Scammers have taken advantage of special Halloween promotions to steal users from gaming sites, Kaspersky said on Tuesday. This year alone, the cybersecurity company has identified about 360,000 attacks using fake online gaming brand sites such as Steam and Eletronic Arts. Using sophisticated phishing tactics, criminals exploit legitimate Halloween offers to deceive victims.
According to Karspersky, fraudulent websites mimic the appearance of the original address to trick users into believing that they are on a legitimate gaming platform. As a result, criminals are able to trick players and steal their credentials before traditional – and real – Halloween offers. If the user tries to perform any action on one of these fake sites, he is faced with a window with the request to enter his information.
Steam website is among the main targets of criminals – Photo: Disclosure / Steam
Another factor that makes it difficult to identify fake websites is that the domain name in the address bar looks true, which removes any doubts or concerns from the user. To reinforce the feeling of credibility, criminals still request a confirmation code that the player receives by email or through the legitimate application.
Data obtained by Karspersky show that this year alone, a total of 131,000 scams were recorded using fraudulent Steam sites. Another target of criminals is EA’s Origin, which has already suffered nearly 230,000 attacks in 2019.
«Fraudsters love to exploit sales on all types of gaming platforms, as the user tends to be very attentive to the game context, and not to their own browsing through the platform’s website,» explains Fábio Assolini, senior cybersecurity analyst from Kaspersky.
Halloween promotion on Steam runs until November 1 – Photo: Reproduction / Felipe Vinha
The expert draws attention to the lures most commonly used by criminals. «We hope that players will be able to take advantage of Halloween offers and be careful when clicking on third-party banners and links, especially during the ‘special offers’ period, as these phishing attacks are growing rapidly,» he adds.
To avoid falling into phishing traps, it is important to use only official applications, websites and platforms for the games of your choice. If you have doubts about the legitimacy or security of a website, never enter your login credentials, nor bank or personal information. If you think you may have entered your password on a fake page, change the code immediately. In case of providing bank details, call the bank or card operator to cancel any fraudulent purchases.