Man
Professional
- Messages
- 3,049
- Reaction score
- 575
- Points
- 113
There is nothing better than a pleasant pastime. Some people play sports, some read books, and some sit in their favorite mobile apps. On smartphones, you can "hang out" on social networks, make purchases on marketplaces, learn languages, and play mobile games.
Gamers are willing to spend hours just on the process of character creation, let alone the actual game time to level up their heroes. That is why they become a target for online scammers. Their accounts are a real gold mine.
If a mobile gaming app has been tainted by fraudsters, the target audience may lose interest in it. Users must be confident in their safety and the security of their valuable data.
With online gaming becoming increasingly popular, it is important to know what types of online mobile app scams there are and what to look out for.
Contents
Types of fraud in gaming applications
1. Account theft
2. Theft of funds
3. Fake accounts
3. Bots
4. Ad fraud malware
5. Hidden payment
6. Redirection to third-party sites
7. Phishing
8. Fake mobile versions of popular online games
9. Attacks targeting children
10. Social engineering
How to protect yourself: tips for players
How to protect yourself from fraud: tips for advertisers
Such "fat" accounts can save a scammer thousands of game hours to create and develop their own character. When an account is stolen, attackers also gain access to the user's credit cards, which could have been saved in the account if the user purchased skins and other digital goods in the game for real money.
After the theft, the scammers immediately change the password to the account so that the real owner does not have access to it. Because of this, the player can completely leave the platform, losing interest and trust in it.
For game app owners, this results in a loss of reputation, potential income, and a negative user experience. The scammers then resell the stolen account for profit.
EXPERT ADVICE
— Create complex passwords for your accounts in games and on gaming platforms and marketplaces. Use allowed special characters, lowercase and uppercase letters, numbers.
— Do not trust unfamiliar users in the game and do not give them access to your game account.
Here is an example from India:
A youth in the capital of Odisha lost Rs 1 lakh while playing an online game on his phone. According to the Cyber Crime Cell of the Commissioner of Police, Mohan Singh was on a social networking site when he saw an advertisement for the game. The advertisement stated that the player would get Rs 50 after scoring one point and Rs 1,000 after completing all the levels of the game.
Mohan, tempted by such a tempting advertisement, immediately registered in it. After completing the game, he was asked to link his bank card for the payment of prize money. After completing the card linking procedure, he received a one-time password to enter. As soon as he entered it, 1 million rupees were withdrawn from his account in three sittings.
EXPERT ADVICE
— Cybersecurity experts have warned against uploading and sharing personal information on any online applications.
— Cybercriminals are creating dubious gaming apps to steal personal data on a large scale.
— Applications promising quick money or expensive gifts are, in fact, traps. Fraudsters first "replenish" the user's balance, but as soon as the user invests larger sums of money, they block payments.
— Gaming apps are entertainment in themselves, which is why they are so popular. That is why they are used by fraudsters to steal users’ personal or banking information.
- Always check the authenticity of the application before installing it.
For example, with the help of such accounts, attackers increase their chances of winning in virtual tournaments. This undermines the trust of real users in the gaming platform.
Additionally, fake accounts can also be created to make online in-app purchases using someone else's stolen credit card details.
EXPERT ADVICE
— Do not download little-known applications, especially those in Beta testing mode. They may disguise themselves as useful tools, but in the end turn out to be malicious. For example, such was the Symoo application for working with SMS messages, which redirected user messages to register fake accounts from the phones of victims.
— If you notice suspicious activity from one of the game world participants, report it to the support service of this game. The platform's security system may not notice the fraudster.
— Do not share your login information with third parties.
EXPERT ADVICE
— One piece of advice: do not use bots. Fraudsters use them en masse and from fake IPs, accounts, systems. If one account is blocked, they can immediately create dozens of others. The average user, as a rule, does not have such an opportunity.
Malicious software can also pose a direct threat to the user's personal and payment data.
Attackers distribute malicious code in any way:
Most often, of course, the main place for malware distribution is gaming forums.
EXPERT ADVICE
— Check the authenticity of the application before installing.
— Pay attention to the app’s privacy policy, the developer’s website, and reviews.
— Install an antivirus on your phone that will scan applications for malicious code.
