Are our children the new pigeons of the web? According to a report published in early March by the Russian company Kaspersky, specializing in cybersecurity, video games and online platforms such as Minecraft, Roblox and Fortnite, which brew tens of millions of users daily, are particularly targeted by hackers. 7 million attacks related to popular children’s games were detected in 2022, an increase of 57% compared to 2021 according to experts.
A significant figure, but which does not however take into account all the scams commonly practiced in these games, estimates Bruno Vétel, lecturer in information and communication sciences at the University of Poitiers, specialist in socioeconomics. online games. For the researcher, if young players are generally targeted because of their lack of experience in the field, they gradually acquire the skills necessary to avoid being fooled.
Does this figure of 7 million attacks surprise you? Do you think the study conducted is reliable?
Kaspersky is a very reputable company in the world of computer security, but it is Russian… and it has already been criticized for problems with information leaks. Since the war in Ukraine, many companies have decided to stop using its (antivirus) software, like the US Department of Defense. One of the problems with this study is above all that it is carried out by a company that sells a solution to respond to the problem that it points to itself. It’s not very objective.
Kaspersky has intrusion detection databases uploaded by its antivirus but it is judge and judged since it decides itself on the definition of an intrusion. The figure mentioned of 7 million scams is therefore ultimately not huge because its definition of a scam focused on hacking accounts of video game customers is, in my opinion, quite restrictive. For example, the question of scams between players during resales “ingames” – that is to say during the game in the game – goes completely under the radar. Concretely, the characters’ rare equipment can be sold to other players for in-game money which can then be converted into real money via illegal or gray area platforms.
These parallel economies are based on what is called “gold farming”.
Yes, it really is the basis of a very insecure secondary market for customers. It mobilizes people from countries with unskilled and inexpensive labour. The latter are paid to play and accumulate as many items or in-game currency as possible and then resell them on these brokerage platforms to players who feel they do not have enough time to collect them themselves. In Western countries, underage players can also make pocket money with gold farming. The fight of companies against these practices is sometimes quite weak because this system contributes to the proper functioning of the internal economy of certain games.
How are video games and platforms aimed at children and adolescents conducive to scams?
We usually only learn to protect ourselves once we’ve been fooled. This also explains why there are massive online scam techniques, which try to reach as many potential victims as possible. You have to catch “novices”, people who are not suspicious, and the more people you solicit, the more likely you are that the pigeons will take the bait. This is a characteristic feature of online scams.
The techniques described by Kaspersky are rather phishing techniques, that is to say that we create software that reproduces the website or the video game and then asks the user for his password or his identifiers. The goal is to find a way to connect to the player’s real account and use it to resell their content for real money.
If the young age of the users is to be taken into account, I noticed while working on Dofus that there was also a question of social class. Players from more popular backgrounds were ripped off at older ages than young people from the middle or upper classes. Because the skills necessary to avoid being tricked online are often acquired in the family and school environment, in particular through exams, the assimilation of errors and school failures, the development of reflexivity vis-à-vis one’s own experiences and behavior of others. All of this develops gradually during adolescence. However, when we are a little better equipped in terms of cultural and social capital, we generally develop these skills a little more quickly.
Are the risks for children not exacerbated by the fact that there is more and more real money circulating in online games?
The risk is different. Before, there was a sequence where you paid and then another where you played, like the arcade game at the carnival. And little by little, the service fragmented via online games, monthly subscription systems and then monetization systems within games. We have moved the times of payment, they are more and more frequent during the play activity and for lower and lower amounts. We pay little but very often. This increases the risk of scams when the design of these monetization slots is not well designed, it is more difficult for the player to differentiate them from other forms of cheating.
We see that in the most fashionable online games, the priorities have been reversed: “game design” – the process of creating and fine-tuning the rules and other constituent elements of a game -, which favored fun becomes secondary to the benefit of the “business model” which guarantees maximum profits.
What should parents tell their children to prevent them from being tricked?
In terms of phishing, apart from the youth of customers of video game services, there is not really anything specific to online games. This is pure and simple phishing. In addition to installing an antivirus, we must therefore try to make players aware of the importance of passwords and tell them to be wary of interfaces that resemble those of the official games but which are not accessed via the same journey. For example, younger kids are often tricked into typing the name of their game into a search engine and clicking on the first link that appears. However, if the scammers are clever, they create a copy of the site in question and pay for it to be at the top of the referencing.
Afterwards, the children must also learn to be fooled in order to develop skills that will allow them not to relive the experience. It remains to be seen where we put the risk exposure cursor. Regarding scams during merchant exchanges within games, the companies that supply the games normally have much more means of action to regulate. They can change the design of microtransaction interfaces to prevent them from being hijacked.
They also offer monitoring tools that allow the customer to do the policing himself. It’s a somewhat pernicious logic, which empowers the players while the basic problem is linked to the design of the service which is intended to be both fun and commercial. Adults run the risk of losing interest in their child’s hobby. They often make the mistake of considering these games either as childish pastimes or as complex technological devices to understand. Rather, they should be understood as commercial and social devices like so many others, halfway between carnivals and casinos, where you can come across cheaters.