Cybersecurity for Gamers 101: Gaming Malware and Online Risks
The Worst Security Issues in Games. How to Avoid Getting Infected.
Despite the predictions of the late ‘90s and early 2000s experts, gaming has evolved to encompass much more than teens and young adults. Being interested in video games is not a ‘phase’ you outgrow once you mature enough.
In fact, the industry has shifted to be more and more inclusive as time passes. According to VentureBeat, today there are more females than males spending money on games, and the average age of gamers is 31 (with more players being over the age of 36 than between 18 and 35 – or under 18). According to Nezwoo, the total worth of the gaming industry will be $174 billion by 2021.
With this kind of numbers, there’s no wonder that hackers are beginning to target games more and more. Where there’s an opportunity for financial abuse, there will always be those who try to exploit it. Cybersecurity for gamers has become a concern, and rightly so.
The Security Risks for Gamers: 10+ Common Cyber-Threats
As a fellow gamer, I understand pretty well how the landscape looks like and how common gamer behavior can lead to certain cybersecurity risks.
Beyond official stats, the gaming world sometimes behaves in less than ideal ways – buying cheats and shortcuts, for example – and very often, those are exactly the entry points for hackers.
Trying to bridge the two worlds, I think all people who enjoy games should be a little more aware of their online safety and how to protect it. So, here’s a short but comprehensive guide to cybersecurity for gamers and the main risks you can get exposed to through games.
Photo source: The Verge.
#1. Having Your Credentials Hacked for a Connected Account
If one of your various gaming accounts is hacked, it’s not just about that particular platform. Even if you think some platforms might be inconsequential (just a browser game you once signed up for), hackers can easily use your leaked credentials in order to gain access to more important accounts.
Credential stuffing is one of the easiest ways for hackers to steal money or data. It doesn’t require much technical sophistication and buying leaked credentials is cheap. From there on, they just (rightly) assume that people tend to re-use the same password for multiple accounts and they keep trying until they break in.
Since casual but committed gamers have at least 2 or 3 gaming accounts directly tied to their credit card (Steam, GoG, Blizzard and HumbleBundle, to name just a few), you can see how this can become dangerous pretty fast.
#2. Falling Prey to Scammers by the Lure of Power-ups (Buying Cheats)
Everyone who plays complex games knows that there is an entire sub-economy which trades in-game goods and favors. Despite the intentions of developers, who would like players to earn achievements, gear, and rewards by putting in the time and hard work, many players want shortcuts. As long as there’s a demand for it, there will always be other players willing to supply it for real-world money.
Some providers are even doing this for a full-time job – the Chinese gold farming phenomenon is a good example. To be fair, the work required by games is sometimes too much, almost resembling a second job. Unfortunately, regardless of whether players are right to use third-party services for buying power-ups, the main problem here is that they are often compromising their security.
The sellers of boosts and power-ups are often abusing the transaction details or the credentials they obtain (for leveling up their character faster, for example) in order to defraud the player shortly after the initial exchange takes place.
#3. Gaming Malware and Advanced Persistent Threats
Many times, games themselves can contain malware. This happens either because the game itself is just a lure in order to distribute the malicious code, or because hackers inject their script into an otherwise legitimate game.
Most of the time, games get infected when they are either pirated (downloaded from torrents for free) or distributed through unsafe means. If you want to stay safe, it’s best to buy legitimate copies for your games and to do it, preferably, through gaming platforms such as Steam, HumbleBundle or GoG. This way, the platform’s filters add more security layers to the content you download.
Some games are even designed to be malware from the start. Be wary of games which can only be obtained from an illegitimate source. For example, the Sad Satan game is a known example of malware, requiring the user to access the dark web in order to download it.
#4. In-game Ransomware for Your Developed Characters and Achievements
Especially if you buy some kind of in-game boost from 3rd parties, you are at risk for ransomware targeting your long-developed game progress. Everyone knows that for some games, character development is hard work (think World of Warcraft).
This makes people especially invested in their in-game content and even willing to pay a ransom if it gets stolen.
