Yesterday, I stepped into Amichai's shoes, delivering the Application Defense Center's "top security trends" webinar with Carahsoft, one of Imperva's partners. (The original ADC recording is available here). One of the top trends (#7) is online game fraud.
Online game sites boast millions of loyal users. Surprisingly (at least to me) there is real money to be made in these virtual worlds. For example, people like Ailin Graef (aka Anshe Chung) earned their real money honestly from the virtual world (she was the first SL real world millionaire.).
As more actual money flows into this virtual world, the potential appeal for mischievous individuals increases. One of the threat vectors that the ADC mentioned was "Farmers":
Gamers employing cheap labor or software bots to focus on virtual money generating activities (exploiting application bugs and loopholes). Virtual money is later converted into real currency
In real life (first or second) the reality is beyond all imagination. The Register reported yesterday about a man accused of siphoning $50,000 in micro-payments from Schwab, E-trade.
Michael Largent of Plumas Lake, California, is accused of using an automated script to open 58,000 online brokerage accounts that were linked to a handful of online bank accounts.
Largent then allegedly prompted E-trade and Schwab to send huge numbers of deposits between two cents and $1 to the accounts. Online brokerages frequently send such "micro-deposits" to verify that account details of new customers are correct. Largent's script had a penchant for cartoon characters: Accounts bore the name of Hank Hill and Rusty Shackelford, of Fox TV's King of the Hill and Marvel Comic's Johnny Blaze.
(credit to Kevin Poulsen of Wired News)