Stolen online gaming accounts earn hackers millions...how can parents reduce the risk?
When I started playing computer games, all that digital fun was kept on a cassette tape (yes the '80s were fun if a little slow to load). Any progress made in the game was lost when it was switched off and the worst that could happen was the tape getting chewed by the player or it not loading properly after 20 minutes!
Fast forward 30-odd years and the games are always on - run on giant servers that keep your profile warmed up and ready to play where you left off at a moment's notice. Now progress has a real value, way beyond bragging rights on the playground. Your child's progress - and the monetary investment you will likely have made for them to keep up - is at risk.
Game developers are now charging for their games in a different way - Fortnite is one of the best examples of this but there are many. The game is free yet Epic Games - the company who owns Fortnite - is worth $28.7 billion as of April 2021. They and others have achieved extraordinary financial success by charging for in-game assets or content via 'micropayments' based on a virtual currency - in the case of Fortnite they are called V Bucks.
Players can earn limited amounts of these in-game currencies by playing (which in itself drives the urge to play as often as possible - the kids are being paid to play!) but the really desirable assets need to be exchanged for small amounts of real money. I say small amounts but it's a scale - the most expensive special offer in Clash of Clans at the moment is the 'Zero to Hero' package which costs £48.99. The interesting thing about V Bucks is they don't actually create any competitive advantage - they just change how the character looks and dances.
If child enjoys gaming, be it on their smartphone, a PC or games console, they will have multiple online profiles and their online assets are at risk in the following ways:
Scamming via free giveaways. The criminals know how badly kids want more of whatever virtual currency is needed in their favourite game and they exploit this. Children are giving away account details in order to receive rewards that never come.
Brute force & password cracking. Hackers will use brute force methods to guess passwords - high end Fortnite cracking tools can try around 500 variations a second while many accounts are compromised as a result of data breaches elsewhere. Let me explain...most people use only 2-3 passwords across their different logins so if one is compromised it is likely the same password can be used by the hackers elsewhere. Thieves will know the usernames to target by playing the game online and noting which users have value.
Phishing & Malware. The free giveaways mentioned above are an example of phishing but the gaming world offers other opportunities for criminals. Children are befriended in-game using the apparently shared interest then sent malicious links via messaging platforms. Malware is distributed in the same way while it's also possible for hackers to convince competitive players to download software promising cheats or other means of gaining advantage in the game.
Security flaws in the games themselves. There have been a number of spectacular and well publicised breaches that have resulted in many millions of account details being made available online. The company that suffered the breach would normally reset all their user's passwords however be aware if your child uses the same password on other accounts - you will need to change them!
The problem is huge, a quick google search reveals that BILLIONS of gaming accounts across all the platforms are compromised each year. It is lucrative for criminals: through Fortnite alone, according to a 2020 report by Night Lion Security, sellers of hacked accounts make between $60,000 and $1,200,000 per year. Roblox, Runescape and Minecraft are just as profitable if not more so; it adds up to a billion dollar industry.
So what can you do? It is hard to say no to a child who wants Xbox vouchers for their birthday after all.
Firstly talk to your child about the issue - they are digital natives and are likely to know someone who has had their account stolen or heard of a dodgy cheat code going round. Phishing awareness is as important for games as any online interaction, genuine emails or offers will never - ever - ask for login details. Never click on a link without being sure where it goes.
Secondly refresh all passwords and then activate multi-factor authentication. The latter will make it significantly more difficult for anyone to hack your child's account but adding a second (or even third) authentication step. Some game companies are starting to reward gamers when this is switched on. New passwords should be robust - not the dog's name again! There are some great password managers out there now including www.lastpass.com and they make it easy to manage all your passwords - especially handy when you have to remember yours and your kids!
Thirdly it goes without saying - use antivirus software. Some older children and even adults using PCs have been known to disable the antivirus in the quest for better performance. Good antivirus will have a 'game mode' to keep performance high.
We would love to hear your questions and comments in response to this blog - please use the comment section or post in the forum!