How to Protect Yourself From Fortnite Scams

There's no denying that Fortnite is the most popular video game on the planet right now. With that kind of fame and such a massive player base, Fornite scams become potentially a very lucrative endeavor. A security report from ZeroFox reveals just how broadly these scams have spread across social media, YouTube, and dozens of forums.

"Once we started digging into it, we uncovered a lot of stuff," Zack Allen, director of threat operations at ZeroFox, said.
There are over 4,770 live domains dedicated to Fortnite scams, thousands of posts on social media, and 1,390 YouTube videos advertising fraudulent links. Alarmingly, these videos have millions of views and there's no telling just how many Fortnite players have fallen for these scams.

Most scams usually revolve around V-Bucks, the in-game currency that Fortnite players use to buy weapons, items, upgrades, and other virtual goodies. However, V-Bucks cost real money. Fortnite is free to play but it makes a ton of cash from in-game purchases. Crooks usually lure people who do not want to pay for the virtual currency by offering them "V-Cash generators" and fake V-Bucks coupons in exchange for their private information, credit card numbers, or ad clicks that generate revenue for the scammers.

"The biggest thing that surprised us was the professionalism that went into some of these websites, where they would design some of these V-Bucks sites with a lot of skill. They made it look really legitimate, they had awesome user experiences, and as you go deep into those things, they made it really hard for people to differentiate between what was legitimate and what was not," Allen noted.

These websites usually prompt the targets to click ads in order to unlock V-cash, which they never actually get. Some of the sites use clever tactics to look real, like fake messages from fake Fortnite fans expressing their satisfaction with the service appearing on the screen.

These malicious websites often had security certificates issued by Let's Encrypt, who only provide encrypted connections. It's a common technique among internet crooks because it makes any site appear safe, even if it's peddling a scam.

"The issue here is not that phishing sites have certificates and use HTTPS. All websites, including phishing sites, should use HTTPS. The issue is that lock icons in browsers are misleading. Some people incorrectly interpret lock icons as a sign that a site's content is safe or trustworthy, and that's a completely separate issue from whether or not the connection is secure," Let's Encrypt Executive Director Josh Aas said.

"The more interesting ones that we found redirected from one social network to another. We've seen a lot of videos that would be linked from a post on Facebook, going to a video on YouTube, which then would link to a phishing or a scam domain," ZeroFox's Zack Allen commented. "It's like they tried to connect a lot of these things to provide more of a sense of legitimacy to the victims. It builds trust."

Ben Herzberg, the head of threat research for security firm Imperva, which has looked at many of these scams, said that the scammers have been working overtime lately. There was a large increase in these campaigns during Labor Day, for example.

"Basically, cybercriminals are always trying to make money. It just works so well, why stop?" Herzberg commented.

How to protect ourselves from Fortnite scams

When it comes to protecting ourselves from these scams you just need some basic reasoning skills. There is absolutely NO WAY to get V-Bucks outside of Fortnite. Anyone promising you V-Bucks is lying to you. Epic Games does not endorse or support any sites that claim such a thing.

"When you put your address in a random form, when they know your age, etc., you don't know where that will lead. It could have just been five minutes wasted on filling out a form, but it could be leading to worse. Until Elon Musk buys Fortnite and cancels it," Herzberg jokingly said.