Follow me on twitter Follow @RedPacketSec and join the Telegram channel
Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. It’s also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21.
FIFA games: the football juggernaut
The FIFA series is an absolute monster in terms of sales, clocking in at around 280 million copies across 51 countries over the lifetime of the franchise. According to the Guinness World Records, it’s the best-selling sports video game franchise in the world. It’s also premium bait for scammers as a result, with an enormous selection of potential victims to choose from. It’s incredibly popular with teens and younger children too, which simply increases the risk from both clever and incredibly basic attacks.
FIFA 21 launched last week, and it’s no doubt selling like hotcakes. If you’re unsure about the risks and what you should steer clear of, you’ve come to the right place. A lot of this is dependent on platform, and how deeply embedded your social media accounts are embedded into your gaming ecosphere. With that out of the way, let’s untangle any confusion you may have and avoid an own goal.
The lay of the land: explaining FIFA mechanics
It’s quite possible your kids own a few of the FIFA titles. You may well hear them talk about coins, or FUT, and speak at length about playing cards. Cards? In my football game? It’s more likely than you think. Before you can fathom the kinds of scams targeting your family members, it helps to understand the inner-workings of the title.
FUT: FIFA Ultimate Team. This is a wildly popular competitive game mode nestled inside various FIFA titles, which involves cards and coins in a continued quest for victory.
Coins: FIFA coins are the in-game currency used to perform various game related buying/selling activities. You earn coins simply by playing the game, completing challenges and objectives.
The coins stay in-game only. You’re not allowed to buy them from third parties, distribute them, or use multiple accounts to direct coins to a “main” account. Giveaways, or performing other actions to obtain coins, are all forbidden.
What do you do with the coins once you have enough of them? You spend them on cards.
Cards: The lifeblood of the game. The cards represent players in your team and come in various levels of quality. The rarer the card, the more coins they probably cost to purchase.
So far, so good…and essentially harmless. Unfortunately, the monetised aspects of the game away from the screen contributes to scammers wanting a piece of the action.
Extra-curricular activities: playing outside the game
You don’t need to spend in-game coins to purchase cards on the transfer market. Gamers can also buy “FIFA points”, sold inside the game, the relevant store for your gaming platform, or legitimate sellers. They buy these points with real money, as opposed virtual currencies. The monetisation of the game is red meat in the water to scammers.
Anything tied up in real world cash immediately offers several inroads to fakery. Arguments against this style of monetisation are also compelling. Desperation for coins / points means potentially being more susceptible to scams.
Common FIFA game scams
These target the platform you play on. It might be PC, it could be console. They might specify Steam, another store, or even something else altogether. They’ll offer up coins, free game keys, points, activation codes, money, whatever it takes. “All” you have to do is fill in a survey, or hand over your login details, or buy giftcards and send them the codes.
Perhaps your personal data is now in the hands of third party marketers, while potentially being out of pocket. Maybe you’re dealing with account compromise. You will commonly find these promoted on forums and YouTube videos.
Fake customer support assistance:
A tactic which has been around for a few years now, and frequently successful. Scammers will often pretend to be customer support reps, then insert themselves into support discussions on social media. The victim eventually lands on a phishing page. While we first came across this targeting FIFA gamers, the tactic was soon observed being used in banking scams too.
Social media fakeouts:
It’s the easiest thing in the world for scammers to create bogus pages on social media. It’s common to see fake accounts on Instagram and Facebook, and as usual the aim is to direct victims to phishing pages. If a major sporting event is taking place, they’ll probably craft banner imagery and general discussion towards said event in order to make it more convincing.
It’s also quite common for them to deploy bots in the comments to make it look as though the website/offer really works. Don’t take dozens of “this is genuine, thank you” messages for granted.
Bogus Direct Messages:
Scammers will pretend to be game admins, or console developers, or promoters. They’ll push the line that you’ve been selected for a special in-game reward, or a points offer. A technical issue may have occurred, and they need your login details to verify “something”. Perhaps they’ll claim your account has been restricted, and jumping through their hoops is the only way you’ll get your account back.
Whatever they claim, rest assured it’s all going to be nonsense. Nobody should ever ask for login credentials, and especially not in such casual fashion. All attempts sent your way should be blocked and reported on your platform. This will help to keep other people safe, too.
An increasingly wide playing field
EA titles recently returned to Steam, having been absent for some years. As each gaming platform has its own set of security protocols, parents and gamers need to keep up with how things work on each.
In a recent interview with The Daily Swig, I touched on aspects of microtransactions with regards to a rise in attacks during the pandemic lockdown. If you limit the time available for in-game items, or dabble in rarity as a reward, then younger gamers will gravitate towards parents who often hold the digital keys to the kingdom. Buy this, buy that, now buy six more of these.
What this means in practice, is endlessly jumping into one or more email accounts to authorise logins, transactions, trades, and more. Those accounts may also require several steps of authentication to login. Eventually, some parents will simply drop some security features in order to make things less of a hoop-jumping exercise.
At that point, the accounts are now vulnerable to attack. Streamlining games which require multiple platform logins, authentication, in-game validation, and email activity on a regular basis isn’t easy and that’s what scammers rely on.
Blow the whistle, referee
Whether your game of choice is FIFA or something else entirely, keep the above tips in mind. Ensure you’re aware of the latest FIFA scams doing the rounds and take some time to figure out security practices that work for you on your selected platform. Every small step you make towards keeping scammers out makes it harder for them to score the winning goal.
The post FIFA 21 game scams: watch out for unsporting conduct appeared first on Malwarebytes Labs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.