League of Legends is a free-to-play online game owned by Riot Games that averages 12 million daily players and sees over 100 million players during peak times. Its massive fanbase makes it an attractive target for phishing scams. Although the game is free, Dark Reading reports that three out of five people reuse the same password across multiple services. As a result, if an attacker steals a password to someone’s League of Legends account, there’s a good chance that he or she can use that password to access other accounts belonging to the victim.
These particular phishing sites impersonate the League of Legends login page almost perfectly. However, there are several red flags. The most obvious is the URL, which is similar to the legitimate ‘leagueoflegends[.]com’ but replaces the ‘O’ with a zero and appends extra characters at the end. You should check out KnowBe4's new Domain Doppelgänger tool to check out look-alike domains that could be used to attack your own users.
The sites are also hosted on 000webhost, a free hosting provider. According to Avast, the most common free hosting providers are ‘bravenet,’ ‘weebly,’ ‘000webhost,’ ‘x10hosting,’ ‘awardspace,’ ‘5gbfree,’ ‘freehostia,’ ‘freewebhostingarea,’ ‘godaddysites.’ While many legitimate smaller websites use these providers, large companies like Riot Games almost always use paid services.
You should also be suspicious if something looks out of place on the webpage itself. Attackers often leave phishing pages unfinished. Before you enter any information, test different options on the page and see if its user interface behaves strangely. In the League of Legends scam, the ‘region’ option was stuck on ‘EU west’ and the ‘Remember me’ box was not functioning. While this can be an easy way to identify a fraudulent site, it’s not always sufficient; many phishing sites are very thorough and will contain links that redirect victims to the legitimate website.
These details may seem obvious once they’re pointed out, but many users would still be fall for this phishing scheme. In order to spot these scams in the real world, people need to see real, interactive examples. To be sure, it’s unlikely that an organization would want its employees playing games on company time, but there are breaks, and there are BYOD shops, so the specific risk isn’t one that an organization can be entirely confident it’s avoiding. And of course the principles of security awareness carry over from online games to other areas of online live. New-school, interactive awareness training can give your employees the knowledge necessary to recognize phishing sites.
Security Boulevard has the story: https://securityboulevard.com/2018/10/league-of-legends-gamers-targeted-by-phishing-scam-avast/
Phishing is still the most widely used cyber attack vector, and criminal attack campaigns often use spoofed websites to deceive your users so they simply allow the bad guys to take over your network.
Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.
This is a complimentary tool and will take only a few minutes. Domain Doppelgänger helps you find the threat before it is used against you.
Find your look-alike domains here:
Don't like to click on redirected buttons? Copy & paste this link into your browser: