For many PC gamers, one of the ultimate nightmares is having a game account stolen or an email compromised by a phishing attempt. According to the Anti-Phishing Working Group, more than 70,000 phishing campaigns were attempted worldwide in 2013. While phishing attempts may be more sophisticated than they were a decade ago, there are still some signs that gamers can look for to protect themselves from malicious attempts to compromise their game accounts.
“Phishing” is when a malicious third party attempts to trick you into giving away vital account information—usually your password and login name. One of the most common techniques involves players receiving an email from a source claiming to be an official representative from a game developer. These emails tend to have alarming messages, such as threats to ban your account for cheating or claiming there has been a serious breach of the terms of service agreement. Inevitably, the email instructs you to click on a link to “confirm” or “restore” your account that often leads to a very official looking page with a form to fill out that asks for account details such as your password.
If you receive an email that appears to be from a game developer, check it very carefully. Many phishers are savvy enough to create an email address that looks legitimate or a website that spoofs the actual game website accurately enough to pass a casual inspection. If there is ever a claim that something is wrong with your account, contact customer service on your own immediately though in-game channels or the official website. Game companies never need you to tell them your password; they already know it. Don’t bother even responding to phishing attempts, as this just alerts a phisher to the fact he has hit upon an active email.
Be especially aware of anyone asking for credit-card information, birthday, or other personal information to “confirm” your account. This is the primary way that hackers commit identity theft, and according to the Bureau of Justice Statistics, identity theft reached more than $24 billion dollars worth of theft in 2012. This is a serious problem, but gamers can stay on top of ID theft-related matters. There are a multiple sources to stay up on, from the ID Theft Center resource site to fraud protection services such as LifeLock. Familiarize yourself with the many techniques used by hackers by watching videos from Lifelock on Youtube and learn to spot malicious fraud attempts with a trained eye.
The other common vector for phishing attempts comes in the form of in-game communications. Players might receive “official” private messages claiming that they have won free items like in-game currency. They may be threatened by account suspension if they don’t reveal account information immediately. These in-game communications are usually easy to spot, as most game developers have obvious markers attached to any official in-game communication. For example, in World of Warcraft, Blizzard game masters are noted by their blue name tags and communications from them are always prefaced with a small Blizzard logo; something a phisher cannot duplicate. Phishers will often create logins that seem official at a glance, but a savvy gamer familiar with the terms of service for their game should be able to spot a fake with common sense and careful scrutiny. The easiest rule of thumb to remember that will keep you safe from most phishing attempts is to remember that legitimate game developers never ask for personal or account information from players in-game.