The number of unique users targeted by cybercriminals using popular children’s games as a lure surged by 30 percent in the first six months of 2024 compared to H2 2023, according to Kaspersky experts. Researchers analyzed gaming risks for young players, and discovered that more than 132,000 users had been targeted by cybercriminals. More details can be found in the latest Kaspersky report on cybercrimes targeting young gamers.
The most exploited children’s games
Kaspersky looked into the threats disguised as popular kids’ video games and analyzed the period from July 1, 2023, to June 30, 2024. Throughout the reported period, Kaspersky security solutions detected more than 6.6 million attempted attacks, where cybercriminals used the brands of the kids’ games as a lure.
Out of the 18 games chosen for this research, the majority of attacks were related to Minecraft, Roblox, and Among Us. According to Kaspersky’s statistics, more than 3 million attempted attacks under the guise of Minecraft were launched throughout the reported period. Most likely, cybercriminals chose this method of attack based on the popularity of games among players, as well as the ability of gamers to use cheats and mods. Since the majority of mods and cheats are distributed on third-party websites, attackers disguise malware by posing as these applications.
Kaspersky experts believe that the higher success rates detected in 2024 can be explained by the trends observed in the recent developments of the general cyberthreat landscape. On the one hand, following popular trends, cybercriminals launch more cunning attacks, exploiting the current agenda and crafting less obvious schemes, instead of using generic attacks.
On the other hand, cybercriminals are increasingly using AI to automate and personalize phishing attacks that are more likely to deceive young gamers. At the same time, new advanced phishing kits — pre-made templates of phishing pages — created with automated tools consistently appear on the dark web, allowing an increasing number of attackers to deploy highly effective phishing sites that mimic popular gaming platforms.
Scams on children’s favorite games
One of the most common scams in gaming is the offer to receive new skins for your character — essentially clothing or armor— that enhance the hero's skills. Some skins are common, while others are extremely rare and, therefore, more desirable.
Kaspersky experts have found an example of a scam that uses both the name of popular game Valorant and that of the world-famous YouTuber Mr. Beast. By selecting this blogger and using his photo, the fraudsters aim to capture children's attention and hook them into their fraudulent scam. To receive the desired Mr. Beast skin, young users are asked to enter their login and password for their gaming account, enabling their credentials to be potentially stolen by scammers as a result.
The image of Mr. Beast is used as a lure to make kids follow the fraudulent scheme
Another popular trap is the offer of receiving in-game currency. In one of the discovered scams exploiting the Pokémon GO brand, users are asked to enter the username for their gaming account. Next, they’re asked to take a survey to prove they’re not a bot.
Once the survey is complete, they are redirected to a fake website, usually one promising free prizes or giveaways. This is where the real scam kicks in. The scammers aren’t actually after personal data like credit card details; they’re using the guise of gaming to lure users into another hoax—one involving fake downloads, prize claims, or other deceptive offers. The whole process is a clever way to redirect users to a different, more dangerous scam under the pretense of a legitimate verification step.
Scam exploiting the brand of Pokémon GO
“Throughout our research, we see attacks on children are becoming a common vector of cybercriminals’ activities. That’s why cyber hygiene education and the use of trusted cybersecurity solutions are a ’must-have’ in building children’s safety in the online environment. By fostering their critical thinking, responsible online behavior, and a strong understanding of the risks, we can create a safer and more positive online experience for this generation of digital natives,” comments Vasily M. Kolesnikov, security expert at Kaspersky.
The full report on threats targeting young gamers is available on KDaily.
To keep your kids safe online, Kaspersky recommends users follow these guidelines:
- It’s crucial for parents to have open communication with their children about the potential risks they may encounter online and enforce strict guidelines to ensure their safety.
- Help your child choose a unique password and aim to change it periodically.
- Set clear ground rules about what they can and can’t do online and explain why you have put them in place. You need to review these as your child gets older.
- To help parents introduce their children to cybersecurity amidst the evolving threat landscape, Kaspersky experts have developed the Kaspersky Cybersecurity Alphabet with key concepts from the cybersecurity industry. In this book, your kids will get to know new technologies, learn the main cyber hygiene rules, find out how to avoid online threats, and recognize fraudsters’ tricks.
- With dedicated apps for digital parenting such as Kaspersky Safe Kids, parents can effectively safeguard their children across both online and offline spaces. These apps help adults ensure a safe and positive digital experience for little ones by establishing healthy habits, protecting them from inappropriate content, balancing screen time and monitoring children’s physical location.
- To protect your child from downloading any malicious files during their gaming experience, we advise you to install a trusted security solution on their device. It works smoothly with Steam and other gaming services.