— Don't follow links from unknown people. Pay attention to the link title. Pay attention to the rating of the user who left it.
When a player links their card to a mobile gaming app and pays for the full version of the game, payment can be automatically debited for any actions in the future. Because of this, inattentive users can be left without some of their funds.
EXPERT ADVICE
— Check the application settings and disable unnecessary options. For example, about automatic payment. The actions are similar to accidentally connected services from mobile operators.
For example, you decided to buy new equipment - buy it for real out-of-game money. You followed a link in the game to a site selling some unique skin. But, in fact, the site also belongs to scammers. By paying for the purchase, the user reveals his personal and bank data, which can later be used by attackers. And the player will be left without money and the "purchased" equipment.
EXPERT ADVICE
— Try not to follow obscure links to unknown resources. First, find out about the official sites for the game to make sure they are authentic.
— Install an antivirus on your phone. It will scan downloaded applications for malware.
— If you still go to the site and want to make a purchase, pay for it with some reserve debit card that does not receive your salary or other payments.
The scammers do this: they gain access to the email database of users who have installed the game and send out spam supposedly from the mobile app. In the letter, they write about the need to confirm your account details and attach a link to a malicious site-clone of the game. The user follows the link and enters their account details. This is how they end up in the hands of the attackers.
EXPERT ADVICE
— It is advisable not to follow links in emails at all.
— Pay attention to the domain in links. Fraudsters skillfully disguise URLs as well-known official sites. For example, it may not be some dota2.com, but d 0 ta2.com, where instead of the letter O there is the number 0 (zero).
— Install an antivirus on your device that will check all links you click for malicious code.
Cybercriminals create fake mobile apps for popular games and inject malware into them. Users, believing that they are installing an official app, thus infect their devices. Attackers gain access to player accounts on popular gaming platforms and consoles.
EXPERT ADVICE
— Make sure you download the official app. Go to the app page only from the official website. Pay attention to the developer's name, number of reviews, description.
— Again, install an antivirus on your smartphone. It is better to be on the safe side and pay a small amount for security than to pay a tidy sum later, which the attackers will write off from your account.
Additionally, cybercriminals can trick a child into giving away their game credentials or convince them to click on a fraudulent link to gain access to their account. Cybercriminals can use this information to steal virtual funds, online currency, or even real money.
EXPERT ADVICE
— Talk to your child about computer hygiene and online safety. Explain that you can’t trust anyone on the Internet. Tell your child not to click on links sent to them by strangers. Tell them what mistakes can lead to.
— Connect parental control to all possible services and devices.
— It is better for parents to personally check the games and applications that their child installs.
Trusting users who lack some things in the game, as well as time to develop their character, agree to such an offer. And in vain. Fraudsters deceive players, thus find out their authorization data and "hijack" accounts, leaving their victims with nothing.
Gamers are willing to spend hours just on the process of character creation, let alone the actual game time to level up their heroes. That is why they become a target for online scammers. Their accounts are a real gold mine.
If a mobile gaming app has been tainted by fraudsters, the target audience may lose interest in it. Users must be confident in their safety and the security of their valuable data.
With online gaming becoming increasingly popular, it is important to know what types of online mobile app scams there are and what to look out for.
Contents
Types of fraud in gaming applications
1. Account theft
2. Theft of funds
3. Fake accounts
3. Bots
4. Ad fraud malware
5. Hidden payment
6. Redirection to third-party sites
7. Phishing
8. Fake mobile versions of popular online games
9. Attacks targeting children
10. Social engineering
How to protect yourself: tips for players
How to protect yourself from fraud: tips for advertisers
Types of fraud in gaming applications
1. Account theft
Game accounts contain the entire life of the hero: from in-game currency to relic armor of characters and other valuable items. The most pumped up players are ideal victims for scammers.Such "fat" accounts can save a scammer thousands of game hours to create and develop their own character. When an account is stolen, attackers also gain access to the user's credit cards, which could have been saved in the account if the user purchased skins and other digital goods in the game for real money.
After the theft, the scammers immediately change the password to the account so that the real owner does not have access to it. Because of this, the player can completely leave the platform, losing interest and trust in it.
