We research. You level up.
Protect your devices, your data, and your privacy—at home or on the go.
“Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected.”
Featured Event: RSA 2021
Activate Malwarebytes Privacy on Windows device.
Gaming security is getting a lot of attention at the moment. Rightly so; it’s a huge target for scammers and malware authors. Malicious ads, fake games, survey scams, phishing attacks…whatever you can think of, it’s in use. Some target kids and steal their accounts, selling them on. Others go after parents, who have their payment details tied to various platforms and consoles. Whatever the scammer is into, rich pickings can be theirs for the taking.
As we’ve shown previously, you don’t even have to be on a gaming platform to be at risk from shenanigans. You can run into something bad and gaming-related purely from hanging out somewhere else. These attacks, these tactics, are pervasive.
Some organisations are trying to turn the tide, however.
Banks are noticing just how much time is spent dealing with gaming theft issues. No doubt their support calls tell a grim tale of cancelled cards and reverse charges. Tip: some gaming platforms will actually ban/cancel a gaming account by default should you ever reverse a dubious charge. Never do this if you can help it.
LLoyds Bank, in response to the never-ending glut of financial gaming fraud, has come up with something called “Shield against scams”. This is designed to give younger gamers a helping hand to avoid video game fakery. They’ve also got some well known gamer influencers on board which can only help get the message in front of gamers. Shall we take a look at each tip and see what else we can add to the discussion?
SCREEN any chats from strangers, as well as unexpected gifts and special edition or time-limited offers. Never transfer money to someone you haven’t met in person.
HIDE personal information from others at all times, concealing your personal details where possible to avoid them being leaked.
This is a good start. Concealing player information is also helpful. Gaming forums, databases, and websites are often targeted by compromise and data theft. When the hammer falls, it’s probably best to have as few visible bits of personal information as possible. Always check the privacy specifics of whatever platform you’re using.
Some enable settings like real ID (your actual real name) by default, making it visible to whoever has the correct level of permissions. This could be a friend you’ve added, or random players looking at your profile. Other platforms won’t display real names or locations without you physically typing them into your profile. Consoles are a particular concern here because they have so many different settings across multiple menus. Many of them will have a privacy component to them, but you’ll have to dig around and make those connections yourself. It could be a slow process, so set some time aside for that.
Chat, whether in game or via a client, is an inroad to bad messages. You may even run into bogus messages in chat/VoIP land. The “I accidentally reported you” scam is hitting saturation point at the moment. Last but not least, beware of Real Money Trading if you play massively multiplayer online games.
INVESTIGATE any gaming-related purchases before handing over money, such as checking whether the website is blacklisted on https://sitechecker.pro/blacklist-checker/ and only making card payments that offer greater consumer protections.
Another decent tip. Much of the gaming fraud we see at the moment is related to in-game purchases or DLC. Most commonly weapons, skins, outfits and the like. Some gaming platforms like Steam allow gamers to trade items. Fake trade phishes have been around for years and are very popular.
EVALUATE whether gaming-related downloads are being made from established trusted sources and whether they are safe by checking for malware via https://www.virustotal.com/
Generally speaking, all gaming downloads should be coming from the source (the platform you’re using) directly. Want to play Diablo 3? You’ll be using the Battle.net client on PC. Steam games? You’ll use the big download button inside the Steam client. Uplay? Origin? Epic store? The same rule applies. On a games console, it’s even more locked in. You can’t exactly go wandering off to a rogue download on a PS4.
As far as these files go, in theory you shouldn’t need to scan them (indeed, it isn’t possible to scan them if they’re on a games console). Sometimes things can go wrong with files from an official source, but this is pretty rare. Apply your own better judgment on this one.
Should you stray outside your walled client garden, that’s the time to be suspicious. Messages about free games, dubious offers/adverts, or random uploads to YouTube promising free cracked copies of the latest titles should be given a wide berth. You can certainly use VirusTotal for a quick check, but you should also read up on what it does. We would always recommend using your dedicated security tools in addition to any web-based scan.
LOCK your gaming network by using password managers, two-factor authentication within platforms and anti-virus software.
Good tips. There are many gaming platforms. Some of them have titles exclusive to them, or deals which are better than anywhere else. Even if you decide to stick with Steam, certain games will insist on you also using their creator’s gaming platform. So you could fire up a Far Cry game on Steam, but you may need to launch the Uplay client…via Steam…and the game launches from there.
This may have changed, it’s been a few years since I tried it myself. But this is not an uncommon thing to happen.
Before you know it, you don’t just need a secure email tied to your gaming platform. You need logins for Steam, Uplay, Epic, Blizzard, multiple logins for MMORPG launchers, passwords in consoles, passwords everywhere. A password manager is exactly the kind of solution to this headache.
Two-factor authentication was rather uncommon in most gaming circles years ago, but it’s pretty much the default now. You can have it on your PC gaming clients, your consoles, your email. There’s Google Auth, or dedicated apps depending on the game publisher. Whatever your gaming network of choice, this is almost certainly something you can make use of.
DELINK your bank details from gaming and online browser accounts. Having two-factor authentication set up on bank transactions and using prepaid cards will also help to keep your money protected.
Payment information on accounts is a risk, but having payment information on any account can be a risk. The question is what can you put in place to lessen this, and how much damage can someone do if they get that information?
Many gaming clients allow you to store details, or delete them as appropriate. For example, you can tell Steam whether or not to remember payment info. You can also load up an account with funds via the Steam wallet, or put certain amounts of money onto the account with gift cards. Yes, someone can still steal an account and if it has £100 sitting on it, that’s bad. Some may argue that’s actually worse than stored card details.
If payment info is stored in Steam, you still have to enter the verification code on the back of the card for any transaction as this isn’t retained. While an account with details stored on it will still be valuable to someone out there, most people can’t simply start spending. They don’t have the code. However, an account with £100 or £300 sitting on it is an instant spend-festival.
As a result, a good tip is to only load up the account with smaller amounts of cash. It’s still bad if it gets stolen, but not £300 bad.
Any attempt to make gaming realms more secure is a good thing. While you may have to add a bit more context to the tips as they stand, the basics are in place and that’s what we need to encourage young gamers with. Any positive change in habits, whether from the kids or the parents helping behind the scenes, can only be beneficial for everyone.
SHARE THIS ARTICLE
ABOUT THE AUTHOR
Lead Malware Intelligence Analyst
Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.
Write for Labs
Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
Imagine a world without malware. We do.
NEWS AND PRESS
© All Rights Reserved
Select your language
Your intro to everything relating to cyberthreats, and how to stop them.
We research. You level up.