#5. 3rd Party Apps and Games (Especially for Mobile Gaming)
Mobile apps for gaming are easier to develop than full games and therefore tend to pop up in greater numbers. It’s also harder for both players and publishing platforms to verify the security of the apps. This led to more frequent security incidents in this niche in the past years, compared to PC and console games.
#6. Password Stealers
Keylogging malware (password stealers) have infested popular games from time to time in order to steal gamer accounts and credentials. Once the malware takes root in your system, the hackers can steal much more than your game login details.
Every other password you’ll type on the same computer is also vulnerable. Since most people use the same device for gaming and other personal accounts, internet banking, shopping accounts, TV streaming platforms and so on, this can end up doing quite a bit of damage.
Make sure you never click any link coming in from other players inviting you to test beta versions of the game and similar offers. Most likely, this is an in-game phishing attempt which will get you infected with a password stealer, especially if your system is not properly protected.
SECURE YOUR ONLINE BROWSING!Get Thor Foresight
#7. Game Cracks or Pirated Versions Shared via Torrents
If you have a passion for games but a limited budget, you might be tempted to cut corners by installing pirated versions from torrents.
Unfortunately, this doesn’t just take a bit of income away from the game developers who invested so much work and effort into their game. It also makes you more liable to malware, since the hackers are known to spread their malicious products via torrents (including through popular movies or TV show episodes, not just through games).
Game cracks (cheat codes) can be an equally tempting offer if a particular level or task seems too difficult to overcome. Don’t fall for either of these traps! Cheat codes and pirated game versions are very likely to run malware and compromise your system.
#8. Phishing Campaigns Imitating Well-Known Gaming Platforms
Phishing is one of the greatest concerns of cybersecurity for gamers, precisely because it’s extremely common but dangerous.
After you create a gaming account on a popular platform, you’ll also get used to getting emails from them from time to time. But some of those emails might be phishing attempts. At first glance, the email will look just like an official, legitimate communication from the platform. The email address might seem right, it will have the right logo and everything.
To stay safe from a credentials-stealing phishing campaign, never enter your password when prompted by such an email. Also, beware of BEC attacks and learn how to recognize a safe email from a forged one. Having some form of protection against email compromise malware is also a great layer of protection to consider.
#9. Hidden Fees
Some less than honorable games are intentionally hiding their fees in order to lure users into installing and running them. While the game is not malware per se, it can get you to acquire a substantial bill after you play it for a while, believing that everything is free or covered by the amount you initially paid for it.
Games for kids and teens are the most likely to contain hidden fees, especially third party games hosted on big platforms such as Facebook or mobile app stores.
#10. Privacy Issues from Oversharing
In massive online multiplayer games, it’s easy to make friends, guild buddies, arena partners and so on. You’ll interact with many other players and nothing forges friendships faster than overcoming challenges together.
Unfortunately, some of them are entirely different from who they claim to be. The anonymity of the internet allows people to conceal themselves more than ever before. To some, this can be much-welcome freedom, but also an opportunity for stealing, cheating, and deceiving.
Remember that not all online friends can be trusted and you should never share private details such as your (complete) real name, physical address, email addresses, passwords, etc. This kind of data should never be shared, period. Not even with real-life friends or colleagues.
Extra Online Threats for Young Gamers
Besides the cyber-risks described above, young and underage gamers are at risk even further. These 3 online gaming threats should be a concern for all parents, teachers, and guardians. The best way to fight these three is to talk things over with your kids as much as possible so that they are not caught off-guard.
We should all enable and encourage a culture of awareness in teen and pre-teen groups, as well. The truth is that peer influence often weighs heavier at this delicate age than the teachings from parents and teachers.
If we could foster a culture of prevention against cyberbullying (as well as against bullying in general), our job is more than half done. The same goes for the other online risks posed by games.
#11. Cyberbullying in Games
Online games, especially those which require teamwork, can breed powerful emotions in young gamers. Spirits can get really heated when the gameplay doesn’t lead to constant wins, and blaming an underperforming team member can quickly become cyberbullying. Or peers from the real-life network of the victim can also follow them in-game in order to spew out abuse in a more anonymous way.
The solution is to encourage kids to keep their in-game profiles pretty much private. No one needs to be able to connect their game persona to their real-life identity, as much as possible. Of course, over time the details might leak because real-life friends like playing together and friendships shift.
