Scam of the Week – Millions of League of Legends Gamers Targeted with Phishing Scam

November 1, 2018 10:13 am Geraldine Strawbridge

Players of the global smash hit ‘League of Legends’ have been targeted with a phishing scam designed to steal their login details.

With more than one hundred million players worldwide, the game has been voted the most popular video game in the world and has attracted the attention of cybercriminals who are keen to take advantage of this mass market.

Published by Riot Games in 2009, League of Legends is an online multiplayer battle arena where players from all over the world battle each other using in-game champions.

To dupe has many people as they can into falling for their scam, the criminals have sent users an email with a link to an authentic looking login page which is almost identical to the real site. The branding, layout and image quality have all been replicated, however the site is just a fake phishing website set up to harvest user login details.

The fraudsters know the vast majority of people will tend to use the same login details and passwords for multiple online accounts, so if they manage to obtain the details for one, they have free reign to break into them all.

Image: Fake Login site

Source: Security Boulevard

Despite the credible looking appearance, upon closer inspection there are a number of red flags that should set off alarm bells. On the bottom right hand side of the page, the website is listed as being hosted by a free provider – 000webhost.  A renowned company such as Riot Games would never use free hosting for their online games.

There are also elements of the site that are not functioning properly. The ‘remember me’ box cannot be ticked, and the region is stuck on ‘EU West’ and cannot be changed. Users should always be highly suspicious if key elements of a webpage are not working.

Another way the cyber crooks will try to avoid detection is by sticking as closely as they can to the official spelling of a site. Instead of the official ‘leagueoflegends.com’, the criminals have changed the URL to ‘league0flegendsIII’. This clumsy respelling of the address should alert users that all is not as it seems.

The fraudsters also hope that when users see a green padlock in the search bar, they will automatically assume the site is trustworthy. Unfortunately, this just means that the website is encrypted and cannot be accessed by third parties. The host could still misuse the data transmitted to the website.

Riot Games commented on the latest scam to hit its customers: “Although identity theft is one of the oldest crimes on the Internet, there are still people who don’t know how it works. It’s as simple as someone sending you a false message that draws your attention and using it to steal your data without you knowing it.

“Under no circumstance will any Riot staff member ever request your information or contact you directly through the client, the game or a social network. If Riot wishes to contact you, it will send a message to the email address you linked to your game account when registering.

“Always remember that the only official way to purchase RP is through the in game store or with the pre-paid cards sold at stores and cybercafes.”

To protect yourself against these types of online scams, you should always double check the validity of a URL, never click on links or download attachments from unknown sources, pay close attention to any spelling or grammatical errors, and if something doesn’t seem right about a site then you should leave immediately.

If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, then get in touch for further information on how we can help protect your business.