Fraudsters have long recognized that Fortnite is a virtual island of opportunities. Making (criminal) money out of Fortnite is as easy as taking a lollypop from a child, because, well, many of the 78 million active gamers ARE pretty young. And not that folks the age of World Cup footballers are any less likely to fall for the myriad of Fortnite scams running wild these days. Trust me – those criminals are quite good. The game, whose developers already raked over a billion dollars this year, has certainly attracted a lot of cybercrime attention.
So – why don’t we take a look at some of the latest and greatest Fortnite cyber attacks?
In March this year, many Fortnite players realized their account has been compromised, and unauthorised charges amounting to hundreds of dollars have been made on their Epic Games accounts. Someone was playing using their credentials in areas of the game they haven’t purchased, or with battle passes they haven’t bought.
The trick is simple: first, compromise the user’s credentials through phishing, vishing (voice based phishing), or malware. Then, access the account from a new device, download the game, and use the payment mechanisms stored in the account to purchase additional virtual goods. Finally, sell the credentials in an auction site, claiming you’re the legit owner, you’ve got the most advanced gear and plenty of V-Bucks credit, but you’re no longer interested in the game – so the buyer can just go ahead, purchase the credentials, change the password if they really feel like it (most of them won’t), and have fun.
It should be noted that the game developers may soon – if they haven’t already – use device binding to make sure only trusted devices can be used to order new fortnite v bucks generator or battle passes. But as the financial industry knows, trusted devices are… well… not to be THAT trusted.