Jorge-Vieira
18-02-15, 10:36
Phishing for Gamers
Phishing is a great pastime that can provide a great opportunity to get to know people. In this case, people who you don’t want to know, but they certainly want to know who you are. Phishing campaigns in relation to gamers seem to be holding steady, but they are becoming more and more sophisticated as well, making detection difficult.
It looks as if a new phishing campaign has been launched (https://blog.malwarebytes.org/fraud-scam/2015/02/square-enix-phishers-home-in-on-dragon-quest-x-video-gamers/) that targets Japanese fans of Dragon Quest X, taking advantage of those that happen by the fake website and tricking them into giving up their credentials
http://cdn4.wccftech.com/wp-content/uploads/2015/02/dragon-quest-phishing-page-635x749.png (http://cdn2.wccftech.com/wp-content/uploads/2015/02/dragon-quest-phishing-page.png)
Malwarebytes has posted via their official blog that someone has created a fake website whose intent is to capture, or go phishing for Dragon Quest X login credentials. Phishing is something usually implemented and geared towards websites and services that generate enough traffic that the risk of setting up such a phishing operation is outweighed by the potential reward. It seems that a new trend is to target gamers, Razer’s own Comms software (http://wccftech.com/fake-razer-comms-app-reportedly-targeting-gamers/) being the target of choice just recently.
In this case the attackers are using a technique known as typosquatting (https://nakedsecurity.sophos.com/typosquatting/) to lure their victims. This is where a URL is very close to the actual real website but the spelling is off just enough to be a realistic representation of how we might actually type the URL misspelled. A very clever technique indeed, and one that can even trick those that have a good eye, especially because this particular page happens to be an almost exact replica of the real login page.
There are fields for everything you’d expect when going to the legitimate Square Enix site, to include the one-time password box that Square Enix has recently implemented. Though it is missing the CAPTCHA, and that should be a big red flag for anyone. What legitimate website doesn’t have a CAPTCHA in some way shape or form? Aside from Google and their awesome implementation of an anti-robot checkbox.
Interestingly, however, the domain is actually not registered anonymously, though that doesn’t necessarily mean that the registrant is connected to the actual phishers themselves. He too could be another lonely victim in this cruel world.
It’s unfortunate that things such as this happen, but it’s the reality of the connected world we live in. Could this be a trend towards targeting the large player bases of game services? Steam, Origin, PSN and the Xbox store all provide a means for stealing mass amounts of information and any currency left over in their respective wallets, so they are certainly quite lucrative targets. But that doesn’t mean that this is a “start” of anything, as phishing is common and can be seen across all industries. But the potential is certainly there.
In fact, there has been quite a few rather persistent attempts at phishing Steam accounts, (https://blog.malwarebytes.org/online-security/2014/09/steam-threats-what-they-are-and-what-you-can-do-to-protect-your-account/) and Valves Steam Guard, the two-factor authentication method used by Steam, in order to better facilitate stealing your precious monies, skins and loot that’s in your inventory.
http://cdn2.wccftech.com/wp-content/uploads/2015/02/steamsteal-635x123.jpg (http://cdn2.wccftech.com/wp-content/uploads/2015/02/steamsteal.jpg)
In one of the most recent Steam phishing scheme (https://blog.malwarebytes.org/fraud-scam/2014/06/phishy-steam-guard-file-steals-ssfn/), it seems that someone sends you a message via Steam stating that a friend of theirs can’t add you as a friend, and that they want to trade with you. They send you their profile, but instead of it opening in Steam as it likely should, it opens a very phishy website that asks you to login to. Obviously logging in isn’t a good idea, nor is it a good idea to complete that login process by clicking on a file that purports to be Steam Guard. That file contacts a server with a .ru top level domain and automatically seeks out and sends login related information to include the infamous SSFN, the file that keeps you from having to verify a new device. Having that opens a multitude of doors.
http://cdn3.wccftech.com/wp-content/uploads/2015/02/steamauto2.jpg (http://cdn3.wccftech.com/wp-content/uploads/2015/02/steamauto2.jpg)
Just be careful with what you click on and double check the URL that you’re connected to. Also, while some gamers might scoff at having a good anti-virus or anti-malware package installed. It’s actually a good idea to have something, especially for situations like this. The only real way to prevent something like this from happening is to not be on the internet altogether, but that’s a horrible idea. So instead just practice a little common sense when being approached in weird ways like this.
If it doesn’t feel right, then trust that intuition. It’s likely not right in some way shape or form.
