Console release is prime target for cybercriminals
Cyber-crooks are taking advantage of the highly anticipated PlayStation 5 launch through a series of phishing attempts, a study has revealed.
Researchers from Kaspersky detected 130 separate phishing websites mentioning the word ‘PlayStation’ between January and October.
The majority of these websites offered consumers the chance to pre-order the games console by either making a payment or inputting personal information.
All of the sites purported to be official PlayStation domains. Some webpages even had the console priced lower than the official retail cost, the report reads.
Other websites offered a special sale price available for the previous version of the console, the PlayStation 4, attributing the discount to the release of the new model.
‘More of a buzz’
The new console, which was released in the US on November 12 and hits shops in the UK today, appears to be attracting greater attention from fraudsters than the recent launch by its main rival, says Chris Boyd, lead intelligence analyst at Malwarebytes.
He told The Daily Swig: “The PlayStation 5 seems to be causing more of a buzz among scammers than the new Xbox.
“This is possibly because there's some major differences between the two new Xbox models, whereas the PS5 and PS5 digital edition have no difference in performance between them.”
The much-anticipated PlayStation 5 launched today (November 19) in the UK, and last week in the US
The phishing attacks are designed to steal either payment or personal information from the victim.
However, miscreants can also use today’s UK launch as a springboard to stealing login details for PlayStation users’ accounts.
Using crafted emails purporting to be from the gaming platform, cybercriminals can trick their victims into handing over their passwords – accessing their accounts and potentially locking them out.
This type of attack is typically carried out in the hope of selling on lucrative accounts or obtaining payment details.
Boyd said: “Regardless of platform, gamers should ensure all logins connected to their gaming ecosystem are solidly locked down.
“Most gaming platforms and many titles make use of two-factor authentication at a minimum, and that in combination with secured email services should address most threats.
“The PS5 itself makes use of two-step security and backup codes, via text message or authenticator app.”
He added: “New console launches are always a good time for scammers to strike, so with the new PS5 and Xbox consoles on the way, there’s never been a better time to hit the ground running and lock things down from the get-go.”
Efforts to improve the security of gaming platforms have increased in recent years, with most major vendors now offering a bug bounty program.
Earlier this year, Sony launched its public PlayStation bug bounty, offering a $50,000 minimum payout for critical flaws unearthed in the PS4 console.
Sony had already paid out bounties totalling around $174,000 since launching its private program, according to PlayStation’s bug bounty page on HackerOne.
The $50,000 reward eclipses the $20,000 ceiling for critical flaws submitted to the vulnerability disclosure programs of Sony’s two biggest rivals in the gaming console market, Nintendo and Microsoft, which this year launched a program for Xbox.
YOU MAY ALSO LIKE Capcom takes systems offline following cyber-attack