Brave indeed is the soul who decides to take on Nintendo with scam-filled behaviour online. The console legends have a long history of crunching down on fraud, as well as gaming past-times some would consider to be harmless.
This is before we even get to the Switch hacker improbably named Bowser who had to pay Nintendo $4.5 million as a result of said hacking.
It’s dangerous to hack alone
In a nutshell: perilous is the path of Nintendo fandom, and activities Nintendo may strongly disagree with. The company has always come down particularly hard on scams and hardware fakeouts, because it simply does not want people tampering with physical devices. The crown jewels are the online services and digital products, and Nintendo doesn’t want bogus consoles or cartridges mixing and matching with the real thing.
Last year, a big Nintendo story was the breach of around 300,000 Nintendo accounts. Suspected reasons for the spill included phishing and/or credential stuffing, with a fair bit of probable password reuse thrown in for good measure. There’s also the famous 2017 breach where files dating back to the 80s were accessed via the use of VPNs.
At this point, we can safely say two things. One: Nintendo absolutely does not want to entertain phishers, or bogus Nintendo websites. That path leads to bad experiences for Nintendo customers. Two: Nintendo absolutely does not want to entertain unofficial hardware, or suspicious device sales. This is another path filled with knock-off devices or tampered game cartridges.
The end result is that combining fake sites (which may or may not be phishing) with unofficial hardware sales will draw Nintendo’s attention extremely quickly.
Nintendo impersonations, phantom products?
For that reason, Nintendo has published a warning in relation to a fake site. A rough translation follows:
We have confirmed the existence of a fake site that impersonates the Nintendo homepage. These fake sites have nothing to do with us.
The fake site uses our logo illegally, making it look as if it is operated by us, and you can purchase our products such as Nintendo Switch at a significantly discounted price. If you purchase a product on a fake site, you may be scammed by fraudulent acquisition of personal information. Please be careful not to mistake it for our website, and do not purchase products from fake websites.
Nintendo usually holds on to lots of additional data where hacks or scams are concerned, likely because they are spending a lot of time investigating behind the scenes. This is how you eventually end up with people in front of judges.
Sadly, this sometimes makes it a bit tricky to figure out the who, what, when, where, and of course, why of any given situation. As Nintendo hasn’t released any information with regards to the fake site, it’s tricky to add much beyond what’s already been said.
Sounding out the scam
This definitely sounds like bogus device sales…if those devices even exist. It may well just be a fake store selling absolutely nothing at all, but that captures victims’ payment details. It’s possible the site in question also asks visitors to log in with their Nintendo accounts too. We simply don’t know.
The announcement on social media and the press release appear to (currently) be aimed at Japanese consumers only, so impact from this site may be more limited than usual. The release also points people to nintendo(dot)co(dot)jp as the official site, and doesn’t mention other regional variations.
For some semblance of completeness, there’s also Nintendo(dot)co(dot)uk, Nintendo-europe(dot)com, and Nintendo(dot)com for the US. I imagine there’s almost certainly more, but those tend to be the main first ports of call. If you haven’t set up two factor authentication on your Nintendo account then now is the perfect time to do it. The Princess may well be in another castle, but we don’t have to say the same thing about your login details.
The post Nintendo warns of imitation websites and suspicious hardware appeared first on Malwarebytes Labs.