{"id":17119,"date":"2019-12-06T13:10:03","date_gmt":"2019-12-06T21:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/12\/06\/news-10855\/"},"modified":"2019-12-06T13:10:03","modified_gmt":"2019-12-06T21:10:03","slug":"news-10855","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/12\/06\/news-10855\/","title":{"rendered":"Fake Elder Scrolls Online developers go phishing on PlayStation"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Fri, 06 Dec 2019 20:29:26 +0000<\/strong><\/p>\n

A player of popular gaming title Elder Scrolls Online<\/a> recently took to Reddit to warn users of a phish via Playstation messaging.<\/a> This particular phishing attempt is notable for ramping up the pressure on recipients\u2014a classic social engineering technique<\/a> taken to the extreme.<\/p>\n

A terms of service violation?<\/h3>\n

In MMORPG<\/a> land, the scammers take a theoretically plausible deadline, crunch it into something incredibly short and ludicrous, and go fishing for the catch of the day. Behold the pressure-laden missive from one fake video game developer to a player:<\/p>\n

\"scam<\/a><\/p>\n

Click to enlarge<\/p>\n

The text of the phishing message reads as follows:<\/p>\n

\n

We have noticed some unusual activity involving this account. To be sure you are the rightful owner, we require you to respond to this alert with the following account information so that you may be verified,<\/em><\/p>\n

– Email address<\/em><\/p>\n

– Password<\/em><\/p>\n

_ Date of birth on the account<\/em><\/p>\n

In response to a violation of these Terms of Service, ZeniMax may issue you a warning, suspend or restrict certain features of the account. We may also immediately terminate any and all accounts that you have established. Temporarily or permanently ban the account, device, and\/or machine from accessing, receiving, playing or using all or certain services.<\/em><\/p>\n

Under the current circumstances, you have 15 minutes from opening this alert to respond with the required information. Failure to do so will result in an immediate account ban, permanently losing access to our servers on all platforms, along with all characters\u00a0 <\/span>associated with the account in question. Please be sure to double check your information and spelling before sending.<\/em><\/p>\n<\/blockquote>\n

Yes, you read that correctly\u2014a grand total of 15 whole minutes to panic email scammers back with your login details. But what exactly happened to warrant such an immediate need for verification? The vagueness of the fake message may actually work in the scammer\u2019s favour here because MMORPG titles are often rife with cheating\/botting\/scamming, so developers are typically light on information when genuine infractions occur.<\/p>\n

FOMO: oh no<\/h3>\n

FOMO, fear of missing out<\/a>, is the lingering fear that not only have they never had it so good, but the \u201cthey\u201d in question almost certainly isn\u2019t you.<\/p>\n

Marketers and sales teams exploit this ruthlessly, with sudden sales and the promise of things you can\u2019t do without. Breaking hotel deals on websites can\u2019t help but tell you how many people have the same deal open RIGHT NOW.<\/p>\n

Video games, especially online titles and MMORPGs, take a similar approach, offering in-game purchases but rotating items slowly, leading to a form of digital scarcity that encourages transactions because gamers don\u2019t know if the item will be seen again.<\/p>\n

Inventory space, character slots, and many more crucial elements are at a premium, and people invest serious money to make the most out of their experience. With this in mind, people tend to be particular about keeping their account secure.<\/p>\n

As a result, scammers are hugely effective at turning FOMO on its head, giving people a nasty dose of \u201cfear of something about to happen or else.” Had a spot of bother with ransomware<\/a>? No sweat, pay us in Bitcoin and you\u2019ll get your documents back\u2014as long as you do it within three days. Fake sextortion email<\/a> claiming they\u2019ve recorded you watching pornography? Yeah, that\u2019ll be $1,000 in 48 hours or we’ll release the footage and tell all your friends and family.<\/p>\n

“It wasn’t me, what did I do?”<\/h3>\n

You\u2019ll often see people banned\u00a0 <\/span>from titles complaining on forums that all access has been revoked, with no explanation why besides a \u201cYou are banned, sorry\u201d type message. Quite often they won\u2019t even be able to follow up with support because the\u00a0<\/span>ban also locks them out of being able to raise a ticket.\u00a0<\/span><\/p>\n

Scammers know they can skip some of the fake explanation shovel work as nobody ever<\/em> receives a detailed explanation. This is to obscure the inner workings of fraud detection systems: If they spilled the beans, malicious individuals would adjust their behaviour accordingly. That\u2019s a tricky situation for developers to tightrope walk across, but it is possible in the form of additional security measures. Does Elder Scrolls Online meet the challenge?<\/p>\n

Sadly, the game doesn\u2019t allow players to lock down accounts with a third-party authenticator. There\u2019s no mobile app, and there are zero authentication sticks. What they do have is a few password suggestions<\/a> and some information about their one-time password system<\/a>.<\/p>\n

It\u2019s certainly good that the password system exists, and one would hope it would spring into life in this case, but players would probably appreciate a little more control over their security choices, as well as a few safety nets when things go wrong.<\/p>\n

By comparison, the hugely popular Black Desert Online offers Google authenticator two-factor authentication (2FA)<\/a>. Blizzard has you covered with their own authenticator<\/a>. Guild Wars offers both an authenticator app and SMS lockdowns<\/a>.<\/p>\n

Some simple rules to follow<\/h2>\n

Regardless of which game you play, remember:<\/p>\n