Fortnite Frenzy: Major US Universities’ Websites Compromised to Lure Gamers

Written by Troy Hanson | Edited by Alisa Stepaniuk
Sections of this topic

    In this article, we’ll examine the phishing campaign targeting major US universities’ websites to steal Fortnite user accounts and how these criminals are using compromised websites to lure unsuspecting victims.

    Key Takeaways:

    • Major US universities’ websites have been hacked to host Fortnite spam.
    • The affected sites include Stanford, MIT, Berkeley, UMass Amherst, Northeastern, and Caltech.
    • The phishing campaign uses fake websites that offer free gift cards and in-game currency to lure victims.
    • Attackers are also targeting some government websites, including those hosted by a Brazilian state government and the European Union.
    • The method used to compromise these websites is still unknown, and no cybersecurity researchers have joined the investigation yet.

    The Scope of the Attack: Which Universities are Affected?

    The phishing campaign in question has targeted a number of prestigious US universities, including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, and the University of Michigan. 

    The hackers have infiltrated these institutions’ websites, using them as platforms to host Fortnite spam and fraudulent gift card offers.

    Deceptive Tactics: How are Victims Being Lured?

    The cybercriminals behind the attack have managed to compromise the websites of these universities, uploading wiki pages that promote fake websites. 

    These counterfeit sites claim to offer free gift cards and in-game currency for the popular game Fortnite.

    Unsuspecting visitors who click on the links promoted on these pages are directed to a login form that closely resembles the legitimate Fortnite login page. 

    If they attempt to enter their credentials, they unknowingly hand them over to the attackers.

    Phrases like “Are you an avid Fortnite player looking for the most efficient way to get your hands on V Bucks? 

    If so, you’ve come to the right place!” are used to entice potential victims, demonstrating the attackers’ familiarity with their target audience.

    A Wider Reach: Government Websites Also Compromised

    While the primary focus of this phishing campaign seems to be university websites, some government sites have also been affected. 

    Among them are mini-sites hosted by a Brazilian state government and the European Union’s Europa.eu website.

    In the case of Europa.eu, the Europass e-Portfolio service, a job search portal, appears to have been exploited. 

    The attackers have managed to upload spam pages and PDF documents to these legitimate organizations’ websites, further extending their reach and the potential number of victims.

    The Unknown: How Were the Websites Hacked?

    At present, the method used by the hackers to compromise these websites remains a mystery. 

    No cybersecurity researchers have joined the investigation, and the cause of the issue has not yet been determined.

    MediaWiki, a content management system (CMS) platform used by many of the affected websites, released security updates last month. 

    However, none of these updates seem to address the ongoing malicious campaign. 

    Further investigation is needed to uncover the tactics employed by the attackers and how they managed to infiltrate these websites.

    Protecting Yourself: Tips for Users and System Admins

    As the investigation into this phishing campaign continues, there are some steps that both users and system administrators can take to protect themselves and their organizations from potential harm.

    For users:

    1. Be cautious when clicking on links, especially those promoting free gifts or in-game currency. If something seems too good to be true, it probably is.
    2. Look for signs of phishing, such as incorrect URLs, poor grammar, and unusual requests for personal information.
    3. Use strong, unique passwords for each of your online accounts and consider using a password manager to help you remember them.
    4. Enable two-factor authentication whenever possible, as this adds an extra layer of security to your accounts.

    For system administrators:

    1. Regularly update your CMS platforms and web app systems, ensuring that you have the latest security patches installed.
    2. Monitor your websites for signs of compromise, such as unexpected changes in content or unauthorized user accounts.
    3. Conduct routine searches for malicious content on your sites, looking for keywords like “gift card,” “Fortnite,” and similar terms.
    4. Educate your users and staff about the risks of phishing attacks, encouraging them to report any suspicious activity or emails. Provide guidelines on how to recognize and avoid phishing scams.
    5. Implement security measures like firewalls, intrusion detection systems, and web application firewalls to protect your websites and servers from potential attacks.
    6. Regularly back up your website content and data, allowing you to quickly restore your site in the event of a successful attack.
    7. Work closely with cybersecurity experts and researchers to stay informed about emerging threats and best practices for defending against them.

    Conclusion

    Cybercriminals are using sophisticated tactics to target and exploit major US universities’ websites in a phishing campaign aimed at stealing Fortnite user accounts. 

    By understanding the scope of the attack, the methods used to deceive victims, and the potential risks to both educational institutions and government websites, users and system administrators can take steps to protect themselves and their organizations. 

    As the investigation into this campaign continues, staying vigilant and adopting robust security measures will be crucial in safeguarding against future threats.

    Troy Hanson