Scammers have taken advantage of special Halloween promos to steal users from gaming sites, Kaspersky said on Tuesday. This year alone, the cyber security company has identified about 360,000 attacks using fake online gaming brand sites such as Steam and Electronic Arts. Using sophisticated phishing tactics, criminals exploit legitimate Halloween offerings to deceive the victims.
According to Karspersky, fraudulent websites mimic the look and feel of the original address to trick users into believing they are on a legitimate gaming platform. This makes it possible for criminals to trick players into stealing their credentials before the traditional and true Halloween offerings. If the user attempts to perform any action on one of these fake sites, he will be presented with a window asking to enter his information.
Steam website is among the main targets of criminals Photo: Disclosure / Steam
Another factor that makes it difficult to identify fake websites is that the domain name in the address bar looks true, which rules out any doubts or concerns from the user. To reinforce the sense of credibility, criminals also request a confirmation code that the player receives via email or through the legitimate application.
Data from Karspersky show that this year alone, a total of 131,000 scams were recorded using fraudulent Steam sites. Another target of criminals is EA's Origin, which has already suffered nearly 230,000 attacks in 2019.
"Fraudsters love to exploit sales on all types of gaming platforms, as the user tends to be very aware of the gaming context, and on his own browsing the platform's website," explains Fbio Assolini, senior cyber security analyst at Kaspersky
Halloween promotion on Steam goes until November 1st Photo: Reproduction / Felipe Vinha
The expert draws attention to the baits most commonly used by criminals. "We hope gamers can take advantage of Halloween offers and be careful when clicking on third party banners and links, especially during the period of special offers, as these phishing attacks are growing fast."
To avoid falling into phishing traps, it is important to use only official applications, websites and platforms for the games of your choice. If you have questions about the legitimacy or security of a site, never enter login credentials or bank or personal information. If you think you may have entered your password on a fake page, change the code immediately. If you provide bank details, call your bank or card company to cancel any fraudulent purchases.