Consumer Scam Alert: Do You Game Online? New Phishing Fraud Hits MMORPG Sites to Steal Personal Information Skip to main content

You are here

Consumer Scam Alert: Do You Game Online? New Phishing Fraud Hits MMORPG Sites to Steal Personal Information


MMORPG gamer

Do you game online? Protect your data!

Image Source: Flickr User Sergey Galyonkin

MMORPGs (massively multiplayer online role-playing game) are hugely popular these days. Since 2012, video games have drastically outsold movie tickets and DVDs, and have continued to grow dynamically. The most popular MMORPGs include EverQuest, World of Warcraft, RuneScape, Elder Scrolls and others. RuneScape alone has more than 200 million subscribers. Because the game genre is so large, it’s become a natural target for scam artists. Wherever anything gains public interest, thieves look for a way to capitalize by taking advantage. MMORPG players have become a recent target for phishing scams. In today's consumer scam alert, we look at how these scams present and how to protect yourself.

How the scam starts

As with most Internet-based phishing scams, it starts with an email or a pop-up. The typical email will warn the player that their account is about to be suspended because they tried to sell in-game items for cash or sell their character, or warn that someone has accessed the account without authorization. The point is to cause you to panic that your account has been infiltrated or lost. They provide a link for you to clear up the matter, so your account is not suspended or deleted. Because many players devote hundreds or even thousands of hours playing their online games, they take these threats seriously and often click on the link.

How the scam operates

Clicking the link can install malware on your computer that allows access to accounts, records your keystrokes so scammers can steal passwords or access the credit card information you used to set up your profile. Even if you don’t game, but your tween or teenager does, your credit card information may be on their profile and accessible to scammers. One RuneScape scam sent a very official looking email to players saying their account was suspended for using macros and provides a link to clear up the issue. You are then asked for information that allows fraud or identity theft to occur.

How scammers get MMORPG player contact info

One of the most common ways that scammers get contact information for players to fuel their phishing scams if from message boards and forums dedicated to the MMORPG. Many players go to forums and boards looking for tips or to chat with other players and the security on these sites is often less rigorous than on the MMORPG sites themselves. These sites give the scammer access to your email address plus to the game you play. That’s enough to start the scam and trigger a password reset email or another phishing scam.

How to protect yourself (or your child) from MMORPG scams

It’s important for MMORPG players to be vigilant about their security. These tips can help prevent phishing and other scams that prey on players:

  • Use multiple emails

Security experts recommend that you use a separate email for each MMORPG you play that is different from your main work and personal email accounts. If you participate on fan boards and forums, set up a separate account for these as well, so they are not associated with your player profile. That way, you’ll know that any emails sent to a forum account not associated with your player profile are likely scams.

  • Strengthen your passwords

Don’t use the same password across your accounts. Set unique and complex ones. You can use a service like Master Pass or Last Pass to safeguard them and prevent you from having to remember them all.

  • Don’t click on in-game ads or pop-ups

No matter how tempting the offer, don’t click on pop-ups online or that come up in-game. Also avoid new games that you haven’t heard of – before you set up an account on a new game, research it to make sure it’s legitimate and not a front for a scam to steal credit card information.

  • Enable authenticators

If the game offers a two-factor authenticator, be sure to enable it. This protects you even if your password is stolen. In addition to your password, you set up a second barrier that can stop an attack. One type uses your cell phone number. For example, an authenticator alert activates when your account is accessed from a new device or new IP address. The system asks you to enter a pin number sent to your listed cell phone number. Because the scammer doesn’t have your cell phone, they can’t get the pin. And you’ll get a text letting you know that someone tried to access your account. This alerts you that your account is at risk and that you need to take extra steps to secure it.

Scammers steal more than $190 billion each year according to Forbes research. If you engage in any online activities – which we all do – from using email, to playing online games, to shopping online, you are vulnerable. Falling prey to a scam can cost you big bucks and make it difficult to pay your bills. This can be the initial incident in a domino effect that ruins your finances. Be sure to protect yourself and, if your kids have your credit card info on their online profiles, shore up security on their accounts too.

For those deep in debt and unable to pay their bills, North Carolina bankruptcy can be a meaningful solution. Call +1-919-646-2654 today to contact the Law Offices of John T. Orcutt for a free NC bankruptcy consultation at one of our offices in Raleigh, Durham, Fayetteville, Wilson, Greensboro, Garner or Wilmington.

Debts Hurt! Got debt? Need help? Get started below!

What North Carolina County Do You Reside In?