Safety and privacy

Free online games are, on the whole, safe — but the “free” label is often abused to bait users into phishing pages, fake downloads or hijack attempts. This page covers the main risk patterns and how to avoid them, plus a parental-controls reference.

Phishing in and around games

The most common online-game scam is account phishing — usually targeting accounts with cosmetic items or skins that have market value. Typical patterns:

• In-game friend requests with links to “skin sites”, gift sites, or trade tools that ask you to log in with your Steam / Epic / Riot credentials.
• Fake support emails claiming your account has been compromised and asking you to log in via a link. Real support never does this.
• Discord DMs from a stranger or a compromised friend with a link to “vote for me in a tournament”, “try out my new game”, etc. The link leads to a credential-harvesting page.

Rule of thumb: never enter your account password on any site you reached via a link from a stranger, an email, or a Discord DM. Open the official site directly in your browser, by typing the URL or using a bookmark.

Fake “free download” sites

Search results for popular free games often return imitation sites with names like fortnite-free-download.com or play-valorant-now.net. These commonly do one of:

• Serve a malware installer disguised as the game.
• Charge a subscription for “access” to a free product.
• Redirect through affiliate chains to scam offers, fake antivirus warnings or tech-support fraud.

For every popular F2P title there is exactly one official download URL. Fortnite is at epicgames.com; Valorant at playvalorant.com; CS2 via the Steam client. If a site looks even slightly off, it is.

How to verify a game site is legitimate

1. Check the URL against the developer’s name. Riot Games has only one publisher domain — if the site is on a different domain, it’s not them.
2. Check whether the title is being given away free. If it’s a paid retail game offered for free, it’s almost certainly piracy or a scam.
3. Look for HTTPS and a recognisable certificate authority. Lack of HTTPS is a red flag, but its presence alone is not proof of legitimacy.
4. Search for the site name plus “scam” or “legit” before signing up or installing anything.

Account security basics

• Two-factor authentication on every gaming account you care about. Steam Guard, Epic 2FA, Riot 2FA are all free.
• Unique passwords per service — use a password manager. Leaked passwords from elsewhere are the most common cause of game-account takeover.
• No password sharing, ever, even with friends. Real platforms never require it.
• Beware mobile authenticator app phishing — some scams now prompt the user to type their 2FA code into a fake page. Genuine 2FA prompts are always inside the real app or come from the real site.

Parental controls reference

For families, three main systems cover most platforms:

• Microsoft Family Safety — covers Xbox and Windows PC. Screen-time, spending limits, app blocking, activity reports.
• Apple Screen Time / Family Sharing — iPhone, iPad, Mac. “Ask to Buy” for IAP, time limits per app, age-rating filters in the App Store.
• Google Family Link — Android phones / tablets, Chromebooks. App approval, screen-time, content filters.
• Nintendo Switch Parental Controls — separate phone app, well-regarded.
• Steam Family View — PIN-based restriction on launching specific games.

Privacy

Most free games collect telemetry — gameplay analytics, crash data, sometimes hardware fingerprints. Mobile games typically collect more than browser ones. Reading a privacy policy is rarely productive; the more practical approach is:

• Use a throwaway email for games you do not trust.
• Decline optional permissions on mobile (location, contacts) unless the game actually needs them.
• Use an ad / tracker blocker in the browser for casual portal games — uBlock Origin and similar are free and effective.