Posted on

Fortnite: Why Kids Love It and What Parents Need to Know

Fortnite: Battle Royale

 

Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend more and more time immersed in the Fortnite realm.

Why kids love it

A few hours on Fortnite and you can easily see why kids (and adults) love it. The game drops up to 100 players onto an island, where they try to find weapons to defend themselves and try to eliminate other players. The battlefield gradually shrinks, forcing players into encounters with each other until just one player remains and becomes the winner.

Even though it’s a battle, the Fortnite characters and interface are colorful and cartoon-like and there’s no blood or gore. The game itself possesses an inherent sense of humor and personality that’s lighthearted yet still competitive. The app is free to download, but players can outfit their characters (for purchase) in an array of battle fashions and any number of fun dances.

Ultimate gaming mash-up

Fortnite: Battle Royale

One reason kids love Fortnite: Battle Royale is that it’s the perfect survival mash-up of several popular media titles: The Hunger Games movie, Call of Duty video game, the first Fortnite (Fortnite: Save the World) video game, and the game PUBG (PlayerUnknownBattlegrounds). Fortnite: Battle Royale takes elements from all of these favorite storylines and game interfaces.

The game has a lot of fun attached for sure. Fortnite’s interface and hilarious character moves can be just as much fun to watch as it is to play. However, as with any other wildly popular, multi-player video game, there are some red flags families need to be aware of.

Fortnite: What to look out for

Excessive screen time. Because of the way Fortnite is structured, kids can easily burn through hours a day if left unmonitored. Some parents have reported their kids becoming Fortnite obsessed, even addictedSuggestion: Pay attention to the amount of time your kids spend playing. If your child is playing on Xbox, PlayStation, or Switch, you can turn on parental controls to limit gaming sessions. Another option, for PC, tablets, and mobile devices, is monitoring software that allows parents to set time limits for apps and websites.Fortnite: Battle Royale

Chat feature. Fortnite is a multi-player game, which means kids play against other gamers they may not know. So, Fortnite’s chat feature carries some potential safety issues such as foul language, potentially befriending an imposter, and cyberbullying. Suggestion: Talk to your child about this aspect of the game and the dangers. Spend time and sit in on a few games and listen to the banter. Then, make the best decision for your family. To turn chat off, open the Settings Menu in the top right of the main Fortnite page, go to the Audio Tab and turn it off.

In-app purchases. Fortnite is free to download but can get expensive quickly. Kids can use virtual currency (purchased via credit card) to access animations, weapons, and outfits for their characters. These items aren’t needed to win the game, but they allow a player to express his or her personality within the game, which is especially important to kids. Some parents have reported finding hundreds of dollars in unauthorized purchases on their credit cards due to Fortnite’s array of in-app purchases. Suggestion: If you know your child is passionate about Fortnite, take away the spending temptation by blocking his or her ability to make in-app purchases. Or, set a weekly limit on purchases.

Fortnite: Battle Royale

Increased anxiety/stress levels. Fortnite’s game structure is a highly-competitive, fast-moving game that renders only one winner. This means, as a solo player, the odds are stacked against you. Play Fortnite enough, and lose enough, and rage can surface. If your child is prone to anxiety or stress, Fortnite may not be the best environment. Suggestion: Monitor your child’s mood. Discuss the emotional highs and lows potentially associated with Fortnite and put some healthy parameters — that address both the types of content and time limits — around gaming habits.

Unsure about allowing your kids to play (or continue playing) Fortnite? Talk to them about it. Join in or watch your child play. Find out what your child loves about the game and if his or her demeanor changes during or after playing. Monitor the amount of time as well. Once you’ve gathered the facts as they pertain to your child, decide how much (or how little) of the Fortnite world is best for your family.

Want to connect more to digital topics that affect your family? Stop by ProtectWhatMatters.online. Also, join the digital security conversation on Facebook.

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Fortnite: Why Kids Love It and What Parents Need to Know appeared first on McAfee Blogs.

Posted on

Hacked Republican website skimmed donor credit cards for 6 months

Enlarge

A website used to fund the campaigns of Republican senators was infected with malware that for more than six months collected donors' personal information, including full names, addresses, and credit card data, a researcher said.

The storefront for the National Republican Senatorial Committee was one of about 5,900 e-commerce platforms recently found to be compromised by malicious skimming software, according to researcher and developer Willem de Groot. He said the NSRC site was infected from March 16 to October 5 by malware that sent donors' credit card data to attacker-controlled domains. One of the addresses—jquery-code[dot]su—is hosted by dataflow[dot]su, a service that provides so-called bulletproof hosting to money launderers, sellers of synthetic drugs and stolen credit card data, and other providers of illicit wares or services.

De Groot said it's not clear how many credit cards were compromised over the six months the site was infected. Based on data from TrafficEstimates, the NRSC site received about 350,000 visits per month. Assuming 1 percent of those visits involved the visitor using a credit card, that would translate to 3,500 transactions per month, or about 21,000 transactions over the time the site was compromised. Assuming a black market value of $4 to $21 per compromised card, the crooks behind the hack may have generated revenue of $600,000.

Read 4 remaining paragraphs | Comments

Posted on

Hidden Data Economy Report Exposes Price Points for Stolen Data

Intel® Security today released The Hidden Data Economy report, which provides examples of how different types of stolen data is being packaged and offering prices for each type of data. Intel Security Group’s McAfee Labs organization examined pricing for stolen credit and debit card data, bank account login credentials, stealth bank transfer services, online payment service login credentials, premium-content-service login credentials, enterprise network login credentials, hospitality loyalty account login credentials, and online auction account login credentials.

“Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behavior,” said Raj Samani, CTO for Intel Security in Europe, the Middle East, and Africa. “This ‘cybercrime-as-a-service’ marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyberattacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.”

Through years of close work with law enforcement, the McAfee Labs team has monitored websites, chat rooms, and other online platforms, communities, and marketplaces where stolen data is bought and sold. McAfee Labs cannot confirm how many of the many examples of stolen data products and services are authentic. But drawing from the organization’s work with law enforcement agencies over the years, its researchers have provided a “state of the cybercrime economy” assessment with an illustration of key types and prices of data.

Payment cards

Payment card data is perhaps the best-known data type stolen and sold. McAfee Labs researchers found a value hierarchy in how this stolen data is packaged, priced, and sold in the dark market. A basic offering includes a software-generated valid number that combines a primary account number (PAN), an expiration date, and a CVV2 number. Sellers refer to a valid number combination as a “Random.” Valid credit card number generators can be purchased or found for free online. Prices rise based on additional information that allows criminals to accomplish more things with the core data.

This includes data such as the bank account ID number, the victim’s date of birth, and information categorized as “Fullzinfo,” including the victim’s billing address, PIN number, social security number, date of birth, mother’s maiden name, and even the username and password used to access, manage, and alter the cardholder’s account online.

The following table illustrates the average credit and debit card account sales prices across regions based on the combination of information made available:

 

Package U.S. U.K. Canada Australia EU
Basic or “Random” $5-$8 $20-$25 $20-$25 $21-$25 $25-$30
With Bank ID# $15 $25 $25 $25 $30
With Date of Birth $15 $30 $30 $30 $35
With Fullzinfo $30 $35 $40 $40 $45

 

“A criminal in posession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges,” continued Samani. “Provide that criminal with extensive personal information used to verify the identity of a card holder, or even allow him to access the account and change the information, and the potential for extensive financial harm—to the individual and card issuer—goes up dramatically.”

Payment service accounts

Compromised online payment service accounts appear to vary based solely on account balance, given their limited uses and scenarios for exploit. Account login credentials for accounts containing from US$400 to $1,000 have been estimated to cost between $20 and $50, while login credentials for accounts containing from $5,000 to $8,000 range from $200 to $300.

Bank login credentials

Cybercriminals can purchase banking login credentials and services allowing them to stealthily transfer stolen funds across international borders. McAfee Labs found login credentials for a $2,200 balance account selling for $190. Bank login credentials coupled with the ability to stealthily transfer funds to U.S. banks ranged from $500 for a $6,000 account balance, to $1,200 for a $20,000 account balance. United Kingdom transfers ranged from $700 for a $10,000 account balance, to $900 for a $16,000 account balance.

Online premium content services

The report also assesses dark market prices for account login credentials to online content services such as online video streaming($0.55 to $1), premium cable channel streaming services ($7.50), premium comic book services ($0.55), and professional sports streaming ($15). These relatively low price points suggest that cybercriminals have ramped up automated theft operations to make their cybercrime business models profitable.

Loyalty, community accounts

Some online services would appear to be low value targets, but researchers found that login credentials to hotel loyalty programs and online auction accounts are offered for sale on the dark market. Apparently, these allow buyers to conduct online purchases under the guise of their victims. McAfee Labs researchers found a major hotel brand loyalty account with 100,000 points for sale for $20, and an online auction community account with high reputation marks priced at $1,400.

For more information, please read the full report: The Hidden Data Economy.

For guidance on how consumers can better protect themselves from the consequences of data breaches and the fraud and theft that follow, please visit: Consumer Blog.

 

The post Hidden Data Economy Report Exposes Price Points for Stolen Data appeared first on McAfee.

Posted on

Stolen Credit Card Numbers Easy to Buy Online

We have seen an increasing amount of articles published about the “Dark Web,” underground cybercriminal sites that are hosted on hidden servers and can be accessed only by using Tor.

One example of a Dark Web site hosted on one of these “.onion” domains was the Silk Road, a site infamous for the buying and selling of drugs, among other products and services. That site was taken down by law enforcement, and the owner was arrested.

During a recent investigation Intel Security discovered a site offering fresh dumps of stolen credit card numbers. This is nothing new, of course; these sites are available everywhere on the (visible) Internet. In this case, after we registered and were validated as a new “customer,” we saw this menu:

20150504 card 1

Several options are available. We looked first at the Sale page, where the shop offers Bitcoin discounts on credit cards that are valid for only two weeks. If we buy now, we’ll get BTC 0.9 off.

20150504 card 2

So much for “bargain shopping.” Let’s look into buying a few credit cards. The site exposes the amount of fresh dumps they have and how widespread they are, as we see in the following small selection:

20150504 card 3

Selecting the “New big base USA” option from March 2015, we find the following selection criteria:

20150504 card 4

Let’s see which cards we can buy around the Intel Security office I work in. A few seconds later, the site displays a list of credit cards that can be purchased from people who live in Beaverton, Oregon:

20150504 card 5

As an extra service, the Russian owner(s) of the website offer—for the modest fee of US$300—the option to use a private botnet to attack your competitors with a distributed denial of service. That’s a nice offer: What we could have saved on our “purchase,” we could now use to boost our business a little bit more.

Of course, we did not actually buy any credit card numbers. But the amount of fresh credit cards this service offers in the United States and rest of the world is huge. The ease of buying and paying is astonishing, all with a few anonymous mouse clicks.

Although financial institutions take antifraud measures, your credit card details could have been stolen by a breach of an online business, point-of-sale terminal malware, or a number of other ways. To defend yourselves, simply checking your monthly statements is the best way to verify your purchases for irregularities.

The post Stolen Credit Card Numbers Easy to Buy Online appeared first on McAfee.