Why are phishers targeting gamers? 'Cause that's where the money is ...

To a scammer gamers are not just a huge target, they are also a very valuable and easily accessible target and highly vulnerable.

There's a story that when the notorious bank robber "Slick Willie" Sutton was asked why he robbed banks he replied "Because that's where the money is" (see Sutton's Law). As a strategy for maximizing the potential "take home" Sutton was, if you'll forgive the pun, right on the money even if the risk was higher than, say, knocking over a supermarket.

So, if you're a black hat hacker in the 21st Century who do you go after? Not the banks, they have defenses that are (usually) far too much work to penetrate. Nope, you look for a softer target, one that is less sophisticated, more numerous, and has a lower risk. That target would be gamers who rack up staggering numbers of visits to Web sites (the top 15 Web sites currently get a staggering 121.85 million visits per month ... and those are long visits).

Phishers, recognizing the potentially rich pickings, use messages that lead to Web sites with very similar names to those of the gaming sites to get gamers to login in with the credentials they'd use for the real site.

According to Comodo Group:

On the legitimate trade website, a trade offer can be responded to by signing in with your game account using the OpenID protocol. When a user wants to sign in, he's redirected to the game's vendor website, where he logs in and confirms that he wants to login on the third-party website as well. /  He is then redirected back to trading website where he is now logged in and can initiate or respond to any trade he wants. However, on the phishing website the situation is a bit different. / Once the gamer hits the sign in button, he's not redirected to game vendor's website, but to a page very similar to the vendor's one on the same domain, where the user is asked to enter his account credentials.

At the heart of this scam is getting access to the games hosted by services such as Steam, an "internet-based digital distribution, digital rights management, multiplayer, and social networking platform developed by Valve Corporation" (Wikipedia). Why? Because:

Some games have so-called "in-game items" which players use to improve the gaming experience. These items are purchased during the game with real money and their price can vary from a few cents to several hundred dollars. Players use them in the game, exchange them for other items or sell them to other players in a "Community Market". / This means a gamers account can be a rich prize if compromised by fraudsters. (Comodo Group).

For much more detail see the Comodo Group's discussion of the techniques used to attack gamers using Steam.

The genius, if such can be termed, of the phishing is that the target audience is generally naive about such attacks and the techniques are easily deployed. What should worry every corporate security executive is that while staff may face financial loss from these exploits there's also the very real potential for gamers to becomes gateways for hackers' entry into corporations particularly where Bring Your Own Device programs are supported.

Once again it becomes clear that no amount of security and education can remove all corporate risk; it's become a matter of simply minimizing exposure and expecting some degree of loss. It rather makes you long for the simplicity of the days of Mario, doesn't it?

Join the CSO newsletter!

Error: Please check your email address.

Tags Comodosecuritybecaphishing

More about ComodoWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Gibbs

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place