PlayStation users are being warned that scammers are disguising themselves as The Elder Scrolls Online developers in a bid to trick players into disclosing their login credentials.
The crooks are targeting PlayStation users via private messages that state their account will be banned if login credentials are not provided within 15 minutes.
PlayStation Phishing Scam
The warning reads “We have noticed some unusual activity involving this account. To be sure you are the rightful owner, we require you to respond to this alert with the following Account Information so that you may be verified.”
The message aims to create a sense of urgency by stating “Under the current circumstances, you have 15 minutes from opening this alert to respond with the required information. Failure to do so will result in an immediate Account Ban, permanently losing online access to our servers on all platforms.”
Elder Scrolls Online is a high fantasy role-playing game that was developed by ZeniMax Online Studios. It was released in 2012 and has since accumulated 13.5 million players across PC, Xbox One, and PlayStation 4.
Prime Target for Phishing
Due to its popularity, the multiplayer game is a prime target for cybercriminals who are often motivated to steal in-game goods which they can later sell on the Dark Web for real currency. With more and more games incorporating real money trading and in-game purchases, online gaming fraud has shown a significant increase in recent years. In fact, The ThreatMetrix Gaming and Gambling Cybercrime Report reveals that roughly one in every 20 new accounts created with an online gaming site is connected to a fraudster.
Despite some minor grammatical mistakes, this phishing scam is particularly convincing and sophisticated in comparison to other gaming-related phishing campaigns which often contain obvious red flags such as spelling errors and poor grammar.
Buyer Beware Market
A statement from ZeniMax Online Studios said: “The player market in The Elder Scrolls Online is a ‘buyer beware market’, and we are unable to provide any compensation or reimbursement for a trade or mail scam that occurred in-game.
Scamming is a violation of the Terms of Service, and we treat any reports of scamming very seriously. To protect individual privacy, we do not disclose the outcome of our investigations, and all disciplinary actions taken in-game and on the forums are private.”
Identifying a Phishing Scam
With these types of scams becoming increasingly popular, users should remember the following tips to stay safe:
- If there is an issue with your account, a company will either contact you directly via email from their company domain or via their web site.
- Any messages you receive on a console gaming service should be ignored, especially if they ask for your password, which a company will never do.
- Always use 2-factor authentication (2FA) on your accounts for added protection.
- Check the URL of your gaming site and only enter your credentials on authentic websites.
- Guard your devices with spam filters, antivirus software, and a firewall.
Identifying a phishing scam has become a lot harder than it used to be as criminals have become more advanced and deceptive in their attack methods. MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Contact us for further information on how we can help protect your business.