Web Engineering by Maxim Bakaev & Flavius Frasincar & In-Young Ko

Author:Maxim Bakaev & Flavius Frasincar & In-Young Ko
Language: eng
Format: epub
ISBN: 9783030192747
Publisher: Springer International Publishing

Keywords

Game scamScam analysisFraud detectionCyberattack

1 Introduction

The gaming industry is one of the biggest profitable industries in the world. Its total market value is worth 115.3 billion worldwide. This value is expected to increase and reach 131.3 billion in 2020 [28], and the number of game players is expected to increase from 2.341 billion in 2018 to be 2.725 billion by 2021 [25].

Game developers depend mostly on the purchase of in-game resources as well as in-game adds to make a profit [9, 10]. To obtain these resources, some players are willing to bypass the normal route and use “cracks”, game-modifying software (e.g. cheat-engines [22]), or any other means of hacking. The popularity of these games provides an opportunity for hackers to release their attacks and reach out to more victims. The most common victims for such attacks are young adults and under-aged players who do not understand the risk of publishing their personal information, their parents’ credit card information and installing executable files on their devices.

In this paper, we give insight on an understudied social engineering attack targeting everyday web users, especially games players. We call this attack the Game-Hack Scam (GHS). In a nutshell, in GHS the attackers claim that they can hack a specific game and provide the victim with free, unlimited resources or other advantages for their favorite game. To obtain these claimed advantages, the victims are asked to complete one or more tasks, called “offers”. These so-called offers include, but are not limited to, subscriptions to questionable services and installation of executable files on the victim’s device. Figure 1 illustrates GHS and how a user is exposed to malicious advertisements or malware. Usually, the scam starts when a victim searches for cheats and hacks for their game using search engines, social media, streaming sites, blogs, or any other site. The returned search results may directly contain GHS instances (GHSi) such as https://​cpbldi.​com/​c26a2bb in Fig. 1. In other cases, the search results link to pages that have links to GHSis. For example, the article published in change.org1 shown in Fig. 1 contain such links. These GHSis are carefully designed web pages which attempt to convey to the victim the advanced technical abilities of the scammer and a large, satisfied user base for the GHSi. The GHSis tend to use a variety of similar templates that are used to create the attack instances. Some of these templates simply ask for the victim’s identifier on the game and the resources that should be provided. Other templates attempt to be more convincing by asking for additional information such as the game platform, the hacking server, and the ability to use a proxy. In addition, these complex templates could display a fake chat box and a pop-up showing claimed current users and the number of resources they supposedly gained. Once the information is provided, the GHSi pretends to perform some hacking process, as seen in Fig. 1 image 2.2. Thereafter, a pop-up appears claiming that the hack was successful and the victim then invited to a “verification” step.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.