It’s that time of year again when thoughts turn to the less-than-exciting and impending return to the grind of school and homework.  While our bodies are fully engaged in sunshine and playing outside, we’ll soon be engulfed in the busy worlds of academics, sports, and social life.  And video games.  Whether you turn to Wii, PS3, Xbox 360, your PC, or even your PSP, DS or iPhone, try not to allow the transition into the make-believe game world suspend your otherwise attentive and security oriented mind.   Yes, we’ve reached the point where games are no longer innocuous entertainment and in some cases have become the gateway to fraud.

IS THIS FOR REAL?

The short answer is “heck yeah” and the long answer is “and it is getting worse”.

I used to read about some sort of game related scam once in a blue moon, but now it seems like there’s something in the news at least once a week.  Usually these revolve around another player in World of Warcraft offering to sell someone something that they need in-game.  So someone walks up to you and says, “Do you want the all powerful dragon sword?”  Of course you do, but don’t follow him offline and email him your credit card number to buy it.

The latest scam combines a whole bunch of security risks we’ve been writing about on IDGuardian for a while: phishing, malware, social engineering.  The biggest excitement in early August (in the deafening silence of pre-Madden), the most anticipated game launch was for Starcraft 2.  And scammers were right on it.

As described here, phishing emails were sent out in an attempt to steal user accounts.  Emails were crafted to look like they were from Blizzard and contained a CD key.  Users were directed to a fake web site.  If they entered their account info in the form on that fake site, their accounts were stolen.

SO HOW DO I STAY SAFE?

The first step in staying safe is to follow the usual best practices when creating accounts.  Use strong passwords (8 or more characters, no words, a mix of letters and numbers) to protect your gaming account.  Never use the same password in more than one place or you’ll risk losing the keys to the kingdom.  Don’t use easily guessable passwords either like your dog’s name followed by 1234, i.e. toto1234.  The least sense a password makes the better.

The next step is to suspend whatever level of trust has been established among humans in your online game world.  There’s really no guarantee that anyone is who they say they are.  After all, you’re probably not interacting with “John Smith” and instead you’re interacting with “Klosko the War Ogre”.  Don’t loan anything of value to anyone else in game, and make sure to be suspicious of other players who want to trade equipment with you directly.

If anyone offers to complete a transaction outside of the game world then run away as fast as you can. Typically, a fraudster will try to get you to leave whatever protection there may be within the game world and go somewhere else to engage in a transaction.  This should send up red flags as it is the online equivalent of asking you to step into an alley to buy a shiny new watch.

No one should ever ask you for your credit card number and/or other PII. Social engineering is rampant and is especially effective against children.  If you’re a parent, make sure your children understand not to give out this information.  In fact, don’t even let them access this information – hide it if possible.  Explain that while it is valuable for their character to explore and meet new people, it may not be safe for players to meet new people.  When in-game, stay in-game.  Never introduce real assets to potential fraud in the game world.

There’s also the more drastic option of setting parental controls in Windows,  Mac, Wii, PS3, and Xbox 360. These can prevent different online activities or even prevent a child from going online at all.  This may be a good option for parents who can’t supervise the majority of play time, and as a parent you should be forewarned that today’s games are designed with dozens of hours of gameplay in mind.  Setting rules that your kid can only play with you there isn’t feasible.

Plus, it’s hard to remain vigilant after watching 40 hours of Mass Effect 2.

Related posts:

1. Identity Theft: The Game Has Changed
2. The IDGuardian Podcast: Episode #005 — Threats Facing Consumers Online
3. Identity Theft Targeting the Elderly
4. The IDGuardian Podcast: Episode #011 — Identity Theft Against the Elderly
5. The IDGuardian Podcast: Episode #006 — Protecting Your Identity While Traveling