The online gaming industry has seen rapid growth since the COVID-19 lockdowns began. However, with more and more players and new platforms entering the space, we are seeing an increase in the threats and scams that target a new generation of metaverse players.
Given the adolescent nature of the metaverse, bad actors have been quick to exploit budding companies and communities to dupe consumers. With the metaverse still a niche community — one that has yet to see vast, mainstream interaction — fraudsters have regularly turned to social media to impersonate CEOs and other critical C-suite executives.
The effect? A sharp decline in consumer trust in online gaming platforms and brands. In fact, a Coda Labs' survey of nearly 7,000 respondents showed that 41% are concerned with scams related to crypto gaming.
Amid the growing distrust compounded by the FTX scandal and subsequent crypto crash, companies have a long road ahead to rebuild the trust of players interested in nonfungible tokens (NFTs) and the buying and selling of digital assets.
Along with the move toward Web3 and decentralized platforms that live on the blockchain, companies must look at new ways to proactively monitor and detect threats while removing bad actors to create a safe environment for gamers and protect the integrity of the ecosystem.
Trust or Trap?
From phishing attacks to trademark infringements, threats can originate from anywhere in the world, and even the most prominent gaming companies are vulnerable.
For example, take the 2021 hack of gaming giant Electronic Arts (EA), which resulted in the theft of more than 780GB of valuable information — data hackers then tried to sell.
But it's not just data breaches among gaming publishers themselves. Cybercriminals are taking to social media platforms and community-oriented platforms like Discord to target users. Recently, Axie Infinity's Discord community was compromised, with hackers hijacking a Discord bot that automates roles and messages across an array of crypto projects.
Shortly after, the compromised bot announced a surprise mint — something developers indicated they would never announce. This breach came on the heels of a $650 million heist of the company's Ronin Bridge — an Ethereum sidechain built for Axie Infinity.
Fortunately, developers quickly caught on, successfully removed the bot, and reassured the community. Without adequate security and moderation, this hack could have resulted in users being redirected to illegitimate websites — translating to lost money for both the brand and the user, as well as a persistent negative impact on the brand's reputation.
Six Easy Steps to Prevent Gaming Fraud
As the online gaming industry continues to battle an unprecedented amount of imposters and online threats, it's more important than ever for companies to take action. To protect player safety and mitigate vulnerabilities, here are six helpful steps I'd recommend:
- Turn your attention to relevant social media and gaming platforms. Your security efforts should start here: Without an adequate understanding of where your users are being targeted, it's nearly impossible to properly protect your brand's reputation or your customers' personal information.
- Shorten your TTD (time-to-detect) and TTR (time-to-remediate). Threats should be prioritized with immediate takedowns, as the impact of breaches may be immediately consequential.
- Monitor social media for CEO and other C-suite executive impersonations. Often observed across social media platforms, these threats can quickly erode consumer trust in your brand and be used for malicious scams if not swiftly handled.
- Protect your company's data. Your data retention policies should require the deletion or de-identification of data after a specified period of time. It is also helpful to foster a company culture that values data on a need-to-know basis, meaning only relevant employees or teams can access and utilize sensitive data.
- Enlist enforcement experts on your cybersecurity team. These experts can analyze online threats and determine the most effective solutions for your company. Additionally, consider anti-phishing solutions that detect website duplication and impersonating websites, among other features.
- Create a digital threat map that puts you in control. These maps can be used to check connections between entities in the digital sphere to help you connect the dots and understand where you should focus ongoing security efforts.
From fake promo codes shared across social media to typosquatting websites and hacks involving paid ads to introduce malware, the growing arsenal of tools that cybercriminals can take advantage of grows ever more sophisticated.
The good news is that technology to launch counterattacks and take proactive measures has become more affordable and accessible than ever, but companies and players alike must stay vigilant.
For gaming in the metaverse to reach its full potential, platforms need to earn the players' trust. Until that degree of confidence is established and maintained, a platform's credibility can easily be eroded by scammers and unsuspecting gamers who fall victim to their attacks.