Noticia:
http://wccftech.com/phishing-gamers/
Phishing is a great pastime that can provide a great opportunity to get to know people. In this case, people who you don’t want to know, but they certainly want to know who you are. Phishing campaigns in relation to gamers seem to be holding steady, but they are becoming more and more sophisticated as well, making detection difficult.
It looks as if a new phishing campaign has been launched (https://blog.malwarebytes.org/fraud-scam/2015/02/square-enix-phishers-home-in-on-dragon-quest-x-video-gamers/) that targets Japanese fans of Dragon Quest X, taking advantage of those that happen by the fake website and tricking them into giving up their credentials
http://cdn4.wccftech.com/wp-content/uploads/2015/02/dragon-quest-phishing-page-635x749.png (http://cdn2.wccftech.com/wp-content/uploads/2015/02/dragon-quest-phishing-page.png)
Malwarebytes has posted via their official blog that someone has created a fake website whose intent is to capture, or go phishing for Dragon Quest X login credentials. Phishing is something usually implemented and geared towards websites and services that generate enough traffic that the risk of setting up such a phishing operation is outweighed by the potential reward. It seems that a new trend is to target gamers, Razer’s own Comms software (http://wccftech.com/fake-razer-comms-app-reportedly-targeting-gamers/) being the target of choice just recently.
In this case the attackers are using a technique known as typosquatting (https://nakedsecurity.sophos.com/typosquatting/) to lure their victims. This is where a URL is very close to the actual real website but the spelling is off just enough to be a realistic representation of how we might actually type the URL misspelled. A very clever technique indeed, and one that can even trick those that have a good eye, especially because this particular page happens to be an almost exact replica of the real login page.
There are fields for everything you’d expect when going to the legitimate Square Enix site, to include the one-time password box that Square Enix has recently implemented. Though it is missing the CAPTCHA, and that should be a big red flag for anyone. What legitimate website doesn’t have a CAPTCHA in some way shape or form? Aside from Google and their awesome implementation of an anti-robot checkbox.
Interestingly, however, the domain is actually not registered anonymously, though that doesn’t necessarily mean that the registrant is connected to the actual phishers themselves. He too could be another lonely victim in this cruel world.
It’s unfortunate that things such as this happen, but it’s the reality of the connected world we live in. Could this be a trend towards targeting the large player bases of game services? Steam, Origin, PSN and the Xbox store all provide a means for stealing mass amounts of information and any currency left over in their respective wallets, so they are certainly quite lucrative targets. But that doesn’t mean that this is a “start” of anything, as phishing is common and can be seen across all industries. But the potential is certainly there.
In fact, there has been quite a few rather persistent attempts at phishing Steam accounts, (https://blog.malwarebytes.org/online-security/2014/09/steam-threats-what-they-are-and-what-you-can-do-to-protect-your-account/) and Valves Steam Guard, the two-factor authentication method used by Steam, in order to better facilitate stealing your precious monies, skins and loot that’s in your inventory.
http://cdn2.wccftech.com/wp-content/uploads/2015/02/steamsteal-635x123.jpg (http://cdn2.wccftech.com/wp-content/uploads/2015/02/steamsteal.jpg)
In one of the most recent Steam phishing scheme (https://blog.malwarebytes.org/fraud-scam/2014/06/phishy-steam-guard-file-steals-ssfn/), it seems that someone sends you a message via Steam stating that a friend of theirs can’t add you as a friend, and that they want to trade with you. They send you their profile, but instead of it opening in Steam as it likely should, it opens a very phishy website that asks you to login to. Obviously logging in isn’t a good idea, nor is it a good idea to complete that login process by clicking on a file that purports to be Steam Guard. That file contacts a server with a .ru top level domain and automatically seeks out and sends login related information to include the infamous SSFN, the file that keeps you from having to verify a new device. Having that opens a multitude of doors.
http://cdn3.wccftech.com/wp-content/uploads/2015/02/steamauto2.jpg (http://cdn3.wccftech.com/wp-content/uploads/2015/02/steamauto2.jpg)
Just be careful with what you click on and double check the URL that you’re connected to. Also, while some gamers might scoff at having a good anti-virus or anti-malware package installed. It’s actually a good idea to have something, especially for situations like this. The only real way to prevent something like this from happening is to not be on the internet altogether, but that’s a horrible idea. So instead just practice a little common sense when being approached in weird ways like this.
If it doesn’t feel right, then trust that intuition. It’s likely not right in some way shape or form.
Noticia:
http://wccftech.com/phishing-gamers/