Hackers who target online players and take over accounts to gain access to financial information
InvestigateTV – Video games allow users to escape from reality and enter a virtual world where almost anything is possible.
From mobile to console to desktop, the multi-platform options are many for the more than 215 million Americans who play video games, according to the Entertainment Software Association (ESA), an industry lobby group.
And it’s not just kids picking up controllers. The same ESA report showed that while 71% of children under 18 are gamers, almost two-thirds of all video game players are adults.
The $60 billion gaming industry has increasingly come under attack from hackers. In a 2020 report, cybersecurity company Akamai tracked more than 246 million cyberattacks against the gaming industry, often through mobile or online games. These figures indicate an increase of 340% from 2019.
Cybersecurity expert Alex Nette, CEO of Hive Systems, said the direct cost to consumers is often difficult to identify.
“There is not a lot of information about all this and more importantly, how much it costs consumers at the end of the day,” said Nette.
Chris Stephens started playing as a child and hasn’t stopped.
“I grew up in an age where online gaming and computer gaming were just coming into existence,” Stephens said.
The 36-year-old Stephens said his first game was “Super Mario Bros.” on the original Nintendo Entertainment System (NES). Stephen’s taste evolved along with video game technology. Now the 8-bit world of Mario is gone, and he is a regular on the streaming game platform Twitch.
“It’s definitely gotten a lot more complex,” Stephens said.
Stephens said he uses video games to connect with gamers across the country, but those same systems opened him up to something he said he never expected to happen while playing games — being hacked.
In 2017, Stephens said he received an email from video game company Electronic Arts (EA) about a questionable login attempt. However, Stephens said the hackers had apparently changed his language preferences on his account and the email was sent in Russian.
“I got an email, it was completely in Russian. Fortunately, Google Translate exists, so I was able to decode what it was saying,” Stephens said. “Essentially it said my password was reset and if I didn’t initiate it, I should get in touch and update my password.”
Stephens said he had no idea how the hacker gained access to his account. He said he was immediately concerned about what other information the hacker may have stolen.
“When I got the first email in Russian and I look through it and wonder what really happened here, you kind of stop and wonder what else has been compromised,” Stephens said.
The next attack came three years later. In 2020, Stephens said he was playing Fortnite, a popular online video game by Epic Games, when an intruder hacked his account and changed his username. He said he was doing some research and the IP address was pinging someone in India.
Stephens said he was eventually able to recover his account, but he’s not alone in being hacked.
Norton LifeLock, a software company that offers tools to prevent hacking, said in a 2021 report that nearly half of users experienced some form of cyber attack on their gaming account or device.
Alex Nette said that most people fall victim to hackers without knowing it until it is too late. One of the main targets: username and password.
“Video games are just like many other online accounts for children and adults. There are passwords and usernames that are usually associated with these accounts, said Nette. “So, for hackers and fraudsters, they might want access to these accounts, especially if for children and adults who have spent a lot of time invested in these video games, it’s all their achievements in one place.”
Akamai’s “State of the Internet” report highlighted “credential stuffing” as a popular tactic used by hackers. Credential filling starts with a hacked account. Once the victim’s username and password is compromised, it is potentially sold on the black market. Because players often use recycled or easily guessed usernames and passwords, hackers can gain access to multiple accounts with the same credentials.
In 2018, the BBC reported that hackers admitted to selling player accounts for as little as £25, which is equivalent to $30 US. Nette said that not only are video game accounts worth a lot of money because of in-game purchases and software, but the accounts are often tied to credit cards.
“For those hackers and scammers, it makes both children and adults a really good target for them,” he said. “Whether you’re on a PC, or a console like a PlayStation or an Xbox, you’re at the same risk.”
Nette said another popular method of access for hackers is in-game chat features, especially when it comes to targeting children.
Games will offer methods to communicate via text chat or microphones while playing online. He said that anyone could be on the other end of that conversation.
“For both children and adults, be aware of who you’re talking to,” Nette said. “Understand and anticipate what they might talk about, and keep an eye out for those links that might look harmful or dangerous.”
The Entertainment Software Association (ESA) lobbies on behalf of some of the biggest game companies, provides guidance to manufacturers and encourages regulation to protect gamers across the country.
In 1994, ESA created a self-regulatory body, the Entertainment Software Rating Board (ESRB). The group provides guidance to consumers – especially parents – on safety concerns. The ESRB also developed a rating system to identify a game’s age appropriateness.
The ESA and other agencies such as the Federal Trade Commission (FTC) have pushed for codes to protect children’s privacy and information.
For its part, the FTC stated, “The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their children. The COPPA rule puts additional protections in place and streamlines other procedures that companies covered by the rule must follow. “
In the ESA’s Trust and Safety Policy, the agency said that “the video game industry has a strong commitment to online safety, particularly when it comes to children.” ESA also has a walkthrough on how to navigate the settings and restrict communication in the parental control section.
Marcy Thornhill is a mother and a youth advocate for College and Careers for Youth, a nonprofit organization based in Richmond, VA designed to help young people prepare for college and choose a career.
Thornhill raised two daughters who, while not avid gamers, grew up playing video games. Her children never got into online gaming, but in her current role, Thornhill teaches safe gaming practices to parents and children. “I hear a lot of concern from parents about gaming and just the need for young people to feel connected,” Thornhill said.
During her work at the nonprofit, she said she noticed children playing video games more often, especially during the summer months.
“For so many, youth games are a huge part of their lives and just their passion and drive every day,” Thornhill said. “The game is the motivation for so many young people in our communities.”
Like Nette, she warned against who could be on the other side of online communication.
“As we continue in this new age of Zoom and video games and apps, we must continue as parents, as educators, as community leaders to be diligent in ensuring the safety of our children and our family,” Thornhill said.
She said she realizes video games are part of the bond between kids in the classroom, in their personal lives and at home, but she said parents need to take an active role.
Thornhill suggested some things parents can do:
- See the games your kids are playing – check their ratings to see if they’re in the right age range to play it
- Go through the process and security checks with them and talk to them about why it’s important.
- Turn on all security protocols on their devices
– It is our responsibility to ensure [children] are well informed and don’t make assumptions because they know how to turn it on and operate it,” Thornhill said.
Chris Stephens, the player, also urged parents to talk to their children about protocols and safety measures while playing online games, especially if money is involved.
Stephens said his own nephew plays online games and uses his Christmas gifts in virtual currency to buy skins (adding outfits for characters) for his online games.
“Without having those conversations, those accounts could be lost and potentially lost altogether,” Stephens said.
As for his own accounts, Stephens said he has learned from his experiences.
“I knew there was a security risk there, but I really didn’t think anyone would do anything,” Stephens said. “And lo and behold, both my accounts were hacked. I’ve gotten better at it over time. But it’s one of those things where you don’t think it’s going to happen to you until it does.”
Stephens said he now turns on two-factor authentication on his gaming devices to avoid being hacked.
Experts and victims tell InvestigateTV there are other ways to protect yourself before it’s “Game Over”:
- If you have linked a credit card to your or your child’s account, you must regularly monitor purchases made from that account.
- Check if the gaming companies offer “scrubbing” for the chat function. It allows companies to censor certain languages and prevent links from being posted.
- Report any strange activity to the company, especially if you know something seems like a scam.
To provide more access to ways parents can protect their children on specific devices, the ESRB has provided several tips in its blog post.
Copyright 2022 Gray Media Group, Inc. All rights reserved.