The popularity of online gaming surged during the COVID-19 pandemic—and so did cyberattacks against gamers with 5.8 million attacks detected over the past year. With a much-anticipated line-up of games rolling out this year like Total War: Warhammer 3 and Elden Ring, the captivated gaming audience remains a prime target for attackers. Summer is another bonus for scammers, as younger gamers spend more time online (often unaware of the risks).
Bad actors follow the money and the global online gaming market is booming; it is expected to reach $219 billion by 2024. The average cost of games is also rising, making “cracked” or pirated games very enticing. Hackers realize this and use the lure of free games to infect people with malware using trojanized copies of pirated games.
Online gaming presents a host of opportunities for hackers. From exploited system vulnerabilities and malicious websites to social engineering tactics, the methods scammers use to approach unwary gamers to try and trick them into downloading malware, giving up personal details, or handing over login credentials leading to account takeovers continue to evolve.
Cybercriminals are becoming experts in deception which makes them increasingly difficult to detect. Fortunately, there are some basic precautions gamers can take to stay safe online.
- Protect your accounts. If you have a gaming account with Steam, Epic, or another large gaming platform, treat them as you would a banking or social media account. Use a strong, unique password for every account that you have. If possible, enable two-factor authentication (2FA) on your gaming accounts.
Passwords you can’t remember are useless. But passwords that are too easy to remember can be easy to guess or to ascertain with a brute-force attack. The key aspects of a strong password are length (the longer the better); a mix of letters (upper and lower case), numbers, and symbols, no ties to your personal information, and no dictionary words. Creating strong passwords may seem like a daunting task, the secret is to make passwords memorable but hard to guess. Use a phrase and incorporate shortcut codes or acronyms like ABT2_uz_AMZ! (About to use Amazon).
- Avoid pirated games. Yes, games are expensive and times are tough. But hackers love to sneak malware into those “free” copies of popular games. Think before downloading a pirated game, is it worth the risk?
- Be mindful of social engineering scams. As the saying goes, if you’re online, you’re a target. The best way to stay safe is to be aware of the threat—and learn how to spot phishing and social engineering attacks when you encounter them. There are two quick, yet effective ways to avoid phishing scams. First, don’t click. Instead, navigate to the website via a browser bookmark or search engine to get your own link. If the email is legitimate, you will see the same information when you log into your account on the legitimate site. This is the only way to guarantee you land on the legitimate site. Second, use a browser filtering extension to see how sites rate (from safe to suspicious, to high risk).
- Avoid in-game offers. Massive multiplayer online games (MMOs) with hundreds even thousands of gamers playing on the same server have become increasingly common. MMOs, with their in-game economies, prey on the competitiveness of unsuspecting victims and will try to sell gold for cheap with a request for account information for a transfer. Like social engineering campaigns, in-game offer scams are sometimes difficult to spot as bad actors try to compromise your information by attempting to gain your trust. Resist the urge and avoid in-game offers.
As cybercriminals continue to look for ways to exploit human behavior, it’s important to remain vigilant of how cyber threats continue to evolve. If something seems too good to be true, it usually is – don’t click. And don’t share personal information online.
Following these basic cybersecurity tips will help to make your online gaming experience more secure.

