RSA CONFERENCE 2019 – San Francisco – Children under the age of 12 who play video games have become a prime target for cybercriminals, who are taking advantage of the kids' naivete and susceptibility to influence, according to a new report by Rubica.
Rubica CEO Frances Dewing, who will discuss the report at an RSA session Wednesday afternoon, says parents should look out for free gaming apps, which almost always contain advertisements and in-app purchase or upgrade options.
"An adult consumer expects to be advertised to when using an otherwise free service," Dewing says. "Using advertising or in-app purchasing as a revenue method is a socially accepted practice. However, the problem with free apps targeting children is that studies have proven that children are often unaware that what they are watching or interacting with is an advertisement."
The major app stores do not contain safety ratings that factor in advertising practices or guidelines for parents, guardians, or educators, Dewing adds.
"More concerning in a game or app made for young children is the prevalence of deceptive and inappropriate tactics," Dewing explains. "It's not uncommon for kids' apps to contain aggressive prompts to download other apps that may be age-inappropriate or unlock gates for cybercriminals to access everything from emails to banking apps."
Dewing says there have been numerous cases in which wealthy individuals have lost hundreds of thousands of dollars in hacking cases involving children and video games, though such cases typically do not make the news.
Michael Bruemmer, vice president of consumer protection at Experian, says preying on young children playing video games has become a perfect storm around three trends: the lack of awareness of the children; the exploding world of downloads and apps kids have access to without proper adult supervision; and the unblemished identities of the children.
Threat actors steal the identities of young children to pose as adults and set up fraudulent credit cards and bank accounts.
"There was a case I heard of in which a woman who worked from home had her children download games onto her work computer, only to find out that a bad threat actor had injected keylogging software that stole user name and password information," Bruemmer says. "When the woman planned to make a wire transfer of $28,000, the bad threat actor posed as one of the kids in an email and had the exchange diverted. Fortunately, two-factor authentication software used by the broker intercepted the wire exchange and the fraudulent wire transfer was stopped."
As part of the Rubica study, the company evaluated the top 20 free kids apps on the iTunes and Google Play app stores. A recent Experian report also discusses cyberthreats to the online gaming industry.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.