At the start of February first ever concert to take place inside a video game. The American DJ Marshmello played a 10-minute set from within the hugely popular offering from Epic Games, Fortnite. However, as so often happens, malicious users also showed up and tried to trick users into buying tickets on social networks like Twitter as well as messages offering VIP access, even though the concert was free.
The event was 'attended' by around 10 million users, the majority of whom were children and teenagers — the age group with which the game is most popular. Apart from the number of users it attracted and the fact that it had an audience 25 times larger than attended the legendary Woodstock Festival, the incident puts the issue of security back into the spotlight.
This kind of video game not only allows users to play against each other, but also to interact with other users, as is the case with Fortnite—a player can use their “voice chat” function to talk to anyone they come into contact with. This is where it is important to stop and think about the risks involved in interacting with strangers in the digital realm.
There were also messages from users who apparently fell for the scam (either that or they were actively involved in it) and bought supposed tickets for the concert, sharing their happiness about getting them and thus prompting other users to fall into the trap of wanting to buy tickets.
A quick search on the hashtags #fortnite #marshmello #vip showed messages that jokingly refer to the sale of tickets as well as social engineering campaigns using the scam in the aim of making a profit or populating marketing databases.
This type of activity is particularly visible before any massive event, as happened for example in the days running up to this year's Super Bowl, when fake websites of well-known brands offered prize draws for sneakers.
It is important to pay attention to users' interactions, especially in the case of minors, and to check all the information found against a range of sources to avoid falling victim to social engineering campaigns. And lastly, it is important for users to learn to protect their personal information in order to avoid becoming a victim of someone abusive or a cybercriminal.