#12. Becoming a Target of Online Predators
An even more worrying trend is that there are some cases of older gamers, with a predator profile, who infiltrate games in order to groom young victims for abuse. Their strategy usually consists of befriending the child, while gradually feeding him or her toxic ideas, meant to estrange the kid from parents and loved ones.
Such ideas can be along the lines of ‘I’m the only one who truly understands you, who will never scold you, who will always let you do whatever you want etc.’
The best defense against this insidious type of predator is to talk to your children before they become exposed to this kind of abuse. Warn them beforehand of what they can expect to find on the internet and try to foster a sense of cybersecurity education for children. Having parental controls and a full overview, while the kids are still young (under 13) is also recommended.
#13. Becoming a Target of Addiction-Feeding Loops and Fraud
Sometimes, making kids play or spend more than they should is an explicit strategy coming from the game creators or hosts. In a very disturbing discovery, it was revealed that Facebook actually encouraged ‘friendly fraud’ – the phenomenon of luring children to spend parents’ money without their approval, with no sensible refund policies established.
Whenever parents discovered the unwanted purchases and called for a refund, the game only offered some bonus in-game items as compensation. Make sure your kids are aware that all in-app purchases are forbidden.
What to Do to Avoid Gaming Malware: 10 Most Important Actions to Take
Here is how we can all play it safe. Try to apply these principles of cybersecurity for gamers as much as you can and remember to stay vigilant.
#1. Don’t use weak passwords
We’ve talked on and on about how important it is to set strong passwords. Avoid words or funny passwords, no matter how appealing they are. A strong password consists of a random string of characters, including letters, numbers, and symbols.
#2. Don’t repeat passwords
Once you set a strong password and memorize it, don’t be tempted to repeat it across multiple accounts just because it’s safe. Repeating passwords is among the worst security moves you could possibly make. Go for a password manager and generate strong passwords for each individual account.
Then, you only have to memorize the complex password you set for the password manager. The other ones, no matter how complicated they are, will be memorized for you by the password manager software.
Fortnite, the popular game phenomenon, hasn’t been exempt from vulnerabilities either.
#3. Use extra authenticators or 2FA
Many popular games discover security flaws in their authentication process, even if thankfully there is not breach (yet). Fortnite is among the most recent games to discover that they have a major problem, but it was thankfully fixed before hackers managed to exploit it. Other games, such as EmuParadise Beach, did not manage to secure their defenses before malicious forces got to them, resulting in the data loss of millions of users.
To make sure you stay on the safe side, don’t skip steps in your authentication process. Opt not to remember passwords by default, even if it means you’ll waste 20 more seconds re-entering your credentials every time.
Enable two-factor authentication whenever you can. Some gaming platforms also offer a token or an extra authenticator app, optionally. Join in so you can stay safer.
#4. Use comprehensive cybersecurity for gaming
What does that mean?
First of all, you probably know by now that anti-virus is not enough anymore. You need a next-gen anti-virus, capable of dealing with the most recent strains of adaptive malware. You should also opt for an extra layer of security that blocks malicious domains, preferably based on behavioral / AI detection (such as our award-winning Thor Foresight Home software, if you’ll allow me a short self-promotional moment). Here’s a month on the house if you want to try both products in a premium solution which takes care of everything:
EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.Try Thor Foresight
Second of all, let’s be honest: you should also be careful that your cybersecurity for gaming indeed helps and not hinders your game experience. There are a lot of security software products out there which may work decently on a defense level, but they make the life of gamers a living hell. The security product you need in the end should have a ‘Game mode’ you can enable whenever you prepare to play.
This way, your game experience won’t be interrupted with annoying pop-ups, and the use of system resources will be optimized to give the game full priority. In case you’re wondering, our Thor Home suite does have such a Game mode included, so, if you opt to go with our cybersecurity suite, a good game experience will not be a concern.
#5. Stay away from suspicious attachments
If you get any emails with attachments or links, especially with very little context or something which sounds implausible, don’t click anything. Don’t download the attachments either, as they can contain all kinds of malware.
Stay alert and talk to your friends about cybersecurity for gamers, too. This way, if one of you receives some suspicious short messages from the other, containing a link, at least the sender can confirm if they are indeed the authors of the message or not.
