{"id":13711,"date":"2018-10-29T10:45:02","date_gmt":"2018-10-29T18:45:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/10\/29\/news-7478\/"},"modified":"2018-10-29T10:45:02","modified_gmt":"2018-10-29T18:45:02","slug":"news-7478","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/10\/29\/news-7478\/","title":{"rendered":"‘Fortnite’ Scams Are Even Worse Than You Thought"},"content":{"rendered":"

<\/p>\n

Credit to Author: Brian Barrett| Date: Mon, 29 Oct 2018 10:00:00 +0000<\/strong><\/p>\n

The most popular <\/span>videogame in the world is Fortnite<\/em><\/a>\u2014which makes Fortnite<\/em> scams potentially a very profitable endeavor. And while that point may seem obvious, the extent of Fortnite<\/em> fakes on the web, along with how convincingly they mimic their inspirations, may still surprise you.<\/p>\n

Fortnite<\/em> opportunists have plagued the internet since the game\u2019s launch; WIRED has previously looked at the scourge of fake app downloads<\/a> connected to the game\u2019s controversial Android launch<\/a>. But a new report from security firm ZeroFox lays bare just how broadly these scams have proliferated across social media, YouTube, and thousands of domains.<\/p>\n

\u201cOnce we started digging into it, we uncovered a lot of stuff,\u201d says Zack Allen, director of threat operations at ZeroFox.<\/p>\n

By the numbers, that \u201cstuff\u201d comprises over 4,770 live domains dedicated to Fortnite<\/em> scams; 1,390 YouTube videos advertising malicious links with combined views in the millions; and hundreds of links on social media every day that lead to fraudulent destinations.<\/p>\n

The fraud generally centers around V-Bucks, the in-game currency that players use to purchase various items and upgrades. V-Bucks cost real money; Fortnite<\/em> is free to play but reportedly raked in a billion dollars<\/a> in revenue by May for Epic Games, a significant chunk of which came from in-app purchases. Scammers typically try to lure people who\u2019d rather not pay up, offering \u201cV-Cash generators\u201d and fake coupons in exchange for personal information, credit card numbers, or ad clicks that generate revenue for the crooks.<\/p>\n

\u201cThe biggest thing that surprised us was the professionalism that went into some of these websites, where they would design some of these V-Bucks sites with a lot of skill,\u201d says Allen. \u201cThey made it look really legitimate, they had awesome user experiences, and as you go deep into those things, they made it really hard for people to differentiate between what was legitimate and what was not.\u201d<\/p>\n

The sites generally encourage visitors to click ads in order to unlock V-cash, which never materializes. Some of them deploy clever tricks, too, to appear not just valid but active, with fake messages from pretend Fortnite<\/em> fans appearing onscreen or fake comment sections full of phony satisfied customers.<\/p>\n

The domains also often had security certificates issued by Let\u2019s Encrypt, which simply means that they provide encrypted connections. It\u2019s a popular technique among scammers, because it makes any site appear safe, regardless of its actual intentions. \u201cThe issue here is not that phishing sites have certificates and use HTTPS,\u201d says Let\u2019s Encrypt head Josh Aas. \u201cAll websites, including phishing sites, should use HTTPS. The issue is that lock icons in browsers are misleading. Some people incorrectly interpret lock icons as a sign that a site's content is safe or trustworthy, and that's a completely separate issue from whether or not the connection is secure. \u201c<\/p>\n

The Fortnite<\/em> scams ZeroFox tracked also stand out for their coordinated approach. \u201cThe more interesting ones that we found redirected from one social network to another. We\u2019ve seen a lot of videos that would be linked from a post on Facebook, going to a video on YouTube, which then would link to a phishing or a scam domain,\u201d says Allen. \u201cIt\u2019s like they tried to connect a lot of these things to provide more of a sense of legitimacy to the victims. It builds trust.\u201d<\/p>\n

And while Fortnite<\/em> scams have spread steadily for months, they lately seem to come in waves, says Ben Herzberg, head of threat research for security firm Imperva, which has also tracked these campaigns. That includes a recent surge around Labor Day and another at the end of last week. The platforms are generally responsive when alerted to these threats, but don't expect them to disappear anytime soon. The domains are too hard to shut down, and the racket is too lucrative. In July, Imperva suggested that Fortnite<\/em> scammers are on track to collectively haul in over a million dollars in 2018.<\/p>\n

\u201cBasically, cybercriminals are always trying to make money,\u201d says Herzberg. \u201cIt just works so well, why stop?\u201d<\/p>\n

As for protecting yourself, common sense seems to be the best antidote. The only way to get V-Bucks is within Fortnite<\/em> itself. There are no shortcuts, no Epic Games-approved sites that will dispense them to you, especially not for clicking on junk ads.<\/p>\n

Until people learn that lesson, though, Fortnite<\/em> scams will continue to flood the web, and Fortnite<\/em> scammers will continue to collect junk ad money and personal data from their victims. \u201cWhen you put your address in a random form, when they know your age, etc., you don\u2019t know where that will lead. It could have just been five minutes wasted on filling out a form, but it could be leading to worse,\u201d says Herzberg. \u201cUntil Elon Musk buys Fortnite<\/em> and cancels it.\u201d<\/p>\n

Phishing scams are getting more and more sophisticated, to the point where they\u2019re fooling even security experts. Here's how to avoid them.<\/p>\n

https:\/\/www.wired.com\/category\/security\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Brian Barrett| Date: Mon, 29 Oct 2018 10:00:00 +0000<\/strong><\/p>\n

YouTube videos with millions of views. Nearly 5,000 bogus websites. V-Bucks scammers have gotten out of control.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10607],"tags":[714],"class_list":["post-13711","post","type-post","status-publish","format-standard","hentry","category-security","category-wired","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13711"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13711\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13711"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}