PlayStation Users Suffering Social Engineering Attacks
- By Ginger Hill
- Mar 19, 2015
The last big digital attack of the PlayStation Network was in December 2014, when the Lizard Squad brought down the entire network. Since then, numerous PlayStation accounts have been subject to social engineering attacks, some of which have cost users hundreds of dollars to be fraudulently charged to their credit cards.
In one such case, a user found himself locked out of his PlayStation account. He contacted Sony customer service and the agent told him that his gaming account had been switched to another PlayStation located in Europe. Quickly remembering that he had connected his credit card to his PlayStation account, he contacted his credit card company only to discover that $570 of extra points in FIFA ’15 (points used for in-game purchases) had been billed to his card.
It seems that the attackers have been gaining access to accounts by impersonating the account owner during a customer service call, which doesn’t seem all that difficult since Sony customer service only requires the person’s name, email and PSN username before adding another console to the account. Besides lax company policies, due to Sony suffering a major data breach in 2011 that leaked information on approximately 77 million accounts, there’s reason to believe that some of this data is still available on the Internet, like names, usernames and emails. This is the perfect information to successfully execute a social engineering attack.
Victims are finding themselves stuck with bills for stolen goods while Sony’s platform still does not support two-factor authentication, which would enable users to take proactive action to further secure their accounts.
Image: charnsitr / Shutterstock.com
Ginger Hill is Group Social Media Manager.