Gamers Hit with Social Engineering Attack
Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.
The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employee. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More
If the term ‘social engineering attack’ is new to you … you are not alone.
Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.
Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:
– Phishing – fraud, impersonation and old-fashioned blackmail.
– Baiting – fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”
– Pretexting – this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.
– Spear Phishing – this is a very targeted email attack on specific employees (or sometimes organizations as a whole).
Tips:
– Only click on URLs that begin with https.
– Enable multi-factor authentication when available.
– Use a spam filter.
– Use a pop-up blocker.
– Do your research and check if a website or contact is legit.
– Never insert a USB into your device unless you know and trust exactly who it is from.
– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.
Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].
Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com