For game app owners, this results in a loss of reputation, potential income, and a negative user experience. The scammers then resell the stolen account for profit.
EXPERT ADVICE
— Create complex passwords for your accounts in games and on gaming platforms and marketplaces. Use allowed special characters, lowercase and uppercase letters, numbers.
— Do not trust unfamiliar users in the game and do not give them access to your game account.
2. Theft of funds
In virtual mobile games, scammers are interested in everything: game currency, items, and especially real money.Here is an example from India:
A youth in the capital of Odisha lost Rs 1 lakh while playing an online game on his phone. According to the Cyber Crime Cell of the Commissioner of Police, Mohan Singh was on a social networking site when he saw an advertisement for the game. The advertisement stated that the player would get Rs 50 after scoring one point and Rs 1,000 after completing all the levels of the game.
Mohan, tempted by such a tempting advertisement, immediately registered in it. After completing the game, he was asked to link his bank card for the payment of prize money. After completing the card linking procedure, he received a one-time password to enter. As soon as he entered it, 1 million rupees were withdrawn from his account in three sittings.
EXPERT ADVICE
— Cybersecurity experts have warned against uploading and sharing personal information on any online applications.
— Cybercriminals are creating dubious gaming apps to steal personal data on a large scale.
— Applications promising quick money or expensive gifts are, in fact, traps. Fraudsters first "replenish" the user's balance, but as soon as the user invests larger sums of money, they block payments.
— Gaming apps are entertainment in themselves, which is why they are so popular. That is why they are used by fraudsters to steal users’ personal or banking information.
- Always check the authenticity of the application before installing it.
3. Fake accounts
It is no secret that fake accounts are the scourge of the entire internet community. Fraudsters create fake accounts on a massive scale, using bots and emulators to flood online gaming platforms.For example, with the help of such accounts, attackers increase their chances of winning in virtual tournaments. This undermines the trust of real users in the gaming platform.
Additionally, fake accounts can also be created to make online in-app purchases using someone else's stolen credit card details.
EXPERT ADVICE
— Do not download little-known applications, especially those in Beta testing mode. They may disguise themselves as useful tools, but in the end turn out to be malicious. For example, such was the Symoo application for working with SMS messages, which redirected user messages to register fake accounts from the phones of victims.
— If you notice suspicious activity from one of the game world participants, report it to the support service of this game. The platform's security system may not notice the fraudster.
— Do not share your login information with third parties.
3. Bots
Fraudsters use bots in the game world to create, promote and level up accounts that can be sold for real currency. Bots are able to accumulate resources, armies, items, etc. more easily and quickly, which spoils the impression of the game for real players.EXPERT ADVICE
— One piece of advice: do not use bots. Fraudsters use them en masse and from fake IPs, accounts, systems. If one account is blocked, they can immediately create dozens of others. The average user, as a rule, does not have such an opportunity.
4. Ad fraud malware
The app can be fraudulent from start to finish. As soon as the user installs it on their mobile device, it immediately starts opening tabs in the browser in the background and viewing or clicking on ads. While the user thinks that they are playing an interesting game, the resources of their smartphone are being used by attackers.Malicious software can also pose a direct threat to the user's personal and payment data.
Attackers distribute malicious code in any way:
- links to a malicious application, skin store, or patch for the game are posted on a forum dedicated to the game;
- send spam emails with malicious attachments or links to fraudulent software;
- send spam with malware inside the game via chats;
- exploit browser vulnerabilities to download malware when users visit gaming sites and applications;
Most often, of course, the main place for malware distribution is gaming forums.
EXPERT ADVICE
— Check the authenticity of the application before installing.
— Pay attention to the app’s privacy policy, the developer’s website, and reviews.
— Install an antivirus on your phone that will scan applications for malicious code.
— Don't follow links from unknown people. Pay attention to the link title. Pay attention to the rating of the user who left it.
5. Hidden payment
This is not exactly a scam, but it is not pleasant. Most applications with games are created in a shareware form. This means that the user will get free access only to a certain part of the content, the other part, if he does not buy it, will be blocked.When a player links their card to a mobile gaming app and pays for the full version of the game, payment can be automatically debited for any actions in the future. Because of this, inattentive users can be left without some of their funds.
