BACK

Legal, Regulatory, and Privacy Issues

How to protect your family from Fortnite fraud

Players of the popular online video game are prime targets for cybercrooks

Summary

Capitalizing on the increasingly crowded Fortnite community, cybercrooks have invaded the game’s landscape in search of users’ credit card information and other personal data. Here’s how to prevent common threats lurking in Fortnite.

The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

If there’s a teen or preteen living in your home, you’ve likely heard about, seen or perhaps even played the video game Fortnite, which has taken the planet by storm.

In the game, characters created by players do battle in a sort of survival-of-the-fittest scenario. In the course of less than two years, free-to-play Fortnite has lured more than 200 million enthusiasts, cementing its status as the world’s most popular video game.

Unfortunately, Fortnite isn’t always all fun and games.

Capitalizing on the increasingly crowded Fortnite community, cybercrooks have invaded the Fortnite landscape in search of users’ credit card information and other personal data. For instance, they’ve employed “phishing” scams to gain access to Fortnite accounts.

No one knows precisely how many Fortnite fans have been victimized by fraud. But most players have had it happen to them or a player they know, according to Johnny Santiago, brand partnerships manager at Social Catfish, an identity verification company in California.

Here’s how to prevent common threats that are lurking in Fortnite, or at least minimize the damage from them.

1. Restrict account access

To protect young Fortnite players from cybercrooks, cybersecurity expert Robert Siciliano, CEO of Safr.me, says if your kid enters the Fortnite universe through a gaming console, you should set up a passcode – one your youngster can’t guess – for that device.

Xbox, for instance, lets you create a passcode to:

  • Sign in when the console is turned on.
  • Update device settings.
  • Make a purchase. While it’s free to play Fortnite, users can buy an in-game currency known as V-Bucks to get add-ons such as skins, or outfits, for their characters.

Siciliano also noted that Xbox maker Microsoft advises against plugging a credit card number into the Xbox account of any child or other family members who you want to block from making in-game purchases.

“This way, you can keep your family safe and keep your money safe,” Siciliano said.

See related:  Fraudsters target video games for credit card fraud

2. Don’t share account information

Kids might think it’s harmless to give a friend access to their Fortnite account. However, this can open the door to scams, said Suresh Dakshina, founder and president of Chargeback Gurus, a company in McKinney, Texas, that helps merchants deal with costly credit card chargebacks.

If the account information is shared with a friend, that friend might end up having that information swiped in a cyber attack. Or, they might use it to commit fraud or pass the information along to someone who misuses it.

“Parents of minor children should manage game access to ensure that ‘friendly fraud’ – their child sharing account credentials with friends – does not take place,” Dakshina said.

In this case, friendly fraud can result in credit card numbers being used to rack up unauthorized purchases. And, of course, unfriendly cybercrooks can do plenty of financial damage, too.

3. Use different passwords for different sites

Fortnite developer Epic Games warns on its website that while it’s common to use the same password for several websites (including game sites), “this is a dangerous practice and should be avoided.”

“If one of those sites is compromised,” Epic’s security team says, “hackers can use your email and password from that site to break into your account on other sites using the same password.”

Creating a unique password for every website you visit can stop one compromised account from leading to widespread theft involving several accounts.

4. Beware of “phishers”

In 2018, a Fortnite bug let hackers snag users’ login credentials through a malicious “phishing” link. In this case, Siciliano explained, the link directed users to a website that promised free V-Bucks, Fortnite’s in-game currency.

Through this scheme, “not only could a hacker access a user’s Fortnite account, but they could make in-game purchases using the person’s credit card, which is connected to the account,” Siciliano said.

To avoid any kind of phishing scam, be extra cautious about clicking on links in emails, text messages and other places. If you don’t recognize the sender, then it’s wise to not click on the link.

Phishing seeks to obtain sensitive information (such as credit card numbers) by asking you to click on a link in a fraudulent message that appears legitimate.

See related:  How to reduce your fear of cybercrime, and protect yourself

5. Watch out for fake offers

Epic Games cautions against falling for Fortnite deals seen on other websites, such as promotions for free V-Bucks or offers to share or buy Fortnite accounts. Such deals are always fraudulent, Epic Games says.

Keep in mind that V-Bucks are never free. In many cases, sites that purport to offer free V-Bucks are trying to steal your Fortnite login credentials.

6. Use two-factor authentication

Every account that’s considered “critical” – meaning it contains personal or sensitive information – should be equipped with two-factor or two-step authentication, Siciliano said.

Two-factor authentication helps ensure a credit card transaction is legitimate. For instance, the two authentication factors for an online transaction might be a security code found on a credit card and a one-time code that’s sent by email or text.

Fortnite offers two-factor authentication, but it must be enabled, Siciliano said. To do so, go to “Account Settings” in your Fortnite account, then click on the “Password & Security” tab. Scroll to the bottom and then click on the “Enable Two-Factor Sign In” button.

7. Come up with complicated passwords

Hackers claim the popularity of Fortnite and the ease of access to the game’s accounts make it an inviting target, according to Braden Perry, a partner at Kennyhertz Perry LLC, a law firm based in Mission Woods, Kansas.

Perry’s areas of expertise include fraud. Victims, he said, are “everyday players” who don’t understand how simple it is to take over a Fortnite account.

Far too many people practically roll out the red carpet to hackers by employing passwords that are extremely basic, such as 123456789 or password1 (which are among the most common passwords in the U.S.)

“Because convenience is a primary feature of online games, some products like Fortnite allow their users to have the most basic password credentials, and those accounts are easy targets for hackers,” Dakshina said.

Webroot Inc., which develops cybersecurity software, says key aspects of a strong password include:

  • The longer, the better.
  • A mix of letters (upper and lower case), numbers and symbols.
  • Words and numbers not related to your personal information, such as your name or birthdate.
  • No words you’d find in a dictionary.

8. Keep a lid on email addresses

“Make sure your kid isn’t providing email addresses – theirs or yours – to anyone on Fortnite,” Siciliano said. “If they do, there’s a strong possibility they might provide it to a criminal phisher. Once this happens, tricky phishing emails that look like they are coming from Fortnite that are designed to steal passwords are likely to hit your inbox.”

See related:  Americans leave their personal info open to thieves, poll shows

9. Install and update antivirus software

While cybersecurity software won’t solve every problem, it will shield your computer from a lot of threats, Epic Games says. Nearly half of Americans fail to use antivirus software, according to Webroot.

10. Update your computer’s operating system

Your computer’s operating system, along with all installed software and drivers, should be kept as up to date as possible, Epic Games says.

“Small bugs from outdated drivers or software can result in performance issues or other game stability issues,” the company says, “while missed security updates could compromise your entire computer.”

11. Monitor your credit card statements

Unless you regularly keep tabs on your credit card transactions, Fortnite hackers might be amassing hefty charges, said Santiago, the Social Catfish manager.

For instance, a hacker might run up charges by making in-game purchases, which individually are relatively small and might go unnoticed. In this scheme, the hacker might score cash by selling the ill-gotten goods, such as game upgrades, to Fortnite players.

“Many minors play Fortnite, so parents might not realize their credit card purchases are coming from a hacker and not their children,” Santiago said.

What’s up next?

In Legal, Regulatory, and Privacy Issues

Sign your credit card, don’t write ‘See ID’

If your strategy for protecting yourself against card fraud is to not sign your cards and write “See ID” instead, your game plan is both ineffective and outdated.

Published: March 17, 2019

See more stories
Credit Card Rate Report Updated: October 16th, 2019
Business
15.18%
Airline
17.11%
Cash Back
17.25%
Reward
17.13%
Student
17.29%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.