It’s All Fun and Games Until Someone Gets Hacked: Fraud in the Gaming Industry

The gaming industry is no stranger to fraud. Major data breaches, such as the Sony and NIS America breaches, received mainstream media coverage when they occurred. But most stories about fraud in gaming do not get that level of attention, despite the fact that there are 2.2 billion gamers in the world and 1 billion (47%) of them spend money while playing.

The reality is that fraudulent activities run rampant within gaming, threatening the safety and financial well-being of players. Smaller, more insidious forms of fraud rear their ugly heads at gamers every day, generally in the form of content abuse and account takeover (ATO).

What are some common schemes gamers run into online?

Content abuse and ATO: par for the course in online gaming

Fraudsters take over in-game accounts to send unsuspecting players links to malicious content. League of Legends recently became a hotbed for scams after accounts were being hacked and used to message random players with offers of free character skins and Riot Points. The hacked account sent a link that, when clicked, would ask the player to input their username and password to access the content —  a scheme that phished the player’s information and could potentially hack their account, as well. The problem became so prevalent that Riot Games had to warn League of Legends players that they will never ask for login credentials to give players free content, nor would the content be distributed from a random link sent by a random account.

Final Fantasy XIV players have also been targeted for ATO and content abuse. Fake accounts are created to conduct “Gil mining,” which involves racking up extremely large amounts of in-game currency called Gil and then spamming players’ chat logs with offers of RMT, or Real Money Trade. RMT is the exchange of virtual goods for real money. You can watch the spam in action below:

If a fraudster wants easy money, they might instead take over the account of a player they believe has a lot of Gil and sell off the player’s Gil via RMT. Aside from the fact that no one wants to get spammed with RMT ads while trying to play a game, RMTs pose the risk of connecting players with fraudsters looking to make quick cash and not deliver the promised Gil. Square Enix has banned RMT but is still struggling; areas in the game meant primarily for lower-level players are infested with RMT players, which might discourage newer players from continuing further into the game. This means fewer people paying Square Enix the monthly fee to play.

Fortnite, one of the most popular games in the world, is less than a year old, yet “compromised accounts have become something of a trend” for its players. Poor password hygiene has resulted in hacked accounts and fraudulent charges, sometimes to the tune of hundreds of dollars. That’s a lot of chargebacks for Epic Games – and chargebacks add up. Fortnite, like Final Fantasy XIV, offers two-factor authentication to protect its users, but Epic Games can’t do anything about players that don’t implement it or are reusing passwords between platforms.  They make easy targets for hackers that are looking for easy money.

Gamers can’t even let their guard down when checking their message inboxes outside of the games they play. Recently I’ve noticed messages from random accounts in my PlayStation Network (PSN) inbox, always from accounts featuring female names, no avatar or profile picture, and consisting only of “hi” or “hey.” Fellow PlayStation users in my life have also been receiving the same messages. I would hazard a guess that these are bots, and if we were to reply we’d be sent a link to some sort of malicious content.

Sorry to disappoint the curious, but I won’t be replying to those messages to test my hypothesis.

The gamer isn’t the only one hurt by fraud – the game developer is, too

No one wants to play games that are riddled with spam. If players can’t trust that they won’t constantly run into hacked accounts shilling malicious content – or worse, have their own account hacked – the number of players will drop and the developer will feel the hit, particularly if the game requires a fee to play.

Reputation is extremely important to a developer’s ability to survive in the gaming industry, and no developer wants to be known for creating games that get overrun by scammers and hackers. Games that suffer from toxic environments wind up losing players that aren’t willing to put up with endless ATO attempts by hackers and a barrage of spammy comments linking to dangerous content.

Even if a developer takes action, it’s often considered too late by the player base, particularly if the problem has become so far-reaching that it takes the developer days or weeks to rectify each player’s issues. The best course of action for preventing content abuse and ATO is to be proactive, rather than reactive, and stop abusive content in online gaming communities before it even happens.

Download our free Content Abuse Prevention Kit and learn how to protect your games’ communities from becoming breeding grounds of toxicity at the hands of bad actors sowing abusive, malicious content.