Riot Games, the developer behind League of Legends, has filed a California lawsuit against scammers, whose identities aren’t yet known, for ripping off job seekers with the promise of a gig with the company.
Usually early in their careers and eager for a chance with a gaming company like Riot, job hunters are either targeted by a cybercriminal posing as a recruiter or with fake ads on popular employment sites like Indeed, Riot’s filing explained.
This email submitted as part of Riot’s lawsuit includes a fake listing for a video game artist/illustrator.
Then, the applicant is run through an imaginary interview process with questions that seem legit, like, “Why do you want to work at Riot Games?” and, “Honestly describe what kind of working conditions you thrive in.”
The interview would often be conducted by chat and followed by a quick job offer.
To make things extra convincing, the fraudsters used contacts and other communications doctored-up with Riot branding, including convincing looking employment contracts.
After the interview, there’s just one step left for the interviewee — they are asked to send money for “work equipment” like an iPad, which the interviewer assures the new hire will be refunded. Spoiler: they aren’t going to be.
Riot included copies of checks sent to the fraudsters by victims in its complaint, ranging from $2,400 to $4,300.
Riot wasn’t the only prominent gaming company used to lure in victims, Polygon reportedly heard from people approached by fake representatives of Rockstar Games and Manticore Games, according to its report.
“[The scam] is absolutely appalling,” Riot’s lawyers wrote in the complaint. “Their victims largely are young, naïve, and want nothing more than to work for Riot, one of the most prestigious video-game companies in the world. Defendants prey on the hopes and dreams of these individuals in order to steal their identities and pillage their bank accounts.”
Riot Games representatives said in an interview with Polygon that the company isn’t exactly sure how many people have already been victimized by the phishing campaign.
Gamers and ‘Dynamite Phishing’
Phishing lure themes are fickle, and ebb and flow with the latest headlines. COVID-19, Chipotle offers, easy infrastructure legislation money, and now, dream gaming jobs, are all bait intended to illicit an emotional reaction and make otherwise rational people take action without thinking it through.
Last summer, the Threat Intelligence Team at GreatHorn discovered a rise in business email compromise (BEC) attacks that sent X-rated material to people at work to try and trigger an emotional response, something the report called “dynamite phishing.”
“It doesn’t always involve explicit material, but the goal is to put the user off balance, frightened – any excited emotional state – to decrease the brain’s ability to make rational decisions,” according to the report.
A fantasy job at a huge gaming company could certainly trigger a highly emotional response in the right person.
This fake gaming company job scam leverages both the co-called Great Resignation of 2021, which saw record-breaking numbers of workers looking for better gigs, as well as the pandemic push to work-from-home. Now a call from a personal cell phone number, or a Zoom interview in someone’s kitchen, doesn’t seem all that unusual and fraudsters are taking advantage.
Gaming itself is under relentless attack. Last summer, Akamai Technologies found attacks on gaming web applications alone jumped by a staggering 340 percent in 2020.
From Grinchbots scooping up vast swaths of the latest hardware inventory to last month’s back-to-back PlayStation 5 breaches and malicious gaming apps lurking in marketplaces, this latest fake job fraud is just another way criminals are trying to exploit the enthusiasm of gamers.
Now Riot hopes to use this lawsuit as a way to track down the cybercriminals and make it clear the company was not behind the scam, according to Riot attorney Dan Nabel.
“We’re upset that people who viewed Riot as their dream company, even if that’s one person, had been defrauded through this scam,” Nabel told Polygon. “Secondarily, we felt a need to protect our employees who are having their identities impersonated.”
There’s a sea of unstructured data on the internet relating to the latest security threats. REGISTER TODAY to learn key concepts of natural language processing (NLP) and how to use it to navigate the data ocean and add context to cybersecurity threats (without being an expert!). This LIVE, interactive Threatpost Town Hall, sponsored by Rapid 7, will feature security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights (a Rapid7 company), plus Threatpost journalist and webinar host, Becky Bracken.
Register NOW for the LIVE event!