The gaming industry is a juggernaut, generating around $135 billion in revenue in 2018 alone. For context, that’s over three times the figure grossed from global box office sales during the same year. Unfortunately, where there’s money there’s also fraudsters looking to take advantage. With 47% of the world’s 2.3 billion active gamers spending money while playing, gaming is becoming increasingly infiltrated by scammers. In fact, one in three gamers has experienced fraud when paying for online games.

So, which online scams should you watch out for when gaming, and what can you do to reduce your chances of being swindled?

1. Fake apps and websites

Many threats facing gamers are posed by fake apps and websites. Console and PC games, such as Gang Beasts, Totally Accurate Battle Simulator, and Fortnite, are frequently cloned and sold on mobile app stores. The fact that these games don’t have official mobile versions means curious players are quick to jump on the chance to play what they believe is a legitimate release. While many of these apps are relatively harmless clones, and simply a means for uploaders to make a quick buck, some are much more sinister, with cybercriminals adding malicious permissions or malware pop-ups to mine data from users.

Meanwhile, fake lottery sites touting bogus instant win games are also common. These websites are often credible-looking enough, but were built purely to trick users into divulging personal information. A high-profile example of this came to light in early 2019, when a South Korean man was arrested in Bangkok for operating a fake lottery site. It emerged that the 53-year-old and a group of 14 others had stolen around $41 million from over 340 individuals who visited the site.

In order to ascertain whether an app is real, it’s important to keep an eye on its rankings within the App Store or Google Play. Cross-check the developer’s name on other platforms—if you can’t find reference to them anywhere else, this is often a sign they’re not a real developer. In addition, the official website and social media pages for the game will link to any mobile versions, so scan these before downloading anything.

When it comes to websites, it’s essential that you look out for the telltale signs of a safe and reliable site, such as trust seals, which can be found in various locations on a page. Another is an SSL certificate, demarcated by the site’s url beginning “https”. For lottery games, you should always use sites licensed and regulated by official gambling commissions. And just as you would with any item or service you pay for, read online reviews to get an idea of whether a lottery company is legitimate or not. If others have recommended its services, you’ll likely be able to trust it with your money. There are plenty of trusted reviews websites out there that can help you ascertain whether or not a lottery company is authentic.

2. Freebies

With over 125 million players, online “shoot em up” game Fortnite has become a bona fide cultural phenomenon. But many of its players are young and impressionable—one study found that 27% of US teens play the game. Consequently, Fortnite made headlines for all the wrong reasons in late 2018 when it transpired that many of its users were being scammed.

Fraudsters used social media to convince gamers they should leave the game for a third party website, and buy “free” add-ons, such as weapons and clothes, in exchange for their bank details. Many players unwittingly handed over their parent’s money to fraudsters as a result. Similar issues have blighted other video games too, from League of Legends to Final Fantasy. Considering that freebies are one of the most common online scams, this is a concerning yet unfortunately unsurprising turn of events for the gaming industry.

The best way to avoid being defrauded in this way? Paul Carroll, the Chief Inspector of the National Fraud Intelligence Bureau has some pretty simple advice: “Listen to your instincts and if it sounds too good to be true, it probably is.” Beyond gut feeling, you should still never provide card details for a freebie—while the other party may claim that this won’t cost you anything, you can still get stung.

3. Account takeovers

Much like bank accounts, gaming accounts are often targeted by cybercriminals. In a takeover scam, fraudsters typically get hold of a player’s user ID and password using a malware program. Once the account is breached, scammers have access to everything on it, from the attached credit card details to the gamer’s virtual goods, which can be worth a lot of money.

Frequently targeted by fraudsters this way, it seems Fortnite players can’t catch a break, with the success of these cybercriminals largely put down to careless password practices among gamers. Many players have weak passwords, such as ‘password’ or ‘123456’, while others use the same one across multiple accounts and rely on passwords only to protect their accounts. This makes their gaming accounts very vulnerable.

In order to protect your gaming accounts from being infiltrated, make sure you have a strong password—using password checkers to verify them—and rotate passwords regularly to avoid consistently using the same one. Setting up two-factor sign-in, where you present two types of evidence to an authentication mechanism, will also help. So, instead of just relying on your password, you can set it so that you also need email verification to enter your account. Ensuring you have this extra level of protection is easy to do, and will go a long way to keeping your personal information safe.