How cybercriminals attack young gamers: the most common and dangerous scams | Kaspersky official blog
The new school year brings with it new hopes, new subjects, new friends… and new (and not-so-new) video games. After the long summer break, it’s natural for kids to dive back into the cyberworld. When school’s in, there’s less time for hanging out with friends at the mall, so the digital space becomes the preferred meet-up place, including, of course, video games.
But the world of gaming isn’t quite as buddy-buddy as might seem at first glance, so here too cybersecurity is a must. Sure, the games themselves are (mostly) fine — the problem is the parasite scammers and cybercriminals they attract.
Kaspersky experts have dug deep to find out which games and players are most at risk, and what to do about it. See the full version of our report for answers to these, and other related questions.
Attackers love Minecraft
To fathom the threatscape facing young gamers, our experts analyzed statistics from the global Kaspersky Security Network (KSN). KSN collects huge amounts of anonymous cyberthreat intelligence data that we receive from users on a voluntary basis.
Selecting the most popular kids’ games for the study, we found the top four most-attacked titles from July 2023–July 2024 were Minecraft, Roblox, Among Us and Brawl Stars.
Game name
Number of attack attempts
Minecraft
3,094,057
Roblox
1,649,745
Among Us
945,571
Brawl Stars
309,554
Five Nights at Freddy’s
219,033
Fortnite
165,859
Angry Birds
66,754
The Legend of Zelda
33,774
Toca Life World
28,360
Valorant
28,119
Mario Kart
14,682
Subway Surfers
14,254
Overwatch 2
9,076
Animal Crossing
8,262
Apex Legend
8,133
That’s right, more than three million attack attempts on Minecraft alone! Almost twice more than on second-place Roblox. Why? Because so many players are looking to download mods and cheats for Minecraft, and these often turn out to be malicious apps.
As for the types of threats being spread, the most common are downloaders, adware, Trojans and backdoors. For several years now, malware downloaders have been the most live threat to the gaming industry — downloaders that tout themselves as the “best Minecraft modloader you can get” often turn out to download… backdoors, Trojans and other threats.
Popular phishing scams
While it’s easy to teach your kids to download apps only from trusted sources and use security solutions, keeping them safe from phishing is more of a challenge. Here, it pays to keep your ears and eyes sharp: the more you and your kids know and read about new scams, the better placed you are to spot them. What’s more, most gaming scams tend to follow a pattern.
Free skins
Pretty much every top kids’ game these days allows (or encourages) players to customize their character with skins that can cost serious money — millions of dollars in some cases! Most kids, of course, don’t have that kind of cash under the bed, so they’re always on the lookout for flashy item giveaways.
One such act of “generosity” was uncovered by our experts. The scammers craftily exploited two things close to young gamer hearts: Valorant and MrBeast. The first is a popular shooter game, while the other is one of the world’s most successful YouTubers, with a 300 million+ subscriber base – mostly kids.
The scammers invite gamers to log in to the phishing site using their game account credentials and then to open a treasure chest. Of course, there is no treasure — only a hijacked account.
Free in-game currency
Most in-game economies are built on two kinds of in-game currency: soft and hard. Soft currency is usually earned through playing the game; hard or premium currency is bought with real-world money. Naturally, it’s the latter that attracts cybercriminals.
For example, one scam asks Pokémon GO players to enter their game account username. That is followed by an “I’m not a bot” verification, after which the player lands on a site promising free in-game currency.
Such calls to action are a ruse to redirect users to a far more serious scam, where not only gaming accounts are at stake, but highly sensitive data like bank details.
Reward for in-game actions
“Do such_and_such and win a prize!” is a standard cybercriminal trick. We unearthed such a scam on a Roblox-related phishing site: victims were offered a US$100 Walmart gift card, the same amount for Taco Bell fast food outlets, and, for the especially greedy, US$25,000 in cash. But there’s a catch: first your payment details, please!
Since the youngest gamers don’t yet have payment details of their own, they’ll probably feed their parents’ bank card numbers to the hungry site. And you can only imagine mom and dad’s delight when the next billing statement arrives.
How young gamers can stay safe
Kids often lack basic cybersecurity skills, so can easily fall into cybercriminal traps for example, when trying to download a free game, a mod or a ‘must-have’ skin. That’s why teaching kids cyber hygiene is one of the most important missions of modern parenting.
Help your child think up a unique strong password, and get them used to using a password manager at an early age.
Tell your child about the risks they might face online.
Our Kaspersky Cybersecurity Alphabet is a fun and informative way to teach your kids about new technologies and basic cyber hygiene, and refresh your own knowledge at the same time.
Install reliable protection for gamers on all devices.
Be in the swim of the latest scams in the gaming world and warn your kids what to watch out for.
Use special apps to keep your kids safe — both online and offline.
For more great security tips for young gamers, check out the full version of our report.
Kaspersky official blog – Read More