Sign up to our newsletter
The latest security news direct to your inbox
Cybercriminals target game sites looking for usernames and passwords – and also target PC gamers specifically with malware such as keyloggers and Trojans.
But even under heavy fire, there are a few steps that can keep your system safe – even if your favourite gaming websites do get hacked.
ESET‘s PC antivirus software is a good first step – offering security solutions that do not compromise speed, and which can run while you play. Below are a few more tips to stay safe.
Use Lastpass or another “password safe”
Gamers have to remember an awful lot of passwords these days – so it can be tempting to reuse the same one across multiple accounts, especially when it’s just for a copy-protection system such as Ubisoft’s Uplay. Bad idea. Uplay was hacked this year, and usernames and (encrypted) passwords leaked. Use a “throwaway” email address if possible for copy-protect schemes and other sign-ups – and as many passwords as possible. Use Lastpass or another “password safe” to stay on top of it all.
Think before you alt-tab
It helps to have a browser window open for a lot of games – especially complex ones such as MMOs. But it pays to think before alt-tabbing out of a game to check a link – people you meet in-game, even team mates or guildmates, may not be who they seem. The US Computer Emergency Response Team warns that people you meet “in game” may be there for the purpose of hawking malwware – and “direct you to phony web sites offering bogus patches or game downloads that, in reality, are malicious software.”
Is “God Mode” really worth all the cash in your bank account?
“Hacks” traded online might let you see through walls, or speed your character up – but many are very aptly named. It’s usually you who gets hacked, though – samples of PC “hacks” have found up to 90% carry malware.
Modding? Be very, very careful
In many online games mods and add-ons aren’t an extra – they’re an essential. Being seen out and about in World of Warcraft without a damage counter is a social faux pas. Just double-check the sites you’re getting them from. Sites such as ModDB or Curse are often reliable – but even they can harbour player-made mods that harbour malware. Check reviews, check URLs, and if possible have good AV software running.
Stay off the forums if you can resist it
Setting the world to rights on game forums can be irresistible – why HAS your class been nerfed? It’s unjust! Using forums can be risky, though – cybercriminals target game forums as an easy “way in” to grab large lists of usernames and passwords. If you do use them, make sure your password is different from your main game one, and if possible use a different “throwaway” email address.
Don’t buy gold – and if you do, don’t buy off the guy shouting in the chat channel
Buying gold, game currency or levelling services is risky business – the money/services you buy might well come from hacked accounts – and if you buy off the “sellers” hawking wares in the game’s chat channel, you’re even more at risk. No seller is 100% reliable, even big sites such as IGE, but small sites are havens for phishing attempts, spyware and credit card theft. Avoid.
Don’t turn off security features to speed up your PC
PC lagging? Don’t turn off security features to play – according to a survey of 1,000 PC gamers in the UK commissioned by ESET, more than 30 percent of PC gamers admit that they disable PC security features before playing online. As a result, more than two-thirds of the gamers surveyed admitted to having suffered a malware infection taking up to two days to recover from.
Joining a fan site, or a guild forum? Be careful
Take a long, hard look at any website that asks for game log-ins – even convincing looking fan sites. Blizzard, makers of World of Warcraft, warn, “Ssomeone deliberately targeting Battle.net accounts could create a site for that purpose, such as a fansite or forum for a Blizzard game. If you register on that website with your Battle.net username and password, you’ve given that person the keys to your account.”
Is there an authenticator on offer? Use it
Two-factor authentication isn’t bulletproof, but it’s a good step towards preventing account hacks – either in the form of a smartphone app, or a physical device. If there’s an authenticator app on offer, use it – it makes it far more difficult for a criminal to get into your account, and can protect you, for instance, if your password leaks in a hack on another site.
Author Rob Waugh, We Live Security