EXPERT ADVICE
— Check the application settings and disable unnecessary options. For example, about automatic payment. The actions are similar to accidentally connected services from mobile operators.
6. Redirection to third-party sites
Malicious mobile gaming apps can redirect online players to third-party fraudulent resources.For example, you decided to buy new equipment - buy it for real out-of-game money. You followed a link in the game to a site selling some unique skin. But, in fact, the site also belongs to scammers. By paying for the purchase, the user reveals his personal and bank data, which can later be used by attackers. And the player will be left without money and the "purchased" equipment.
EXPERT ADVICE
— Try not to follow obscure links to unknown resources. First, find out about the official sites for the game to make sure they are authentic.
— Install an antivirus on your phone. It will scan downloaded applications for malware.
— If you still go to the site and want to make a purchase, pay for it with some reserve debit card that does not receive your salary or other payments.
7. Phishing
Phishing attacks in mobile online games are not uncommon. In this case, the user may pay with their account data.The scammers do this: they gain access to the email database of users who have installed the game and send out spam supposedly from the mobile app. In the letter, they write about the need to confirm your account details and attach a link to a malicious site-clone of the game. The user follows the link and enters their account details. This is how they end up in the hands of the attackers.
EXPERT ADVICE
— It is advisable not to follow links in emails at all.
— Pay attention to the domain in links. Fraudsters skillfully disguise URLs as well-known official sites. For example, it may not be some dota2.com, but d 0 ta2.com, where instead of the letter O there is the number 0 (zero).
— Install an antivirus on your device that will check all links you click for malicious code.
8. Fake mobile versions of popular online games
Unfortunately, popularity breeds fraudsters. The more users a game attracts, the more temptation there will be for attackers to look for victims on such gaming platforms.Cybercriminals create fake mobile apps for popular games and inject malware into them. Users, believing that they are installing an official app, thus infect their devices. Attackers gain access to player accounts on popular gaming platforms and consoles.
EXPERT ADVICE
— Make sure you download the official app. Go to the app page only from the official website. Pay attention to the developer's name, number of reviews, description.
— Again, install an antivirus on your smartphone. It is better to be on the safe side and pay a small amount for security than to pay a tidy sum later, which the attackers will write off from your account.
9. Attacks targeting children
Cybercriminals are smart, cunning and unscrupulous. They can gain children's trust during the gameplay and force them to buy digital goods in the game for real money. As a rule, from parental bank cards.Additionally, cybercriminals can trick a child into giving away their game credentials or convince them to click on a fraudulent link to gain access to their account. Cybercriminals can use this information to steal virtual funds, online currency, or even real money.
EXPERT ADVICE
— Talk to your child about computer hygiene and online safety. Explain that you can’t trust anyone on the Internet. Tell your child not to click on links sent to them by strangers. Tell them what mistakes can lead to.
— Connect parental control to all possible services and devices.
— It is better for parents to personally check the games and applications that their child installs.
10. Social engineering
Right in the game or on the forum dedicated to it, some users openly offer players to provide their logins and passwords to receive bonuses or other help (for example, leveling up).Trusting users who lack some things in the game, as well as time to develop their character, agree to such an offer. And in vain. Fraudsters deceive players, thus find out their authorization data and "hijack" accounts, leaving their victims with nothing.
How to protect yourself: tips for players
- Download applications only through official sources, websites and marketplaces. Do not follow links that lead to unknown third-party resources.
- Do not go to unknown resources from emails. If you receive an email asking you to confirm your authorization in an online game, log in to it separately, not via the link in the email.
- Do not disclose your authorization data, passwords, SMS codes to third parties.
- An obvious piece of advice, but still: do not post your bank card details in the public domain.
- Create strong passwords for your accounts. It is best to use complex passwords that contain numbers and additional characters, which will be difficult for scammers to guess.
- It is best to use two-factor authentication, that is, logging in not only with a login and password, but also an additional code by email, PUSH notification or SMS. If an intruder managed to pick up or obtain your authorization data, he will not be able to pass the second stage.
- Try to use "empty" cards for online shopping, i.e. those that do not receive any cash payments. It is safer to top up such cards with the amount needed to make a purchase.
