What is social engineering?
By Jenna Greenspoon, Head of Parenting, Kidas
As an avid internet user, it’s likely that at some point, you received an intriguing email with a subject that says “Congratulations, you have won a…”. This is a scam used by exploiters to make you click on a link that then introduces malware to your computer. It’s called social engineering.
Social engineering is when an exploiter takes advantage of human behaviors and natural tendencies. By analyzing how users interact when faced with an everyday scenario, social engineering occurs by exploiting human psychology to manipulate people into making security mistakes and giving away confidential information. While this has been happening on the internet for decades, it’s now happening to gamers, many of which are too young to decipher the dangers.
First let’s take a look at how a social engineering attack happens. It’s more than just the click of a link, and happens long before the first click.
- First, the potential victims are identified. Next, a lot of background research is done on the potential victim. They find out how they can best be exploited psychologically and then they select their attack method.
- The attacker then starts attempting to psychologically take control of the victim by engaging with them. They spin a story and then begin taking control of the interaction.
- Over time, they start executing the attack using the information they gained from the victim.
- After the victim performs the expected response, the intruder takes the confidential information by sabotaging the system, and when they are done, they remove any trace of evidence and close all conversations.
Types of social engineering attacks in gaming
Phishing
When it comes to gaming, phishing is used to gain users’ credentials to take over gaming accounts. This is the most common type of social engineering attack in gaming. Here, the attacker makes the victim feel a sense of urgency or fear that tricks them into sharing confidential information. Phishing scams include fake websites that have an in-game money generator or enter to win type games. To use it, gamers have to login with their gaming account credentials. Once the credentials are shared, scammers are able to access sensitive information related to the gaming account and the victim.
Gaming scams have become much more advanced. In games such as CS:GO, scammers have created fraudulent stores where players go to buy weapons for the game. These stores look very real and deceive gamers to take over their accounts and steal their money.
Baiting
Baiting is when the attacker sends a fake offer as bait and takes advantage of the user’s interest or curiosity. This may be done through offers to earn free Robux or V-bucks, in-game currencies. An example of this is an offer for a free gift card or free software which then gives the opening for malware to be downloaded onto their computer.
Cheat programs
Gamers everywhere want to achieve the best score or the best time, even when they aren’t formally competing. Many gamers use cheat programs to improve their scores, however, they can get cheated themselves. Cybercriminals create fake cheat programs which do the opposite of what the gamer believes they were built to do. The fake cheat programs steal players’ data and can negatively affect computer performance.
Malware & Unwanted software
Cybercriminals frequently distribute malware and unwanted software, most often on multiplayer gaming platforms. Since a large number of gamers on multi-player gaming platforms are kids and teens, it’s important that they’re educated on cybersafety. Scareware is an example of unwanted software. While it has no benefit to the user, after being bombarded by ‘danger’ popups on their computer, the victim is enticed to click the download button to “protect” their computer. At this point, they are redirected to malicious sites or they download the malware directly onto their computer.
How to prevent social engineering attacks
In order to prevent social engineering attacks while gaming, it is important to be very attentive in discerning a real offer from a fake one. Here’s how to do so.
- Use a unique, strong password for all of your gaming accounts. Ensure that each account has a different username and password so that if one password is stolen, it can’t be used on every other account.
- Download games from safe sites and official stores whenever possible. Read reviews before you download.
- Do not open or click on any links that come from an unknown source, a pop-up or an unsolicited message. Pay close click attention to the website address if you end up on a website you were directed to. If it doesn’t feel right, it likely isn’t.
- Don’t download cheats or any other illegal content. The repercussions are not worth it.
- Avoid sharing personal information. If you receive an email or text message asking for your gaming credentials or other personal information, ensure that you thoroughly verify the sender’s identity before sharing any information.
- Watch out for tempting offers! If you feel it is too good to be true, it likely is. You can always check its validity by searching on google. Don’t be fooled by a too-good-to-be-true offer. Pay close attention to the website link of the offer. If it doesn’t look legitimate, it likely isn’t.
- Use multi-factor authentication. This is a great safety precaution that we highly recommend for all gaming accounts. By using multi-factor authentication, your login credentials will be verified by more than one means.
- If you are gaming on a computer, install an antimalware solution and keep your operating system software up to date. This will keep you on top of any security issues.
- Be careful about what private and personal information you share on social media or in other public forums like gaming chats. Sharing personal information makes it easier for attackers to gain access to information about you.
- If your child is a gamer, keep the lines of communication with them open and educate them about cybersafety. Set up their gaming accounts with them and remind them the importance of asking for help if someone sends them a link, sends them an offer or asks them for personal information.
About the Author
Jenna Greenspoon is the Head of Parenting at Kidas, a technology company focused on developing anti-cyberbullying and predator protection software for PC games. Jenna was an educator and administrator in the education system working with both students and their families.
Jenna can be reached online at [email protected] and at our company website www.getkidas.com.