6 mobile gaming scams and how to avoid them
July 12, 2022
Do you spend hours hunting monsters, storming your opponents’ bases, or digging for hidden treasure on your smartphone? You're far from alone. Mobile gaming — online games people play on their smartphones or other mobile devices — are more popular than ever.
Don't believe it? Statista says that in 2021 there were more than 2.6 billion mobile gamers shooting, racing, and collecting coins on their mobile devices. There are more than 207 million mobile game players in the United States alone in 2021, according to Statista.
Game developers aren't the only people excited by these numbers. Scammers are thrilled with the rising popularity of mobile gaming, too.
That's because scam artists have long used mobile games to trick people into giving up their personal or financial information. They target unsecured mobile devices using fake apps and games to install malware on those gamers’ devices. And they're always happy to charge gamers big bucks for fake power-ups, armour enhancements, and other gaming goodies that they have no intention of providing.
There are risks involved in mobile gaming. But you can avoid the scammers. It just requires recognising the most common mobile gaming scams and taking the necessary steps to avoid them.
Here's a look at some of the more common traps cyberthieves set, when trying to scam mobile gamers, and the steps you can take to thwart their efforts.
Mobile gaming scam No. 1: Credential stuffing
It’s not a very subtle attack, but credential stuffing is one of the more common ways that cybercriminals can gain access to your online gaming accounts.
In this attack, scammers use password and username combinations that have already been exposed in data breaches and made available on the dark web. They then use automated software that enters these combinations into most of the bigger and better-known gaming sites.
These cyberthieves hope that they’ll be able to find a match on the sites and gain access to user accounts. The cyberattacks don’t have a very high success rate when compared with their total attempted log-ins. But a low success rate is high enough.
Why? When hackers do gain access to gamers’ accounts, they can steal their credit card information and personal information. With this information, they can run up fraudulent purchases on victims’ credit cards. Scammers might also steal the weapons, armours, and upgrades that gamers have earned, goodies that these cyberthieves can then sell on the dark web to others.
You can make life more difficult for cyberthieves relying on this scam by not using the same passwords and usernames at multiple gaming accounts. Cybercriminals figure — rightly so — that many gamers won’t change their passwords from site to site. Once they find a password and username combination that works, they can then use it to log into all of a gamer’s accounts.
The lesson here? Don’t use the same password at multiple sites.
Mobile gaming scam No. 2: The malware problem
Another danger of mobile gaming? Malware. And unfortunately, it’s often ridiculously easy for cybercriminals to infect the devices of gamers with malicious code: They just need to convince gamers to download a legitimate-looking game. Instead, when these gamers do initiate a download, they either infect their devices with pure malicious code or they download a version of a game that hackers have infected with malware.
Once the malware has been uploaded on the device, scammers may be able to spy on the gamer’s private messages, take remote control of you’re their devices, or log you’re their keystrokes. Through these scams, cybercriminals might gain access to passwords or break into
online bank accounts or credit card portals.
The best way to defend yourself against these cyberattacks is to only download games from legitimate gaming platforms such as GOG, Steam, or Origin. Be wary of downloading a game from sites you're not familiar with. Often these sites contain games that are either straight malware or have been tampered with.
Mobile gaming scam No. 3: Fake cheat codes, power-ups and upgrades
Today’s mobile games often require players to earn power-ups to increase their odds of completing missions or tasks. Some games offer armour upgrades, new uniforms, or tech goodies for players willing to pay for them. Gamers are often on the hunt, too, for cheat codes that allow them to skip some of the more difficult or repetitive tasks in their games.
Scammers rely on gamers’ hunger for cheat codes, power-ups, and upgrades to scam them out of cash or access their financial information. How? They’ll spam message boards saying they have cheat codes or uniform upgrades for sale. Or they’ll reach out directly to gamers on forums or during chats promising them access to the latest items, pets, armour or weapons.
All gamers have to do is send these scammers money, often through a peer-to-peer payment system. But when gamers send their money? The seller disappears, taking the gamer’s cash and never delivering the upgrades or cheat codes they promised.
Other scammers say they’ll send these goodies after gamers send them their credit card information. Once gamers make this mistake and send that information? The scammers use the gamer’s credit card number to order expensive goodies online.
The key to avoiding this scam is caution. Never buy cheat codes, armour upgrades, or weapon boosts from someone you don’t know or have only met online. Only purchase these upgrades directly from the game manufacturer or though reputable online gaming sites. Never give any of your financial information to an anonymous person who contacts you online.
Mobile gaming scam No. 4: Phishing scams
Phishing scams are common today. Scammers send emails or texts to victims claiming that they will close their bank or credit card accounts if these victims don't click on a link to verify that these accounts are active.
When victims click on the link in the email or text, they are taken to a scam website that looks like the ones operated by their bank or credit card provider. The site asks them to fill in personal and financial information — often including their password, and account number — so that the bank or credit card company can verify their account.
This is all bogus, of course. Once victims enter this information and click send? The scammers behind the phishing attempt either use the information to access the credit card or bank accounts of the victims or they sell it on the dark web.
Scammers targeting mobile gamers aren't above using phishing tactics, either. They'll send emails or texts to gamers telling them that their gaming accounts will be suspended if they don't verify their information. These messages will ask gamers to click on a link to verify their accounts.
Again, the scammers will rely on fake websites that ask gamers to fill in their personal and account details. Scammers will then either use the financial information gamers send to access their online credit card or bank accounts or they'll simply take over their victims' gaming accounts, using gamers' passwords to access the accounts, and then changing these passwords to lock them out.
Again, rely on caution and instinct to avoid this scam. Gaming companies won't send you emails or texts asking you to verify your accounts. And they'll never ask you to provide personal or financial information through these messages.
Look carefully, too, at the "From" email address in any email supposedly sent by a gaming company. You'll often see that the domain name of the sender doesn't match the company at which the sender supposedly works. For instance, maybe you get an email message from someone claiming to be from Steam. But when you check the email address of the sender, it ends in a generic "gmail.com."
Or maybe the domain name in the sender's email message is something more complex, something like "@notice-accounts-24.com." Such unusual domain names, or generic public domain names like "gmail.com" or "yahoo.com," are likely signs of a phishing email.
Mobile gaming scam No. 5: The international call scam
International phone calls can be expensive. But some scammers have figured out a way to make these calls for free. Unfortunately, it comes at the expense of gamers.
Scammers will offer "free" online games for download. When victims download them, the app secretly makes international phone calls from the gamer's phone number. Scammers can run up hundreds or thousands of dollars in fraudulent charges before gamers realize they've been tricked.
The key to avoiding this scam is to again exercise caution when downloading any game. Only download mobile games from reputable sources, such as Google Play Store, the Apple App Store, and the sites of legitimate gaming companies. Downloading games from sites with which you're not familiar could lead to trouble.
Mobile gaming scam No. 6: The unlimited downloads scam — too good to be true
The offer is enticing: Someone you're chatting to online or exchanging emails with promises to give you access to unlimited downloads of games for your mobile devices. All you have to do is pay a one-time fee, the equivalent of around $40 or $50 USD.
If you send that money? You either get nothing or you're sent links to file-sharing sites that offer illegal copies of pirated games. Be careful with those links: Not only are the games typically pirated, they're often filled with malware that can infect your device.
And what if you don't have any moral qualms about downloading pirated games? You don't need to spend $50 or more to access the sites that provide them.
Never send people money online if you don’t know them in real life. And if an offer sounds too good to be true — such as unlimited game downloads for a one-time fee — don’t believe it. And again, never download games unless you are on a trusted site.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.