SkipToMainContent

Kids' Safety

6 mobile gaming scams and how to avoid them

Oct. 14, 2020

Do you spend hours hunting monsters, storming your opponents’ bases, or digging for hidden treasure on your smartphone? You're far from alone. Mobile gaming — online games people play on their smartphones or other mobile devices — are more popular than ever.

Don't believe it? Statista says that in 2020 there are more than 2.4 billion mobile gamers shooting, racing, and collecting coins on their mobile devices. The company also says that this number is projected to rise to 2.7 billion by 2021. There are more than 209 million mobile game players in the United States alone in 2020, according to Statista.

Game developers aren't the only people excited by these numbers. Scammers are thrilled with the rising popularity of mobile gaming, too.

That's because scam artists have long used mobile games to trick people into giving up their personal or financial information. They've used fake apps and games to install malware on gamers’ devices. And they're always happy to charge gamers big bucks for fake power-ups, armor enhancements, and other gaming goodies that they have no intention of providing.

There are risks involved in mobile gaming. But you can avoid the scammers. It just requires that you recognize the most common mobile gaming scams and take the steps necessary to avoid them.

Here's a look at some of the more common traps cyberthieves set when trying to scam mobile gamers, and the steps you can take to thwart their efforts.

Mobile gaming scam No. 1: Credential stuffing

It’s not a very subtle attack, but credential stuffing is one of the more common ways that cybercriminals can gain access to your online gaming accounts.

In this attack, scammers use password and username combinations that have already been stolen in data breaches and made available on the dark web. They then use automated software that enters these combinations into gaming sites such as Steam, Blizzard, or HumbleBumble.

These cyberthieves hope that they’ll be able to find a match on the sites and gain access to user accounts. The attacks don’t have a very high success rate when compared with their total attempted log-ins. But a low success rate is high enough.

Why? When hackers do gain access to gamers’ accounts, they can steal their credit card information and personally identifiable information. With this information, they can run up fraudulent purchases on victims’ credit cards. Scammers might also steal the weapons, armors, and upgrades that gamers have earned, goodies that these thieves can then sell on the dark web to others.

You can make life more difficult for thieves relying on this scam by not using the same passwords and usernames at multiple gaming accounts. Cybercriminals figure — rightly so — that many gamers won’t change their passwords from site to site. Once they find a password and username combination that works, they can then use it to log into all of a gamer’s accounts.

The lesson here? Don’t use the same password at multiple sites.

Mobile gaming scam No. 2: The malware problem

Another danger of mobile gaming? Malware. And unfortunately, it’s often ridiculously easy for cybercriminals to infect the devices of gamers with this malicious code: They just need to convince gamers to download what they think is a legitimate game. Instead, when these gamers do initiate a download, they are either infecting their devices with pure malicious code or they are downloading a version of a game that hackers have infected with malware.

Once the malware gets on the devices of gamers, scammers may be able to spy on your private messages, take remote control of your devices, or log your keystrokes. Through these scams, criminals might gain access to your passwords or break into your online bank accounts or credit card portals.

The best way to defend yourself against these attacks is to only download games from legitimate gaming platforms such as GOG, Steam, or Origin*. Be wary of downloading a game from sites you're not familiar with. Often these sites contain games that are either straight malware or have been tampered with.

Mobile gaming scam No. 3: Fake cheat codes, power-ups and upgrades

Today’s mobile games often require players to earn power-ups to increase their odds of completing missions or tasks. Other games offer armor upgrades, new uniforms, or tech goodies for players willing to pay for them. Gamers are often on the hunt, too, for cheat codes that allow them to skip some of the more difficult or repetitive tasks in their games.

Scammers rely on gamers’ hunger for cheat codes, power-ups, and upgrades to scam them out of cash or their financial information. How? They’ll spam message boards saying they have cheat codes or uniform upgrades for sale. Or they’ll reach out directly to gamers on forums or during chats promising them access to the latest items, pets, armor or weapons.

