Online gamers in the crosshairs of eCrime

G Data summarises the top risks for online gamers and offers tips for safe gaming on the Internet

08/14/2013 | Bochum 

Online gaming is more popular than ever. This year alone, PricewaterhouseCoopers is predicting a turnover of some €639 million in Germany for gaming on the Internet. This makes gamers a lucrative target for cyber criminals and the perpetrators are using specific methods to go after game fans. The criminals use various attack vectors to lure unwitting gamers into traps and, with the aid of computer malware or refined phishing sites, entire online gaming accounts can be stolen. Another method uses fake offers for rare pieces of equipment and virtual money for digital game characters. In the run-up to gamescom in Cologne, G Data summarises the three top risks for gamers and shows them how to protect themselves against them – for safe gaming on the Internet.

 

 

"Stealing and trading in user accounts for online games is a very lucrative business for cyber criminals. To do this, the perpetrators develop special computer malware that targets the user accounts of online games, or they employ tried and tested phishing methods," explains Ralf Benzmüller, head of G Data Security Labs. "Gamers should therefore use a powerful security solution that remains active during gaming, install all available software updates and only trust official game patches from the manufacturer."


Top 3 risks for gamers

Computer malware – keyloggers etc
Cyber criminals target gamers with special malware programs, including so-called keyloggers that are used to spy on keyboard input and hence user data for the online game. The Trojan horse Trojan.PWS.OnLineGames.NVI steals user data from the installed browser. It can thus access items such as data for the gaming account, if this is stored there.

Other malware is designed to steal licence keys. These 'stealers' specifically search the registry and other areas of the PC and transfer the data to the thieves' servers.

The compromised gaming accounts and other stolen data are sold in underground market places; high-level characters with a large amount of special equipment are particularly lucrative for this.


Example of an advert offering stolen gaming accounts:



Data theft via phishing
Phishing is a tried and tested eCrime method for getting hold of lucrative data. This frequently involves the use of emails in which the fraudsters pretend, for example, that there are problems with the user account. The recipient is then prompted to enter the access data on a specific website.

These sites are usually designed to look so deceptively genuine that they are hard to distinguish from the original. If the email recipient falls for the message, the cyber criminals gain direct access to valuable data.


Example of a phishing website:



Fake online offers for game characters, equipment and virtual currency
Besides data, online fraudsters also directly target money. They do so by placing adverts offering rare equipment, virtual money and sometimes entire high-level game characters on online vending platforms. If a user purchases the goods on offer, he loses the money he has paid and does not receive the article he has purchased.


Six security tips for online gamers

  • Install security software: Gamers should install a comprehensive security solution on their PC that includes a firewall and regular virus signature updates. The security solution should be permanently activated – even during gaming.
  • Keep applications up-to-date: You should use updates to ensure that your operating system and all installed software are kept fully up-to-date.
  • Use strong passwords: Secure passwords should be chosen for all online user accounts. These should consist of a random sequence of numbers, special characters and upper and lower case letters. This gives criminals no chance of hacking the password with so-called dictionary attacks. Furthermore passwords should not be stored in the browser.
  • Caution with unofficial patches and add-ons: Gamers should only install official updates from game manufacturers, as an apparent update can quickly turn out to be malware. Unofficial add-ons should also be avoided, as malware for stealing data is often lurking behind the software enhancements.
  • Do not reveal too much about yourself: Gamers regularly use a nickname rather than their real name in online games. Gamers should be careful not to reveal too much information about themselves.
  • Pay with a credit card: Virtual cash and other gaming accessories should only be purchased in official online gaming markets, as offers outside of such markets are usually fake. A credit card should be used for the payment process.

Kathrin Beckert