Phishing for Gamers

Phishing is a great pastime that can provide a corking opportunity to get to know people. In this case, people who you don't want to know, but they certainly want to know who you are. Phishing campaigns in relation to gamers seem to exist holding steady, simply they are becoming more and more sophisticated as well, making detection difficult.

It looks as if a new phishing campaign has been launched that targets Japanese fans of Dragon Quest X, taking reward of those that happen by the false website and tricking them into giving upwardly their credentials

Malwarebytes has posted via their official blog that someone has created a fake website whose intent is to capture, or go phishing forDragon Quest X login credentials.

Phishing is something usually implemented and geared towards websites and services that generate plenty traffic that the risk of setting up such a phishing operation is outweighed by the potential advantage. It seems that a new trend is to target gamers, Razer's ain Comms software beingness the target of pick just recently.

In this case the attackers are using a technique known equally typosquatting to lure their victims. This is where a URL is very close to the actual existent website but the spelling is off just plenty to be a realistic representation of how we might actually type the URL misspelled. A very clever technique indeed, and one that tin can even trick those that have a good eye, specially because this item page happens to be an nearly exact replica of the real login folio.

There are fields for everything y'all'd expect when going to the legitimate Square Enix site, to include the one-time password box that Square Enix has recently implemented. Though it is missing the CAPTCHA, and that should be a large red flag for anyone. What legitimate website doesn't have a CAPTCHA in some way shape or form? Bated from Google and their crawly implementation of an anti-robot checkbox.

Interestingly, however, the domain is really not registered anonymously, though that doesn't necessarily mean that the registrant is connected to the actual phishers themselves. He too could be some other lonely victim in this roughshod world.

It's unfortunate that things such as this happen, merely it's the reality of the continued world we live in. Could this be a tendency towards targeting the large player bases of game services? Steam, Origin, PSN and the Xbox store all provide a means for stealing mass amounts of information and whatever currency left over in their respective wallets, so they are certainly quite lucrative targets. Simply that doesn't mean that this is a "first" of anything, every bit phishing is common and can be seen beyond all industries. But the potential is certainly there.

In fact, there has been quite a few rather persistent attempts at phishing Steam accounts, and Valves Steam Guard, the 2-factor hallmark method used by Steam, in order to better facilitate stealing your precious monies, skins and loot that'due south in your inventory.

In 1 of the most recent Steam phishing scheme, it seems that someone sends you a message via Steam stating that a friend of theirs tin can't add together y'all every bit a friend, and that they desire to merchandise with you. They send you their profile, but instead of it opening in Steam as information technology likely should, it opens a very phishy website that asks you to login to. Apparently logging in isn't a good thought, nor is it a good idea to consummate that login process by clicking on a file that purports to exist Steam Guard. That file contacts a server with a .ru top level domain and automatically seeks out and sends login related information to include the infamous SSFN, the file that keeps you from having to verify a new device. Having that opens a multitude of doors.

Just exist careful with what you click on and double cheque the URL that you lot're connected to. Too, while some gamers might scoff at having a good anti-virus or anti-malware package installed. It's actually a good idea to have something, especially for situations like this. The merely real way to prevent something like this from happening is to not be on the internet altogether, but that'southward a horrible idea. Then instead just do a little common sense when beingness approached in weird ways like this.

If information technology doesn't feel right, then trust that intuition. Information technology'southward likely not right in some way shape or class.