How have people been spending their time since governors enacted shelter-in-place orders around the country in response to the COVID-19 pandemic? Many are taking long walks each day. Others are working from home, and some are binge-watching their favorite TV shows and movies.
But many others have found escape in the digital world of video games. Games have a robust economy both in and out of the games themselves. In-game currency, in-game purchases, real-world currency stored in wallets and the games themselves are all lucrative assets, and they are enticing targets for scammers and cybercriminals.
Cyberthieves have already unleashed a host of scams focused on the stimulus checks the federal government is providing to help lessen the economic impact of the pandemic. And because scammers have always targeted video game players, it wouldn't be surprising to see the number of gaming scams rise as more people, confined to their homes, log on to their favorite games.
Fortunately, by following some simple steps, you can avoid becoming a victim of many of these scams.
How much are gaming numbers rising?
How popular has video gaming become in this age of COVID-19 fears? Verizon reported that during the week that ended on April 2, the time people spent playing video games increased by 102 percent when compared with a typical day.
The online video game service Steam has been setting records, too. On April 4, a record-setting 24.5 million users were on the service at the same time, according to StreamDB. That marked the fourth weekend in a row that Steam recorded a new high for simultaneous users.
How do cybercriminals target gamers?
With so many people playing, video games are an even more attractive target for cybercriminals and hackers.
Cyberthieves can rely on a variety of tricks to steal gamers' identities, tap their bank accounts, or run up charges on their credit cards.
Some scammers create fake mobile versions of popular online games. These phonies, once downloaded, install malware on victims' phones or computers.
Others rely on phishing scams to trick people into surrendering their account details. Often, fraudsters will send an email to gamers telling them they need to confirm their password and log-in information. If gamers click on the link in the email, they'll be taken to a fake sign-in page that asks them to input their current password and username. Or, as recently seen, attackers were sending Discord QR codes promising rewards for using them, but ultimately stealing the gamer’s account information.
Once gamers surrender this information, scammers can log in to gamers' accounts and steal their virtual credits, online currency or the real-world currency in their online wallets. Virtual currency and the stolen accounts can then be sold on the dark web, making a significant amount of real-life money in the process, and the real-world funds in the wallets are just extracted.
Takeover scams are common, too. Cybercriminals rely on malware programs to capture the details of gamers' online accounts, such as those used to access the online offerings of popular video game platforms, including Steam, Epic, Origin, Uplay, and even Xbox and PlayStation consoles.
Once criminals get into these accounts, they could gain access to everything in them, including gamers' real names, credit card information, home address, and phone numbers. With this info, they can run up credit card purchases before gamers realize their account numbers have even been stolen.
In another scheme, fraudsters attempt to trick gamers into visiting third-party websites where they can buy add-ons to their games, such as weapons, special abilities, and new outfits for their avatars. The only catch? They must first provide their bank account details. Once scammers have this financial information, they can quickly empty gamers' accounts.
Attackers also target gamers by using their IP address. Your IP address is your unique internet location. In the hands of the right attacker, your IP address can be used to find your physical address, name, and other information. Those details can enable them to perform attacks that could lead to theft of financial and gaming account information or physical attacks against your residence in the form of doxxing and swatting.
These scams all existed before the COVID-19 pandemic, of course. But as more gamers flock online while quarantined at home, scammers have been exploiting these opportunities to trick gamers into surrendering their personal and financial information.
How can gamers protect themselves against scams?
Even after life returns to normal around the world, gamers must remain vigilant against fraud and scams. The video game industry is just too lucrative for cybercriminals to ignore, whether gamers are quarantined at home or not.
Newzoo in its 2019 Global Games Market Report — the most recent report available from the company — said that last year the global games market was expected to generate revenues of $152.1 billion. That's a jump of 9.6 percent from 2018.
The report also said that mobile gaming, made up of games played on smartphones and tablets, was the largest segment of the video game industry in 2019, producing revenues of $68.5 billion. That accounted for 45 percent of the global games market.
There are steps gamers can take to protect their personal information from scammers.
Never respond to email or direct message requests from Discord, Twitch, Steam, or other platforms requesting credit card, personal, or banking info: The best way to help protect yourself? Never disclose your credit card information or bank account numbers to anyone claiming to be from a video game service or platform. Legitimate companies won’t ask for this information through emails. Anyone who does is likely looking to steal your personal information.
Don’t fall for password scams: You might receive an email claiming that your password needs to be updated. Never click on any of the links in these emails. If you do, you’ll be taken to a fake website that asks you to fill in your personal and financial information. Scammers will use this information to access your accounts. Instead, delete any email that asks you to update your log-in information.
Protect your gaming accounts with strong passwords: Use passwords that are difficult for hackers to guess. A combination of uppercase and lowercase letters, numbers, and symbols works best. Also, don’t use the same password over several accounts. If a hacker cracks your password at one site, they could then use the same password to break into your other accounts.
Use two-factor authentication: You can make it much more difficult for hackers to break into your video game accounts if you set up two-factor authentication. Once enabled, you — and anyone else trying to access your account — will need two pieces of identification to log onto your site, usually your password and your phone number.
It works like this: You first enter your password to log onto your gaming account. Your account then sends a numerical code to your smartphone, email or using an authentication app. You must enter that code before you can access your gaming account. Having this extra step makes hacking into your accounts much harder.
Install and use a VPN when playing games that expose your IP address: When playing on a desktop computer, there are times when concealing your location is a critical way to protect your identity. VPNs are easily installed and require very little configuration to use. When using a VPN, your computer can appear to be somewhere else in the world, preventing attackers from finding your location.
Dan Rafter is a freelance writer who covers tech, finance, and real estate. His work has appeared in the Washington Post, Chicago Tribune, and Fox Business.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.