Bob Shaker, Director of Product Strategy at Norton Gaming talks to PCR about what kind of threats gamers face, and how they can protect themselves
We love video games. During lockdown, the time we spent gaming increased by 34% in Europe, 42% in Asia and a massive 52% in Latin America. During 2020, the market for games grew by 12% as many of us found relief in building anthropomorphic animal communities on desert islands and looking for imposters on starships.
But even when we’re hard at work racing go-karts or zapping zombies, we need to spare some time for cyber safety. NortonLifeLock’s recent Gaming and Cybercrime survey discovered that a massive 40% of UK gamers have experienced at least one hack and 66% of Brits think gaming will get less secure in the future.
The data shows gamers are right to be worried. In the two years from 2018 to 2020, hackers targeted gamers with almost ten billion cyber-attacks, mainly phishing and credential surfing. Bob Shaker, Director of Product Strategy at Norton Gaming had this to say:
Why do you think we need to talk about security for gamers?
We’ve recently surveyed nearly 3,000 gamers across the globe to gauge the cyber risks they face today and their understanding of the consequences of these potential risks when gaming online. With so many more people playing games than ever before, we were curious to see what the state of security in gaming looked like.
The answer was what we expected. The threat to gamers’ security has never been more acute. And it’s growing. But the evidence also suggests that gamers often don’t realise this. Gamers’ profiles are increasingly becoming an attractive target for hackers. With online gaming on the rise during the pandemic, cybercriminals have taken aim on the lucrative industry. It’s never been more critical for gamers to have strong security in place and build good safety habits to protect themselves.
Looking at the results of our research, it was clear to us that, as an industry, we need to do more to get the message out: secure your gaming devices and your gaming accounts. We know that a gamer’s top priority is to play their games without interruption and that cybersecurity is usually an afterthought. The tension between wanting security and wanting uninterrupted gameplay has plagued gamers for years, and unfortunately cybercriminals are taking full advantage of that.
What are some of the most common security risks to gamers?
The biggest risk is thinking you’re not at risk. One of the most startling findings of our Gaming and Cybercrime survey was that over half of gamers in most countries think their gaming accounts will never be hacked. More than two-thirds of UK gamers (69%) believe they would never fall for a gaming scam, and half (50%) think their gaming account(s) will never be hacked – but 40% of UK gamers say they have had a gaming account hacked, including 7% who have had their account hacked more than once.
Gamers need to be realistic. Everyone who has ever been hacked probably thought it wouldn’t happen to them.
We know that gamers today are faced with challenges that extend well beyond the game itself. Whether you’re a casual or hardcore custom-built PC gamer, your personal information and digital assets in the gaming universe and are valuable to cybercriminals, putting you at risk for device vulnerabilities, phishing attacks and identity theft.
A typical gaming account can include the gamer’s name, date of birth, address, email, mobile number, payment information, and other personal information that, with the right mix of information, could be used by an identity thief to wreak financial havoc. What’s more, gamer tags are ransacked for often rare or limited-edition virtual items or personally identifiable information that can then be bought and sold for real money on the Dark Web. Once a gaming account has been breached, the gamer’s other accounts, from banking to social media, are also at a much higher risk for account takeovers and fraud.
From our research, we’ve seen that these real crimes match quite closely the things, which gamers say most concern them and which they want to guard against. 59% of UK gamers say they would be upset or devasted if a hacker took their digital in-game currency, and 66% say they would be very upset or devastated if hackers compromised or took over their gaming account.
Unfortunately, these things that cause gamers most concern aren’t theoretical. They happen all the time. Despite this, nearly half of UK gamers (48%) say they don’t think twice about sharing personal information when signing up for gaming accounts. In fact, nearly three-quarters of gamers (72%) say they trust gaming companies (e.g., Blizzard, Ubisoft, Steam, etc.) will protect their personal information and data. But as gamers, we also need to take responsibility for our own security.
How can gamers protect themselves from cybercrime?
The most obvious thing is to be on your guard. Don’t give out your personal details, for instance. Treat online gaming acquaintances the same way you’d treat any other stranger online: never share anything personal about yourself – your birthday is not something people need to know. What area you live in, or your address: these are not things people should be asking you.
Having established this as a foundation, the next step is to broaden it out and apply it to other contexts. For instance, one of the risk vectors for many gamers is unguarded participation in privately run game-related chat servers. Often, clearly, these are legitimate. But sometimes, they can be honey traps. Users with ill intentions will share gaming tips, tricks and content long enough to build trust. Then they’ll share a malicious link, with the promise of the latest, greatest cool skills or customisations for a game.
Essentially, this is just a phishing attack, directed at a large group of gamers using the same chat server, it’s just that it preys on gamers’ thinking they won’t get hacked and not thinking that they offer much value to cyber criminals.
People need to be as much on their guard as they would be if a stranger sent them an odd-looking link in an email. By the same token, be wary of people and sites that offer rare or highly desirable gaming items. If someone says they can give you free or cheap skins, mods, game hacks or something else that every gamer wants, be suspicious. The old adage applies in gaming as much as in other aspects of life: if it sounds too good to be true, it probably is.
There’s a big security risk regardless of if you’re a console, mobile or PC player. And people shouldn’t assume that the need for security only applies to PCs. That gamer tag – your gaming identity – is tied to your account, which equals money and a connection to your personal information, and sometimes your financial information, if your credit card is on file.
Gamers, even console gamers, can also use technology to help protect their gaming assets and their lives against hackers. For instance, Norton 360 for Gamers monitors the dark web and will inform you if it sees your gamer tags and personal details for sale there. This gives you the time to change your passwords and other security measures. And even though it doesn’t install software on your console, it’s still protecting the gaming accounts on that console — and the time, money and emotion you have invested in those accounts.
The right security software will even work with you to both protect you and enhance your gaming experience. For instance, it will detect when you’re playing a game in full-screen mode and will only interrupt you with the most urgent alerts.
Do you think there needs to be more warning in regard to the importance of security in the gaming sector?
Yes, absolutely. The security industry and the gaming industry together need to work harder to get the message across both to gamers and, in the case of younger kids, their parents. There are today, around 2.7 billion gamers worldwide. That represents a massive investment in devices, software, and games, as well as in time and in emotion.
Users need to understand that their gaming activities and devices can, without the right approach to security, be used as attack vectors to gather personal data and financial details from their real lives. As an industry, we have to get this message across to users. And we have to give them the tools and the skills they need to protect themselves.
Read the latest edition of PCR’s monthly magazine below: