Hackers Target Fortnite with V-Buck Scams

Hackers Target Fortnite with V-Buck Scams

According to new research released by ZeroFOX, Fortnite has become a hotbed for scammers targeting the in-game currency of the popular online game. Between early September and early October, ZeroFOX generated more than 53,000 alerts related to Fortnite scams, of which 86% came from social media and 11% from web domains, according to today’s blog post.

Fortnite is free to play, which ZeroFOX said is a driving force for many gamers; however, players can make in-game purchases with the game’s V-Buck currency. Despite each individual transaction only costing a few dollars, Fortnite is reportedly making an estimated $300 million a month on in-game purchases, making this an increasingly attractive target for scammers, who are looking to trick users into getting their V-Bucks on the cheap or even for free. Of the games estimated 43 million players, all of whom are required to be at least 12 years old, many are falling victim to the scams, according to the research.

While the V-Bucks are only available through Fortnite, scammers have reportedly crafted fraudulent coupon sites and “V-Buck generators” to trick players into sharing personal information that includes their game credentials, credit card information and home addresses, said ZeroFOX.

“Games with a microeconomy, especially Fortnite, are prime targets for attackers to leverage their security attacks, scams and spam against,” said Zack Allen, director of threat operations at ZeroFOX. “These economies are a great way to make money without attracting too much attention to yourself because of the lack of regulation and the nuances of the economy (try describing a 'V-Buck' to any local law enforcement officer, you most likely will get a blank stare).

“Due to the professionalism of these sites and the relative ease it takes to make a new website, players should be especially aware because a scam can turn into something malicious quickly. Surrendering your username and password in a phishing attack or downloading and executing malware are not out of reach in terms of probability for these websites.”

Source: Information Security Magazine