The most popular videogame in the world is Fortnite which makes the game a massive target for a variety of scams. League of Legends is a remote second but is also targeted by bad guys, possibly to obtain credentials for Fortnite because of password re-use.
Fortnite recently pulled their official APK from Google Play because they didn’t want to pay the 30% e-commerce distribution fees. They decided to go direct from their site. But because of this, Fortnite doppelgänger phishing sites have popped up all over the place, as well as distribution of malware-laden APK’s from look-alike sites.
Though Fortnite is a free game, players spend more than 200 million dollars each month on v-bucks, the game's digital currency. Players use v-bucks to purchase cosmetic items and skins; the currency can be earned through playing or purchased outright in the game's store.
The results is that online cyber criminals are targeting young "Fortnite Battle Royale" players with fake offers for free v-bucks. More than 4,700 websites are fraudulently offering free v-bucks as a front for phishing and credential theft. Demand for v-bucks will persist so long as "Fortnite" remains popular.
At the same time, a phishing scam is using fake login pages to target League of Legends (LoL) players. LoL is a free-to-play online game owned by Riot Games that averages 12 million daily players and sees over 100 million players during peak times. Its massive fanbase makes it an attractive target for phishing scams.
At the moment, the LoL attacks are taking place primarily in western Europe, mainly targeting France, Germany, and Spain. You can expect them in the UK and US after the scammers debug their beta campaigns. The sites are nearly identical to the legitimate login pages and are professional credentials phishing attacks.
Although LoL is free, Dark Reading reports that three out of five people reuse the same password across multiple services. As a result, if an attacker steals a password to someone’s LoL account, there’s a good chance that they can use that password to access other accounts belonging to the victim, like Fortnite.
I suggest you send the following to your friends, family, and employees and sit down with your kids for an object lesson in cybercrime. You're welcome to copy, paste, and/or edit:
The bad guys are targeting game players on the Fortnite and League Of Legends platforms. They are basically going directly after your children using phishing and social media. Specifically they are offering free v-bucks, a digital currency used to buy virtual goods in Fortnite, but worth real money. Please make kids aware that there are literally thousands of scam sites out there, trying to rope them in with social engineering tactics. Teach your kids to Think Before They Click! The best way to avoid scams is to only purchase v-bucks directly from the
"Fortnite" store — and never share your account information online.
PS, did you know that KnowBe4 has free security awareness training for the house? It's an hour worth of training that covers the areas parents are most concerned about regarding online safety. This is the link: https://www.knowbe4.com/homecourse and the password has been kept really easy by design: it's simply homecourse
Let's stay safe out there !
Warm regards, Stu
Phishing is still the most widely used cyber attack vector, and criminal attack campaigns often use spoofed websites to deceive your users so they simply allow the bad guys to take over your network.
Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.
This is a complimentary tool and will take only a few minutes. Domain Doppelgänger helps you find the threat before it is used against you.
Find your look-alike domains here:
Don't like to click on redirected buttons? Copy & paste this link into your browser: