12 December 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,049,775Views 62Comments

Hackers Go After Points, Credits, and Virtual Currency

20 April 2011  |  3647 views  |  0

In a previous post I discussed virtual currency, which is used to purchase virtual goods within a variety of online communities, including social networking websites, virtual worlds, and online gaming sites. These virtual dollars and virtual goods have real value.

Virtual currency includes the points customers receive from retailers, merchants, airlines, hotels, and credit card companies through loyalty reward programs. These reward points are supposedly the second most traded currency on the planet.

Gizmodo reports that hackers have targeted Microsoft points, the currency used to purchase digital goods and gift cards for the Xbox and Zune. Someone cracked the algorithm Microsoft uses to generate codes for those gift cards, and released that information online. A website was used to generate more than a million Microsoft points worth of free gift cards, as well as other Xbox items, before Microsoft was able to shut it down.

In 2009, Facebook created a virtual currency called Credits, which users spend on games and other Facebook content. Facebook has worked with fraud fighters to test and structure this currency so as to avoid attracting criminals, but as with any virtual currency, criminal activity is inevitable.

Hackers even steal carbon credits. European carbon traders were fooled by a phishing email, which allowed hackers to access the victims’ online accounts and then transfer more than $50 million in carbon credits into their own accounts. Of course, the hackers promptly resold those credits for profit.

Virtual thieves can sell stolen points in online forums or on eBay, or they can try to exchange points for rewards. However, most online retailers, social media, and gaming websites recognize the thieves’ behavior patterns when cashing in stolen points. By analyzing the history of the device being used to access a website, the website’s operator can prevent fraudulent transactions.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6216 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6800 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5406 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5778 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5245 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan