There has been an unprecedented rise in gaming during the last few years, with smartphones making it more popular than ever. The gaming industry is valued at $165 billion, with current estimates of over 3.4 billion players worldwide. From a handful of game developers in the early years, the industry now has many options, ranging from individual contributors to substantial gaming providers, rolling out games by the dozen.
However, this also has given an opportunity to cyber adversaries by providing them with a means to target millions of gamers.
Phishing in the Gaming Industry And The Recent FIFA 22 Incident
The recent phishing incident involved the illegal intrusion of FIFA 22 Ultimate Team’s traders at the gaming giant EA. The malicious actors infiltrated their accounts and drained them off points and in-game currency. In a press interview, EA sources stated that they have taken cognizance and are investigating the matter in earnest. They have confirmed that several accounts were compromised, and they would make their findings public.
The Method
A preliminary investigation has revealed that the breach happened at the customer service stage. Malicious actors gained access to private accounts using social engineering techniques. Though the number of affected accounts is less than fifty, it is still a concern for the organization. Phishing leaves doubts about the organization’s ability to safeguard confidential data. Exploiting human vulnerabilities through threat or mock familiarity is an old method that has been in vogue for a long time. EA is undertaking a host of remedial measures to prevent any future mishaps.
Anti-Phishing Activities
The list of remedial measures being undertaken by the gaming giant is as follows:
- All EA advisors and customer service executives who deal with consumers are re-trained. It is essential to make the frontline executives aware of the impending threats. The focus of the training is re-emphasizing the need to be careful while dealing with malicious parties and their infiltration attempts.
- Additional steps are being implemented to make the customer verification process more stringent and robust. Several reliable anti-phishing solutions and email phishing protection solutions can help prevent such phishing attacks. It is crucial not only for the gaming industry but also for each business directly dealing with consumers to safeguard data.
- EA has also reiterated that their customer service software is being upgraded to identify and handle threats better. This software will flag at-risk accounts and notify response teams to engage with malicious attempts on priority. One of the downsides of such upgradation is the increased wait time, which, as per EA, will be helpful for all the stakeholders in the long run.
There is also a warning from the gaming giant. It says that such adverse cyber incidents are not random, and adversaries will keep attempting to intrude further into their system once in a while. They have asked for greater vigilance with better techniques and awareness in place.
The Gaming Industry and Phishing
While the EA sports phishing attack has been one of the biggest in recent years, the industry has been plagued by such incidents over the years. According to Akamai, the gaming industry has been the biggest victim of phishing attacks. It stated that since 2018, there had been an increase of 415% in web application attacks on the gaming attacks. The number stood at 240 million attacks in 2020. Gamers have been at the brunt of such attacks through credential stuffing or stealing.
A Lesson For Other Industries
While this is the latest attempt on a gaming organization, such malicious incidents have a lesson for everyone. Malicious actors do not identify organizations and are merely after valuable data, such as customer information. This data is then sold on the dark web. To protect their interests, organizations should be following the below-listed precautions and safeguards:
Installation of Protective Software
Some of the best phishing protection software may not cost a lot of money. The market has many anti-phishing solutions, and organizations must upgrade their systems regularly. IT Security is no more an extension for IT Hardware and System Maintenance. It is a specialized domain and needs to be handled by experts.
Removal of Legacy Hardware and Software
This is in addition to installing state-of-the-art solutions to prevent attacks like phishing. Legacy software and hardware cannot handle new-age threats, and the latest security patches are primarily incompatible with them.
Email Phishing Protection
Most phishing attempts are made through plain-looking emails. It drives curiosity, forcing the victim to visit sites that dupe them. The best answer to stopping phishing emails is to install anti-phishing solutions for emails. Such control measures prevent malicious emails from entering the inbox and direct them to the trash bin. They also flag potential threats as and when they appear.
Training
Perhaps the most crucial aspect of the anti-phishing drive is training. Employees need to be aware of the threats phishing poses to the organization and the various methods used by the adversaries to gain illegal entry. Network security sans situational awareness is a half-baked attempt to counter the menace. Organizations have to spend adequate resources to update their security posture to prevent any malicious effort that can occur at any time.
Final Words
The gaming industry has shown an extraordinary rise over the past two decades; however, so have the phishing attacks on this sector. Numerous organizations before EA games have fallen victim to such attacks, one of the foremost perils of the 21st century. The FIFA 22 incident at EA has lessons for everyone in the gaming industry and even other sectors. Therefore, every organization has to be alert and maintain the most robust safeguards to ensure the confidentiality, integrity, and availability of the valuable data in their possession.