Here is what happened:
A thirteen year old (let’s call him Todd) was hooked on playing a hugely popular online game. The parents knew what the game was and did their due diligence to make sure it was appropriate for their son. The game was rated for ages 13 and older, so they allowed him to download it and play. However, the parents were not aware that there are certain parental controls that could be enabled to make their son’s gaming experience safer. They could set permissions to manage Todd’s online social interactions.
Unbeknownst to them, Todd enabled the chat feature which would allow him to engage with other players. Todd set the chat feature to Everyone – which allowed him to voice chat with any player.
One of the players (let’s call her Mary) began chatting with Todd and over time, established a level of trust with Todd.
The impact:
Todd was happily playing his favorite online game and engaging with his new friend Mary.
Everything seemed great – until Mary convinced Todd to reveal certain sensitive data. Mary then threatened to exploit the sensitive data unless he paid her a ransom.
Because of our trusted relationship with our clients, we were called in immediately. We advised that this is a frequent scam, to stop all communications with the fraudster, Mary; NOT to pay the ransom; and, to change/remove, where feasible, any sensitive data that was revealed to Mary. We continued to monitor for any posting or mentions of such sensitive data.
Lessons learned are:
● In this digital era, one cannot rely solely on a games rating to determine suitability for children.
● Make sure that the games you approve, allow the parents to restrict certain features.
● Build an environment with your entire family of a safe haven to communicate as quickly as possible when these types of events occur. Because of the timeliness of calling us in, we were able to limit the damage that was sure to continue. We also put in place mitigation steps to detect and respond if Mary continued to pursue the scam.
