19 April 2018
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

746Posts 2,137,493Views 62Comments

Hackers Go After Points, Credits, and Virtual Currency

20 April 2011  |  3716 views  |  0

In a previous post I discussed virtual currency, which is used to purchase virtual goods within a variety of online communities, including social networking websites, virtual worlds, and online gaming sites. These virtual dollars and virtual goods have real value.

Virtual currency includes the points customers receive from retailers, merchants, airlines, hotels, and credit card companies through loyalty reward programs. These reward points are supposedly the second most traded currency on the planet.

Gizmodo reports that hackers have targeted Microsoft points, the currency used to purchase digital goods and gift cards for the Xbox and Zune. Someone cracked the algorithm Microsoft uses to generate codes for those gift cards, and released that information online. A website was used to generate more than a million Microsoft points worth of free gift cards, as well as other Xbox items, before Microsoft was able to shut it down.

In 2009, Facebook created a virtual currency called Credits, which users spend on games and other Facebook content. Facebook has worked with fraud fighters to test and structure this currency so as to avoid attracting criminals, but as with any virtual currency, criminal activity is inevitable.

Hackers even steal carbon credits. European carbon traders were fooled by a phishing email, which allowed hackers to access the victims’ online accounts and then transfer more than $50 million in carbon credits into their own accounts. Of course, the hackers promptly resold those credits for profit.

Virtual thieves can sell stolen points in online forums or on eBay, or they can try to exchange points for rewards. However, most online retailers, social media, and gaming websites recognize the thieves’ behavior patterns when cashing in stolen points. By analyzing the history of the device being used to access a website, the website’s operator can prevent fraudulent transactions.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

The Term Identity Theft Protection is Often a Lie

06 April 2018  |  5039 views  |  0 comments | recomends Recommends 0 TagsSecurity

Use a Password Manager Or You WILL Get Hacked

19 March 2018  |  3740 views  |  0 comments | recomends Recommends 0 TagsSecurity

14 Social Media Disasters Ready to Strike

03 March 2018  |  4861 views  |  0 comments | recomends Recommends 0 TagsSecurity

Understanding and Stopping Criminal Identity Theft

23 February 2018  |  6543 views  |  0 comments | recomends Recommends 0 TagsSecurity

Top 10 Signs of a Malware Infection on Your Computer

08 February 2018  |  5228 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
739 posts62 comments

Who's commenting on Robert's posts