If online gaming platforms will make an appearance in your home any time this holiday season, then make sure your kids’ new favorite pastime doesn’t take the happy out of your holidays.
When they are parked in front of a TV, tablet or smartphone, chances are they are playing video games. The 2021 global games market size is over $175.8 billion worldwide and an estimated 2.9 billion people around the world are playing video games on consoles, PCs and mobile devices. It’s nearly certain your kids are playing. The Entertainment® Software Association estimates that 20% of gamers in the U.S. are under the age of 18.
Those numbers, combined with gaming fraud increases, make gaming a family concern. In the second quarter of 2021, overall online fraud attempts increased 16.5% over the same period in 2020, according to a TransUnion analysis. During the same time period, online gaming fraud jumped an astounding 393%.
Parents and guardians need to understand the risks gaming poses to kids, and learn practical actions you can take to protect your family.
The Top Three Gaming Fraud Risks
While still evolving, the dangers your family faces in the world of gaming follow trends and patterns seen for years in the personal financial services and information security (infosec) industries. The three most common current risks to gamers, young and old, are:
- Account Takeover
- Payment Card Fraud
- Denial of Service and Local Cyber Attacks
Here is what’s involved, and how parents can minimize the threats posed by each.
Account Takeover
Account takeover (ATO) is the term used when someone gains illicit access to an existing account. Hackers gain access in a number of ways, from guessing an easy password to obtaining credentials for sale on the dark web.
In the context of video games, an ATO can be about getting access to the accounts of more experienced players to gain access to earned or purchased assets. The accounts and their credentials are then often sold to less experienced gamers, unaware what they are purchasing was stolen from another player. It is big business in the gaming “underworld,” where millions of stolen credentials are available on the dark web.
Because various forms of ATO fraud have been plaguing financial services and consumers for years, here are some best practices to protect against the risks to your family’s gaming accounts.
- Choose a complex password for your accounts using letters, numbers and symbols. Passphrases using spaces when allowed are even better.
- Ensure your password is unique to each account. DON’T share passwords across accounts.
- Change your password every 30-90 days and don’t recycle passwords. A password manager can assist with securely storing and remembering your passwords.
- When available, enable and use two-factor authentication on your accounts. This will often be triggered if someone attempts to access your account from an unfamiliar device/console or from a different region.
- If your account is compromised and you notice suspicious activity, you should immediately notify:
- Your bank whose payment card may be attached to that account so they can monitor for suspicious charges or cancel the card.
- The gaming platform so that they can shut down the account or monitor for illicit activity.
- The game manufacturer if it has a customer helpline and its own community standards support.
Payment Card Fraud
While often tied to ATO, payment card fraud in gaming is its own distinct risk that can arise in any number of ways. Within your gaming service, you likely have your payment card on file to be charged for anything needed to play and succeed in the game. If you or your child’s account is compromised and you are the victim of ATO, you will most likely also be the victim of payment card fraud.
Even more, there are risks posed by purchases on third-party marketplaces that allow players to exchange content like weapons, cars, skins/paint-jobs or perks. There are many ways fraud occurs in these exchanges, including that the person on the other end accepts payment and never delivers what was promised. Most exchanges do little to police individual transactions, so these violations can go unchecked.
Beware of fraudulent websites offering kids game cheats and codes that are actually payment card number harvesting scams. Instead of delivering the promised code, the site may be simply collecting the payment card number to sell it to cybercriminals. Remember, it can take weeks or months before the card number is purchased on the dark web and fraudulent charges emerge.
And finally, kids can be targeted by good old-fashioned social engineering. Their new “gaming friend” cons them into providing a credit card number, typically with the promise of game codes, skins or cheats. Make sure to talk to your son or daughter about not spending money on skins or add-ons without asking for your permission first.
Credit card fraud is nothing new, but young people might not be as adept at spotting trouble. Here’s what parents can do.
- NEVER use debit cards connected directly to a bank account. Use a credit card instead, which will provide more time to spot and remediate fraudulent charges – and thieves won’t have the chance to empty your account.
- Check account spending and report suspicious activity to your financial institution immediately, no matter how small the amount. Small amounts almost always give way to larger fraud once the card has been “tested.”
- Don’t share card information with children. Parents are ultimately on the hook for the charges, even though it may be the child’s gaming account. Terms of use universally indicate that parents are liable for the charges.
- If you still decide to allow high-risk purchases, use third-party wallets to help further insulate from fraud.
- Consider purchasing a dark-web monitoring solution that alerts if your payment card numbers and other personal data are found on the dark web.
Denial of Service and Local Cyber Attacks
Abusive players use Denial of Service (DoS) attacks as a form of retaliation or straight-up bullying. Perpetrators threaten other players in the game by “IP booting” in which they create a “traffic jam” of data that blocks valid network connections. This doesn’t just affect the child playing games – it can take the household’s entire internet network down. This type of attack is possible because there is no shortage of websites that provide illicit IP booting services for gaming platforms.
Gaming platforms can’t prevent these attacks, because they happen locally outside of the service. Using a Virtual Private Network (VPN) service is the only way to proactively avoid a DoS attack. If it happens to you, follow these steps immediately:
- Reset your internet modem and Wi-Fi router (this could mean just unplugging the power for 60 seconds).
- Contact your internet service provider if the problem persists, so they can assign a new IP address.
- Report the offending player to the applicable game network. DoS attacks violate all platform policies and are illegal.
Level-Up Your Holiday Gaming Plan
If your kids’ holiday downtime will include time playing games on a phone, console or computer, there are many common-sense ways parents can protect against emerging fraud and security issues. Like with any online activity in the modern world, the key is to remain alert and aware so that your family can enjoy the things that matter most this season.