Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Phishers Playing Games?

Created: 23 Nov 2009 20:13:40 GMT • Updated: 23 Jan 2014 18:31:05 GMT
Suyog Sainkar's picture
0 0 Votes
Login to vote

Phishers are constantly targeting newer brands from diverse industries, with the sole motive of fraudulently acquiring a large amount of users’ confidential information for financial gains. Symantec has observed and followed up with some recent trends in phishing attacks targeting some of the popular online gaming websites. Since the beginning of this year there has been a steady rise in phishing attacks on gaming websites.

Why and How?

The primary motive of fraudsters is to seek out users’ confidential information, such as the login details for online gaming websites. The sample shown below is of a typical phishing Web page created by the fraudsters, which mimics a popular online gaming website. To trick users into trusting the phishing website, the phishers add a widget (to monitor online visitors) that will display some random number of purported online users visiting the site at a given time.  
Screen shot 2009-11-23 at 8.07.45 PM.png

Using these fake websites, phishers are employing tactics to acquire online gaming registrations and product keys from the intended victims. The sample shown below is a snapshot of a typical phishing Web page that has been created by fraudsters to ask users to verify their identity and enter their “Gaming Registration Key.” Since the users have to purchase these registration keys to access the online gaming feature and join in on the social networking / gaming community that is offered on some of these sites, the fraudsters can acquire these credentials free of cost. The registration keys—along with the other fraudulently acquired user credentials—are in all likelihood marketed on the maturing underground economy.

Screen shot 2009-11-23 at 8.08.12 PM.png
Symantec observed an increase in yet another recent trend of phishing attacks targeting gaming websites. The victims of these attacks are required to enter their personal login credentials for other accounts such as popular social networking accounts and free email accounts. By employing such tactics the fraudsters are also attempting to target other popular websites and in the process acquire a large amount of user details that will be marketed in the underground economy and/or used for further spamming activities. The sample shown below is one such phishing Web page created by fraudsters that asks users to enter their login credentials for a popular social networking website.
Screen shot 2009-11-23 at 8.08.22 PM.png

Phishers also attract users by providing fake offers such as free “premium” accounts or credit points on their phishing Web page(s). The sample shown below is a phishing Web page that lures users into entering their login details in order to obtain these fake offers.
Screen shot 2009-11-23 at 8.08.33 PM.png

In the second half of 2009 over the first half, Symantec observed a staggering 300 percent increase in phishing attacks targeting gaming websites. The phishing websites are look-alikes of the legitimate sites; thus, users should be careful with online gaming websites asking for any confidential information and are reminded to observe security best practices as listed here.

Consumer Best Practices:

•    Individuals should be wary of suspicious links asking for any personal/confidential information, especially those sent through apparent spam emails or those seen in social networking sites and online forums.

•    Always type website addresses directly into the address bar of your browser. Avoid clicking on suspicious links and/or attachments in email or IM messages because these maybe links to spoofed websites and may also expose computers to unnecessary risks.

•    Ensure that passwords are a mix of letters and numbers, and change them often. Passwords should not consist of words from the dictionary.

•    Ensure that the website address where you are required to submit your credit card or bank account details starts with a “https://” instead of “http://”.

•    Symantec recommends that individuals equip their systems with the latest Norton Security Suites with an anti-phishing feature.


Note: I want to extend my thanks to the co-author of this blog, Anand Muralidharan.