Online video games have become an industry that moves huge amounts of money, around $200,000 million per year worldwide. This interest has led multiple organized groups of cybercriminals to perpetrate crimes against multinationals in this industry, by leaking confidential information about products that have not yet been released. One of the last known attacks was on the Rockstar Games company, when attackers leaked more than 90 videos of an in-development version of the game Grand Theft Auto VI (GTA 6).
This past September was particularly difficult for EA Sports, when it was revealed that the company could have been the victim of a cyberattack before the launch of what will be the last installment in its series of FIFA soccer games, which will be replaced by a new franchise called EA Sports FC. In any case, this new version was surrounded by uncertainty as it was feared that content about the game could be leaked before the product release, or there could be other cyberattack attempts as was the case in past years.
“This shows that cybercriminals focus their efforts on attacks targeting from home users to big businesses, based on their interests. And they use highly developed mechanisms to infiltrate the networks of big corporations, causing them damages amounting to millions of euros almost effortlessly,” explains Herve Lambert, Global Consumer Operations Manager at Panda Security.
Types of cyberattacks and scams that exploit online video games: FIFA or Hearthstone
- Cyberscams based on selling FUT coins on fake or fraudulent pages. One of the most liked features of the FIFA game is the transfer market included in the popular “Ultimate Team” mode, where users trade player cards sometimes at ridiculous prices. “There is a potential danger in the purchase of FIFA 23 coins, which could easily turn users into victims of a cyberscam,” underlines Lambert. “It is easier than it seems to lose your money when you buy FUT coins, if you do not properly check whether the page you are on is legitimate.”
The ideal thing is to carry out the transaction on pages verified by EA Sports and stay away from ads offering FUT coins at extremely low or unrealistic prices. “Especially when these items are offered on social media or third-party pages where the seller asks for an upfront payment after which you are very likely to receive no coins,” explains the Panda Security cybersecurity expert. Also, there is the additional risk of the scammer asking you not only for money, but also information or confidential data on your EA accounts.
- Phishing scams to hack other players’ accounts. There have been reports of attacks where users receive an email that appears to be from EA Sports concerning a FIFA Ultimate Team promotion. If you click on the fraudulent link in the email, you are taken to what appears to be the FIFA Ultimate Team login page and, if you enter your login name and password, the attacker could steal your credentials along with any banking data you could have stored in your profile.
“This is potentially dangerous with games such as Hearthstone, with freemium features, because users normally store credit card data in their account profile in order to make future purchases. Additionally, there are many cases in which it is children who fall into the trap and fill out the data requested in the email or on the fraudulent page with their parents’ credit card data,” says Herve Lambert, Global Consumer Operations Manager at Panda Security.
- Private messages through the console’s online messaging system. “The company has repeatedly warned that it never contacts users through that means,” explains Lambert. “So, if you receive any such message, we recommend that you ignore it and report it to the video game company.”
Another type of online game that has turned into a goldmine for cybercriminals is freemium games, that its, free programs with paid add-on features. “In fact, this is one of the most popular models today, as it has become the main source of revenue not only for video game companies, but also for companies in other industries, such as Duolingo, Spotify, or even cloud storage services where you need to pay to have more available space.  You pay to unlock levels, get rid of ads, and save time,” underlines Lambert.
- App and third-party program usage. Shortcuts for players who end up with malware-infected devices. Hearthstone, Blizzard’s popular collectible card game, has repeatedly warned users that it does not accept responsibility for crimes that occur as a consequence of downloading programs such as Hearthstone Hack Tool v2.1 or Hearthbuddy. These programs provide you with certain perks such as knowing which cards your opponent is going to draw, but at the cost of enabling cybercriminals to manipulate your personal files or your device’s webcam.
“In this context, it is very important to educate people about the ever-increasing cyberrisks that society faces due to the growing popularity of video games. Especially young people and children, who often lack the necessary information and preventive mechanisms to know how to deal with a threat such as this,” concludes Herve Lambert, Global Consumer Operations Manager at Panda Security.