KnowBe4 Security Awareness Training Blog

Phishing Scam Is Targeting League of Legends Players

Written by Stu Sjouwerman | Nov 1, 2018 7:54:55 PM

A phishing scam is using fake login pages to target League of Legends players, according to Avast Blog. At the moment, the attacks are taking place primarily in western Europe, mainly targeting France, Germany, and Spain. You can expect them in the UK and US after the scammers debug their beta campaigns. The sites are nearly identical to the legitimate login pages and are professional credentials phishing attacks. 

League of Legends is a free-to-play online game owned by Riot Games that averages 12 million daily players and sees over 100 million players during peak times. Its massive fanbase makes it an attractive target for phishing scams. Although the game is free, Dark Reading reports that three out of five people reuse the same password across multiple services. As a result, if an attacker steals a password to someone’s League of Legends account, there’s a good chance that he or she can use that password to access other accounts belonging to the victim.

These particular phishing sites impersonate the League of Legends login page almost perfectly. However, there are several red flags. The most obvious is the URL, which is similar to the legitimate ‘leagueoflegends[.]com’ but replaces the ‘O’ with a zero and appends extra characters at the end. You should check out KnowBe4's new Domain Doppelgänger tool to check out look-alike domains that could be used to attack your own users. 

The sites are also hosted on 000webhost, a free hosting provider. According to Avast, the most common free hosting providers are ‘bravenet,’ ‘weebly,’ ‘000webhost,’ ‘x10hosting,’ ‘awardspace,’ ‘5gbfree,’ ‘freehostia,’ ‘freewebhostingarea,’ ‘godaddysites.’ While many legitimate smaller websites use these providers, large companies like Riot Games almost always use paid services.

You should also be suspicious if something looks out of place on the webpage itself. Attackers often leave phishing pages unfinished. Before you enter any information, test different options on the page and see if its user interface behaves strangely. In the League of Legends scam, the ‘region’ option was stuck on ‘EU west’ and the ‘Remember me’ box was not functioning. While this can be an easy way to identify a fraudulent site, it’s not always sufficient; many phishing sites are very thorough and will contain links that redirect victims to the legitimate website.

These details may seem obvious once they’re pointed out, but many users would still be fall for this phishing scheme. In order to spot these scams in the real world, people need to see real, interactive examples. To be sure, it’s unlikely that an organization would want its employees playing games on company time, but there are breaks, and there are BYOD shops, so the specific risk isn’t one that an organization can be entirely confident it’s avoiding. And of course the principles of security awareness carry over from online games to other areas of online live. New-school, interactive awareness training can give your employees the knowledge necessary to recognize phishing sites.

Security Boulevard has the story: https://securityboulevard.com/2018/10/league-of-legends-gamers-targeted-by-phishing-scam-avast/

Find out if your own domain has an evil twin with the brand-new Domain Doppelgänger tool

Phishing is still the most widely used cyber attack vector, and criminal attack campaigns often use spoofed websites to deceive your users so they simply allow the bad guys to take over your network.

Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.

Our NEW Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” and combines the search, discovery, reporting, and risk indicators, so you can take action now.

Better yet, with these results you can now generate an online assessment test to see what your users are able to recognize as “safe” domains for your organization. You then receive a summary of the test results to understand how security-aware your users are when it comes to identifying potentially fraudulent or phishy domains.

With Domain Doppelgänger, you can:
Search for existing and potential look-alike domains
  • Get a report with aggregated results that includes risk indicators, and
  • Generate an online “domain safety” quiz based on the results to administer to your end users

This is a complimentary tool and will take only a few minutes. Domain Doppelgänger helps you find the threat before it is used against you.

Find your look-alike domains here:

 

Don't like to click on redirected buttons? Copy & paste this link into your browser: 

https://www.knowbe4.com/domain-doppelganger