First published: 14 Dec 2020
Last updated: 01 Mar 2024

Content written for

Individuals & families

The world of online gaming is a popular target for scammers and cybercriminals. Gaming accounts can provide access to game licenses and linked payment methods making them highly valuable.

You should protect these accounts the same way you would protect your bank and email accounts. Cybercriminals might also use gaming as a way to scam you or compromise your device with malware.

Case study

A teenager from WA made an online friend on the social messaging platform Discord. The two friends chatted online and played Minecraft together.

Through Discord, the online friend shared a file and told the teenager to download it. Even though they felt unsure about it, the teenager decided to trust the online friend.

When the teenager opened the file, a malicious screen opened and closed.

The online friend then sent back personal information about the teenager to threaten them. This included details such as their device location and email address.

This incident could expose the teenager or their family to further attacks.

Follow these tips to protect against security risks such as viruses and account takeovers.

Protect your gaming accounts with multi-factor authentication (MFA) where possible. This will add an extra layer of protection to your account that helps keep cybercriminals out. MFA can also warn you when someone is trying to use your login details.

Prioritise accounts that have payment information saved or that are high value. For example, accounts with large game libraries.

How to turn on MFA depends on the service you are using. If possible, use an authenticator app instead of SMS or email verification methods. Below are links from popular gaming services on how to set up MFA.

If you do not see your account listed above, do an online search for ‘how to turn on MFA’ for that service, or check the settings for your account.

Use a different passphrase for each of your accounts. If you use the same login details for every account, and just one of these accounts is compromised, all your other accounts are at risk.

You should especially use a different passphrase for your email account. If someone gains access to your email account, they could use this to reset passphrases for all your accounts that your email address is linked to.

Consider using a password manager to help you create and store strong, unique passphrases for each account.

Avoid saving payment details (such as card numbers and PayPal information) for your accounts. If someone gains access to your account, they could use this to make purchases with your money. For example, purchasing games or currencies as ‘gifts’ for other accounts.

Sometimes you may be required to provide payment details to create an account or use a service. If this is the case or you want to save payment details for convenience, consider the following protections:

  • Where possible, turn on settings that ask for your passphrase when making a purchase.
  • Turn on parental controls to limit purchases, including in-game microtransactions.
  • Use a pre-paid Visa or Mastercard instead.

This will minimise the potential costs if your account is compromised.

You could also consider using pre-paid gift cards for purchases, instead of your card details. For example, Steam or Nintendo eShop cards available at major retailers.

Cybercriminals target gamers using scams. These tricks aim to take money, account information and even things from in-game, like items or currency.

In-game currencies, items, cosmetics and services

Be wary of unofficial or third-party advertisements for free or paid add-ons, such as:

  • game currencies
  • cosmetics and skins
  • power upgrades
  • services such as cheats and boosts.

You should only purchase these add-ons from official sources. For example, from within the game or from the game’s official website. Avoid third-party websites and services, as these could be a scam or an attempt to get your login details.

Be wary of other players who may attempt to steal your in-game items or currency, especially on games or platforms that allow trading.

Buying games and devices online

Buying games and devices through unofficial online stores or marketplaces can carry a risk. Follow our advice for shopping online to ensure you do not get scammed.

Unsolicited communication

You may receive unsolicited communications through in-game chat, emails and messaging apps such as Discord. It might just be spam, or someone might be trying to get you to compromise your device or information.

If you receive a strange message or request, for example to download a file or open a link, ignore it and report it to the service you are using. Never click on links asking you to confirm your login details.

Avoid sharing too many personal details online. If your personal information is available to others it can potentially be used against you. This could result in targeted scams, account takeovers or even identity theft.

Follow these tips when online gaming or streaming:

  • Do not use personal information in display names or profiles.
  • Check your privacy settings for your accounts to make sure you know who can see your information and to what extent.
  • Do not give out personal information to other players.

Software updates are important for your security. They can also improve your gaming experience by introducing new features, improving performance and fixing bugs. Most games and devices will require you to have the latest updates in order to play online.

Install updates when they are available for your games and devices. Where possible, enable automatic updates. If you are PC gamer, you should also update your operating system (e.g. Windows, macOS or Linux) for the best security.

Ensure you also install or enable antivirus software on your device.

Only use games, applications and mods that you know are legitimate. Fraudulent or pirated software could contain malware, or may not receive updates. When downloading and installing new software, follow these tips:

  • Only use software from official sources such as reputable retailers and app stores.
  • Before downloading new software, even from app stores, verify it is legitimate (e.g. look at reviews or do a search online).
  • Do not use pirated software, or modify your device to bypass copyright or security protections.
  • Avoid software that asks for excessive or suspicious permissions, or software that recommends turning off your antivirus.
  • Avoid third-party services, such as unofficial trading or account marketplaces.

Regular backups can help you recover your data if it is lost or corrupted.

Back up your important files (such as save files) to a USB stick, memory card, external hard drive or online storage service. You may require a paid subscription to back up to the cloud on some devices.

Make sure to reset your gaming device, including any memory or SD cards, before selling, trading or giving them away. If you do not, other people could access your account, games or information stored on these devices. Follow our guidance on how to dispose of your device securely.

Tips for parents and carers

  • Make sure your child’s accounts have multi-factor authentication switched on and are protected with unique passphrases.
  • Avoid saving card details to accounts when making a purchase, or remove them from the account once no longer required.
  • Use parental controls to limit financial loss if accounts become compromised.
  • If your child asks you to purchase games or items such as currencies or cosmetics, make sure you use an official platform. For example, the game’s official website or from within the game itself.
  • Make sure gaming devices are updated and backed up regularly, and reset them to factory settings before getting rid of them.

For more detailed advice, read our cyber security guide for parents and carers.

Further information

Have you been hacked?

If you believe one of your accounts or devices has been compromised, use our Have you been hacked? tool for further advice.

Information on scams

Learn more about common types of scams. Learn how to report and recover from scams if you have seen, or are a victim of a scam. You can also report if your device or information has been compromised.

Resources from eSafety

Further information is available from the eSafety Commissioner on:

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it