Account Cart Search

Cyber Security and Scams in Online Gaming

Article posted on 6/25/2020


Image Credit: Shutterstock

If you’ve spent any amount of time on the Internet at all, you’re probably no stranger to the loads of online scams circling around out there. From Nigerian princes offering you a part of their fortune to a misleading link that plunks you in the middle of dangerous territory, there’s a lot of caution and vigilance required for having an online presence these days.

No corner of the Internet is truly safe, and that’s especially true for gaming, particularly since the COVID-19 pandemic began. I read an article recently on TechRadar that reports that the games Minecraft, The Witcher 3, and Counter Strike: Global Offensive have been commonly targeted as places to funnel users to malicious sites. The security firm Kaspersky reports that the number of attempts to direct users to malicious gaming-themed websites was up by 54% in April, and the number of redirects to phishing pages that contained mention of popular gaming platform Steam also rose by 40%.

These rigged websites lure players with promises of free game downloads, expansions, cheats, etc, and then when an unsuspecting victim arrives, their PC is infected with malware. Password-stealers, ransomware, and cryptocurrency mining are just a few examples. Many people who have picked up gaming as a way to pass the time during quarantine aren’t as familiar with some of the tricks and scams that appear in the online realm of games.

I’m no stranger to this, myself. I play Final Fantasy XIV, an MMO with over 14 million players, and money scams and malware are just par for the course. If it’s not someone in game trying to send you to a website where you can pay real money for in-game currency, it’s someone else trying to slip in a misleading link in commonly shared spaces like forums or YouTube comments.

These links then take the user to a site that looks official, but is actually designed to steal their login info. I’ve seen people lose years worth of gear and gill because they were careless and someone logged in and cleaned their character out entirely. It might be “just a game,” but a lot of people have invested a lot of time and money into it, so to have everything wiped out because someone wants to waltz in and steal your hard work, well, that’s pretty terrible.


Image Credit: Adobe Stock

This is by no means an exhaustive list (and is applicable beyond just gaming), but here are a few ideas for how to prevent falling for these scams.

Pay attention when you play 
If someone places a link in a chat, think very carefully before clicking on it. If it looks like the game’s official site, do a little looking before entering in any information. Check the URL, do a google search for the company’s website and compare, etc. I get a lot of emails here at Stardock with people pretending to be streamers asking me for keys, and sometimes it’s really hard to notice a subtle swapping of two letters in the email address. It’s pretty easy to do the same with a website.

Use two-factor authentication 
A lot of gaming companies use this now and it’s a really easy way to get some additional security. Back in the day, I ordered a key tag from SquareEnix that would generate a 6-digit code for me every time I went to log in. These days, the same thing is done through a phone app, which is a heck of a lot more convenient. If you’ll be logging into a game often - especially a game where you pay monthly or have the option of microtransactions - this is a really smart way to go for some extra safety.

Practice Safe Password Storage
Look, I know it’s an extra hoop to jump through, but I promise, it’s really not all that bad. I never used any sort of password apps before I came to Stardock until my coworker Spencer introduced me to LastPass

I know you’re not supposed to use the same password for multiple sites, but I also know I have a memory like a goldfish and can’t possibly remember five thousand passwords. With a program like LastPass, you just need to remember one really strong master password, and the app will take care of the rest. It’s added security for a small fee and a very minimal amount of effort. I can’t suggest this enough.

Have you ever fallen victim to a malware scheme (or very narrowly avoided being scammed)? Share your experience with me!