Very often, this type of report from family and friends is the first sign that you are infected with malware.
#6. Keep all software updated
Out of date software is one of the main entry points for malware. That’s how malicious programs find their way into your system. Gamers tend to have many helping programs and apps installed, sometimes for a one-time session. Once you install many, it’s easy to lose track of what is updated and what’s not.
Don’t forget out of date apps and software in your system. They will just lie around as easy targets for hackers to use in order to infiltrate your device. Since keeping track of everything is hard, it’s best if you automate all software patching, just to stay on the safe side. Our Thor Free offers users this kind of patching automation for free, for an unlimited time.
#7. Only buy in-game currency from the official source
As mentioned above, sometimes the gold farming industry creates an economy of its own. Still, buying currency from unofficial channels is often just the first step in your relationship with hackers. First, they sell you in-game currency, next they hack your accounts.
Stay on the safe side and only buy currency from the game-sanctioned official channels. Almost every massive game has its own way of trading in-game resources for real-life money, should the players need a boost.
#8. Stay away from suspicious game add-ons or cheats or unknown programs
Don’t install unofficial software meant to help you play the game or to make your progression easier. These programs are not sanctioned by the developers and may not just disrupt the game files, but could potentially be dangerous to your entire device, too. Game add-ons and cheats are tempting because of this shortcut they promise, but you shouldn’t trust any kind of app or software of this kind.
However, you can make an exception for officially-sanctioned mods. Some platforms do allow them (Steam, NexusMods and so on). Just make sure your cybersecurity system is always alert if you want to install and run any such mods.
Likewise, if another player you meet online suggests you install some form of team-speaking software, don’t. It could be malware. Stick to very well-known software (like Skype), or the game’s own chatting system. Big MMORPGs have their own voice chatting team speak channels, anyway.
#9. Don’t share confidential information with others
Don’t share your account with other gaming buddies, or passwords for other accounts and so on. You shouldn’t even share your name and physical location with in-game buddies that you don’t know from real-life.
#10. Don’t fall for phishing attempts
As I mentioned earlier, once you create sufficient gaming accounts (and beyond), you’ll definitely begin receiving spam emails with phishing attempts. They will strive to look like an official email from your game platform / bank / social network, as much as possible.
But no matter how convincing they seem, if they require the input of your password or credit card details, don’t fall for it. It would be best if you didn’t even click the link leading you to the phishing page, in the first place.
#11. Be careful what links you click on social sites
Phishing and scams which resemble it are not limited to email or in-game messages. Hackers can track your social accounts and send you malicious links there as well. If you’re a part of any gaming group over social media, you’re even more likely to get targeted.
#12. Be careful where you download games from
This should be a fundamental tenet of cybersecurity for gamers, as well as the ethical thing to do. Never download games from unofficial sources or in hacked versions. First of all, because game developers should be able to receive fair payment for their work.
By paying them the right fees, you also enable them to keep new content coming, keep them fixing bugs and improving your game experience, too. So it’s a win-win. Besides, you can add wanted games to a wish-list on most game curation platforms (like Steam) and just buy them when they’re on sale.
But it’s not just about helping game developers get a fair wage. It’s also about cybersecurity: hacked and cracked versions of games often contain malicious code which slowly infects your device, steals your data or money and so on.
Sometimes, you might not even get the game at all: you’ll just click on a page advertising a ‘free’ version of a popular game and click around a bit until you see you’re getting nowhere. By the time you’ll exit the page, the damage might already be done.
#13. Keep learning about cybersecurity for gamers
If you’re doing all of the above, you are already doing a better job at protecting yourself than 90% of all gamers. There’s a very little chance for your accounts to be compromised, but since things can change very fast in this industry, it’s best to stay informed as much as possible.
Why not sign up for a cybersecurity course for beginners? We offer readers a free one here. Other than that, just make sure you keep up to date with the news and best practices in cybersecurity, for gamers and beyond. Reading our blog regularly could also help, wink-wink.
Have fun with your games and stay safe! If you have any questions or comments about cybersecurity for gamers, I’m always here, just leave them in the comment field below.