Player Safety: Phishing
Written By: -Grogu, Hartlam & ChristianM.0498 / Graphics By: Anna.Marie97
Introduction –
What is Phishing?
No lake, river, or body of water is needed for this type of phishing, but there are bait and hooks involved. Phishing is described as a fraudulent email or link from a reputable source that is opened or clicked by a potential victim, resulting in potential malware or ransomware. Successful attacks can compromise passwords, credit card information, banking information, or in even more severe cases – your identity.
Even in Habbo, you are at risk of falling victim to phishing; however, luckily, there are several techniques you can use to spot suspicious emails or links sent to you. Find some examples below and observe the red flags, so you know what to consider when you find something suspicious. Stick around a little bit, and you can also learn how to enable 2FA or MFA to provide an additional layer of protection to your account(s).
How might phishing look in Habbo terms?
Phishing is usually successful when the attacker makes their email seem as real as possible so that the reader doesn’t realize what they are looking at is fake and unsafe. For example, in May 2020, Habbo addressed an account security warning due to an email appearing to be spoofed as Habbo Hotel asking users to send their email addresses and sometimes payment to reset their passwords. People who fell victim had their accounts immediately compromised and their personal information stolen.
As Habbo says it themselves, “If another Habbo asks you for account information like this, they are almost certainly trying to hack you.”. Always view messages from any source with caution and consider things like the sender’s domain (xyz@company.com) and the urgency of the message. Later in this article, we will show some potential red flags to be aware of to protect yourself.
Another common phishing attempt was users receiving a link from a known friend on their friends list, telling them that they won a “Habbo Idol” and to go to a link to claim their prize. Users who fell victim also had their accounts compromised, and the chain continued with the hackers posing as them to their friends, and so on.
Never, ever give any account information out to anyone, ever. – Habbo Staff
Here are a few top tips for spotting fake emails and messages:
1. It’s from an email address/account that you don’t recognize.
Sometimes, companies use scrambled email addresses to send confirmations, but stay wary; does the email address look strange to you? If so, proceed with caution.
2. The email/message does not address you by name.
Scammers tend to collect your email address from databases that have been breached. As such, their phishing attempts will often not address you by name. Remember, companies you receive emails from have your account name or real name as you provided when you signed up to the service. Legitimate emails and messages will ALWAYS be addressed to you personally.
3. Misspellings, poor syntax, poor grammar or odd language.
More often than not, phishing emails or messages will include a plethora of grammatical and spelling errors. Read the message over again and out loud. Does it sound strange when you say it out loud? Scammers will often use poor syntax in their messages; that is, words arranged incorrectly in a sentence, which in turn makes it sound unnatural.
4. It is an urgent matter that requires your immediate attention.
For example, “Your account has been compromised!”, “Update your account details now”, or “Click the link to change your password”. Phishing emails and messages will often give you a situation that needs your immediate attention, and will attempt to feed off of your panic and subsequent ignorance of safety procedures. NEVER click links in emails – if you are being asked to update your account details, open up a new tab and go directly to the website, log in and change them there. Stay calm, remember to check the message properly and do not act irrationally through fear.
It is requesting you perform the action immediately, no time to consider.
5. The message contains a prize that you never entered for/seems too good to be true.
The golden rule when dealing with scam messages and emails is this; if it seems too good to be true, it is. Under no circumstances should you follow links for ‘prizes’ you’ve won, ‘free NFT’ or ‘free HC’, to name a few examples.
Notice the enticing “gift” along with even more if you just simply click a link.
6. Consider context.
Did you just reset your password on your account and have received an email asking you to click a link to confirm the reset? Have you cross-referenced all of our previous tips and they all check out? In this circumstance, you are free to click the link provided in the email. Always consider context; did you just perform an action on your account that would warrant an email asking you to click a link, and the email itself has passed all of your checks? If it does not, do not proceed further.
We highlighted the red flag(s) in this email that was used to try and phish other Habbo players!
Two-Factor Authentication
So, as you can see, phishing is an unfortunate risk that comes with spending time online and being able to tell the warning signs of when a link, email or website is fraudulent is a very important skill for you to have. However, we’re all human and mistakes can happen, especially as the risks online become more and more advanced with new and developing technology. Thankfully, there are always extra steps that players can take to add extra lines of defense to their online security! On top of knowing how to identify phishing attempts, it is highly recommended and encouraged that players online strengthen their account security – one easy way to do this is to enable Two Factor Authentication (2FA).
2FA acts as a second shield of protection on your account, on top of your email and password. If a scammer or hacker was able to get hold of your password, having 2FA would be very helpful in making sure they couldn’t get into the account. 2FA does this by double checking you want to log in by asking you to enter a separate code so that the password alone is no longer as useful to the hacker/scammer – on Habbo, it will ask you to provide the aforementioned authenticator code if you log in from a different location, making it a very effective tool of protection.
A detailed explanation of how 2FA works, as well as step-by-step instructions on how to set it up on Habbo, can be found on HabboDefense’s Player Safety: 2FA article – found HERE.
Conclusion and Summary
We hope that you can now identify some common aspects of phishing messages and emails and that you learned something valuable from this article. With the ever-evolving landscape of the Internet, online criminals are also developing the ways in which they commit their crimes. Remember – stay vigilant, stay calm, NEVER take a message at face value and always ensure your account is properly protected. Below, you can find further resources on phishing and the risks:
– https://help.habbo.com/hc/en-us/articles/360011619259-About-Scamming
Habbo’s own article on scams and phishing.
– https://www.phishing.org/what-is-phishing
Phishing.org, a website dedicated to the education of phishing and its common techniques.
– https://www.ncsc.gov.uk/collection/phishing-scams
An article from the National Cyber Security Centre, a UK-based government organization.
