Massive multiplayer online games — MMOGs — have become hugely popular in recent years, which means, unsurprisingly, that they’ve become big targets for attackers.
These games create alternative universes, often based in fantasy, that attract avid players who invest huge amounts of time and sometimes money into their pursuits. There have been instances of personal information — including credit card information — being stolen from the game databases themselves. People take these games seriously enough that there are attackers who exploit loopholes in plugins to these games simply to steal in-game resources from players — gold, weapons, that kind of thing — but the real danger is far more significant. There have been instances of worms infesting MMOGs in the past.
But the real gold mine for attackers are the various fan sites and forums that spring up around these games. Such peripheral sites are likely to have low levels of security, making it easy for attackers to snag email addresses, if not they’re associated passwords.
From there the classic phishing email scam begins when these attackers sending MMO gamers authentic-looking emails saying that their security has been breached and their passwords must be reset. One fake password reset portal is all it will take after that for an attacker to have the gamer’s ‘old’ password, which they will then use to exploit as many of the gamer’s online accounts as possible.
The best way for MMO gamers to protect their data is to be methodical with their security.
- Use Unique Emails: It is almost a certainty that you will get phishing emails at the email address you use for fan sites, so establish an email that you use solely for those sites. And be highly suspicious of any email you get in that account. Then set up a unique email for each MMO game you play. Again, do not associate your main personal email with any of these MMO game or fan site accounts. Use different passwords for each of these accounts.
- Use Strong Passwords: Always use strong passwords that are not words from the dictionary and that feature non-alphanumeric symbols.
- Practice Safe Gaming: Don’t play in sketchy online games; if you haven’t heard of it you probably shouldn’t trust it. And don’t click on the ads on these games, as you probably can’t trust them to be safe either.
- Embrace Authenticators: As authenticators start to become available for these popular games, use them.