All gamers have to do is send these scammers money, often through a peer-to-peer payment system. But when gamers send their dollars? The seller disappears, taking the gamer’s money and never delivering the upgrades or cheat codes they promised.

Other scammers say they’ll send these goodies after gamers send them their credit card information. Once gamers make this mistake and send that information? The scammers use the gamer’s credit card number to order expensive goodies online.

The key to avoiding this scam is caution. Never buy cheat codes, armor upgrades, or weapon boosts from someone you don’t know or have only met online. Only purchase these upgrades directly from the game’s manufacturer or though reputable online gaming sites. Never give any of your financial information to an anonymous person who contacts you online.

Mobile gaming scam No. 4: Phishing scams

Phishing scams are common today. Scammers send emails or texts to victims claiming that they will close their bank or credit card accounts if these victims don't click on a link to verify that these accounts are active.

When victims click on the link in the email or text, they are taken to a scam website that looks like the ones operated by their bank or credit card provider. The site asks them to fill in personal and financial information — often including their Social Security number, password, and account number — so that the bank or credit card company can verify their account.

This is all bogus, of course. Once victims enter this information and click send? The scammers behind the phishing attempt either use the information to access the credit card or bank accounts of the victims or they sell it on the dark web.

Scammers targeting mobile gamers aren't above using phishing tactics, either. They'll send emails or texts to gamers telling them that their gaming accounts will be suspended if they don't verify their information. These messages will ask gamers to click on a link to verify their accounts.

Again, the scammers will rely on fake websites that ask gamers to fill in their personal and account details. Scammers will then either use the financial information gamers send to access their online credit card or bank accounts or they'll simply take over their victims' gaming accounts, using gamers' passwords to access the accounts, and then changing these passwords to lock them out.

Again, rely on caution and instinct to avoid this scam. Gaming companies won't send you emails or texts asking you to verify your accounts. And they'll never ask you to provide personal or financial information through these messages.

Look carefully, too, at the "From" email address in any email supposedly sent by a gaming company. You'll often see that the domain name of the sender doesn't match the company at which the sender supposedly works. For instance, maybe you get an email message from someone claiming to be from Steam. But when you check the email address of the sender, it ends in a generic "gmail.com."

Or maybe the domain name in the sender's email message is something more complex, something like "@notice-accounts-24.com." Such unusual domain names, or generic public domain names like "gmail.com" or "yahoo.com," are likely signs of a phishing email.

Mobile gaming scam No. 5: The international call scam

International phone calls can be expensive. But some scammers have figured out a way to make these calls for free. Unfortunately, it comes at the expense of gamers.

Scammers will offer "free" online games for download. When victims download them, the app secretly makes international phone calls from the gamer's phone number. Scammers can run up hundreds or thousands of dollars in fraudulent charges before gamers realize they've been tricked.

The key to avoiding this scam is to again exercise caution when downloading any game. Only download mobile games from reputable sources, such as Google Play, the App Store, and the sites of legitimate gaming companies. Downloading games from sites with which you're not familiar could lead to trouble.

Mobile gaming scam No. 6: The unlimited downloads scam — too good to be true

The offer is enticing: Someone you're chatting with online or exchanging emails with promises to give you access to unlimited downloads of games for your mobile devices. All you have to do first is pay a one-time fee, usually about $40 or $50.

If you send that money? You either get nothing or you're sent links to file-sharing sites that offer illegal copies of pirated games. Be careful with those links: Not only are the games typically pirated, they're often filled with malware that can infect your device.

And what if you don't have any moral qualms about downloading pirated games? You don't need to spend $50 or more to access the sites that provide them.

Never send people money online if you don’t know them in real life. And if an offer sounds too good to be true — such as unlimited game downloads for a one-time fee — don’t believe it. And, again, never download games unless you are on a trusted site. 

Get Norton 360 for Gamers

From casual to hard core gamers, Norton 360 for Gamers gives you multiple layers of protection for your PC and devices, game accounts and digital assets.

* The inclusion of websites, apps, or service providers does not imply endorsement or support of any company, product, service, or provider listed herein.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.