Game Players Code
Banks are noticing just how much time is spent dealing with gaming theft issues. No doubt their support calls tell a grim tale of cancelled cards and reverse charges. Tip: some gaming platforms will actually ban/cancel a gaming account by default should you ever reverse a dubious charge. Never do this if you can help it.
LLoyds Bank, in response to the never-ending glut of financial gaming fraud, has come up with something called “Shield against scams”. This is designed to give younger gamers a helping hand to avoid video game fakery. They’ve also got some well known gamer influencers on board which can only help get the message in front of gamers. Shall we take a look at each tip and see what else we can add to the discussion?
Chat screening and anonymity
SCREEN any chats from strangers, as well as unexpected gifts and special edition or time-limited offers. Never transfer money to someone you haven’t met in person.
HIDE personal information from others at all times, concealing your personal details where possible to avoid them being leaked.
This is a good start. Concealing player information is also helpful. Gaming forums, databases, and websites are often targeted by compromise and data theft. When the hammer falls, it’s probably best to have as few visible bits of personal information as possible. Always check the privacy specifics of whatever platform you’re using.
Some enable settings like real ID (your actual real name) by default, making it visible to whoever has the correct level of permissions. This could be a friend you’ve added, or random players looking at your profile. Other platforms won’t display real names or locations without you physically typing them into your profile. Consoles are a particular concern here because they have so many different settings across multiple menus. Many of them will have a privacy component to them, but you’ll have to dig around and make those connections yourself. It could be a slow process, so set some time aside for that.
Chat, whether in game or via a client, is an inroad to bad messages. You may even run into bogus messages in chat/VoIP land. The “I accidentally reported you” scam is hitting saturation point at the moment. Last but not least, beware of Real Money Trading if you play massively multiplayer online games.
Be cautious with payments
INVESTIGATE any gaming-related purchases before handing over money, such as checking whether the website is blacklisted on https://sitechecker.pro/blacklist-checker/ and only making card payments that offer greater consumer protections.
Another decent tip. Much of the gaming fraud we see at the moment is related to in-game purchases or DLC. Most commonly weapons, skins, outfits and the like. Some gaming platforms like Steam allow gamers to trade items. Fake trade phishes have been around for years and are very popular.
Evaluating the download risk
EVALUATE whether gaming-related downloads are being made from established trusted sources and whether they are safe by checking for malware via https://www.virustotal.com/
Generally speaking, all gaming downloads should be coming from the source (the platform you’re using) directly. Want to play Diablo 3? You’ll be using the Battle.net client on PC. Steam games? You’ll use the big download button inside the Steam client. Uplay? Origin? Epic store? The same rule applies. On a games console, it’s even more locked in. You can’t exactly go wandering off to a rogue download on a PS4.
As far as these files go, in theory you shouldn’t need to scan them (indeed, it isn’t possible to scan them if they’re on a games console). Sometimes things can go wrong with files from an official source, but this is pretty rare. Apply your own better judgment on this one.
Should you stray outside your walled client garden, that’s the time to be suspicious. Messages about free games, dubious offers/adverts, or random uploads to YouTube promising free cracked copies of the latest titles should be given a wide berth. You can certainly use VirusTotal for a quick check, but you should also read up on what it does. We would always recommend using your dedicated security tools in addition to any web-based scan.
Locking down
LOCK your gaming network by using password managers, two-factor authentication within platforms and anti-virus software.
Good tips. There are many gaming platforms. Some of them have titles exclusive to them, or deals which are better than anywhere else. Even if you decide to stick with Steam, certain games will insist on you also using their creator’s gaming platform. So you could fire up a Far Cry game on Steam, but you may need to launch the Uplay client…via Steam…and the game launches from there.
This may have changed, it’s been a few years since I tried it myself. But this is not an uncommon thing to happen.
Before you know it, you don’t just need a secure email tied to your gaming platform. You need logins for Steam, Uplay, Epic, Blizzard, multiple logins for MMORPG launchers, passwords in consoles, passwords everywhere. A password manager is exactly the kind of solution to this headache.
Two-factor authentication was rather uncommon in most gaming circles years ago, but it’s pretty much the default now. You can have it on your PC gaming clients, your consoles, your email. There’s Google Auth, or dedicated apps depending on the game publisher. Whatever your gaming network of choice, this is almost certainly something you can make use of.
Card safety concerns
DELINK your bank details from gaming and online browser accounts. Having two-factor authentication set up on bank transactions and using prepaid cards will also help to keep your money protected.
Payment information on accounts is a risk, but having payment information on any account can be a risk. The question is what can you put in place to lessen this, and how much damage can someone do if they get that information?
Many gaming clients allow you to store details, or delete them as appropriate. For example, you can tell Steam whether or not to remember payment info. You can also load up an account with funds via the Steam wallet, or put certain amounts of money onto the account with gift cards. Yes, someone can still steal an account and if it has £100 sitting on it, that’s bad. Some may argue that’s actually worse than stored card details.
If payment info is stored in Steam, you still have to enter the verification code on the back of the card for any transaction as this isn’t retained. While an account with details stored on it will still be valuable to someone out there, most people can’t simply start spending. They don’t have the code. However, an account with £100 or £300 sitting on it is an instant spend-festival.
As a result, a good tip is to only load up the account with smaller amounts of cash. It’s still bad if it gets stolen, but not £300 bad.
In conclusion…
Any attempt to make gaming realms more secure is a good thing. While you may have to add a bit more context to the tips as they stand, the basics are in place and that’s what we need to encourage young gamers with. Any positive change in habits, whether from the kids or the parents helping behind the scenes, can only be beneficial for everyone.
The post We dig into the Game Players Code appeared first on Malwarebytes Labs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.