When you're trying to level up, you want to think about the game and not about protecting your personal information. So secure your account first and then go to war with a little peace of mind.
First, follow general online security best practices: keep your OS, browser, and antivirus software up-to-date. Second, protect your personal information. Trend Micro has a handy security checklist for gamers, including tips that are useful for any online account, like not sharing your passwords and not giving account info to phishers. But here are four especially important security tips for gamers: protecting your primary email address, signing up for two-factor authentication, guarding your credit card info, and avoiding links to fake websites.
1. Protect your email. Online games like World of Warcraft and League of Legends are popular targets for hackers, who want to collect thousands of accounts containing credit card numbers, email addresses, and passwords. Even if they only get your email address, they can use that to send you fake emails that look legit. This process, known as "phishing," tries to trick you into giving them your account password or sensitive financial information. Once they have the password for your online game, they can log in, change the password, strip your in-game items, and sell them for in-game currency. That currency goes into a pool from a number of accounts hacked in the same way, and the currency is then sold in bulk for real money.
This is just one of many scenarios that happen once your online game account is compromised. One way to fight it is with two-factor authentication, also known as two-step verification. Here is Blizzard's official webpage, which walks you through increasing your account security. The makers of League of Legends have also set up a page with lots of good info. Also, if you set up a separate email address that's specific to this game, a potential phisher won't be able to associate it with this one you use for your bank accounts and other sensitive stuff. And if they somehow gain access to your gaming email account, they can only see the messages sent between you and the game maker, instead of the messages in your main email account.
2. Enable two-factor authentication (2FA). A growing number of online game services are using two-factor authentication to add a layer of security to user accounts. With 2FA, there's an additional check when you attempt to log in to your account. The second check options vary from service to service, but they can include a text message, an email, or an app, each of which delivers a short code that you have to enter to finish logging in. This way, an unauthorized individual can have your account name and your password but still be prevented from logging in, because they don't possess your phone, your email address, or an authenticated app installed on your mobile device. Would you like to know more? Read our guide to 2FA.
3. Protect your credit card info. If you're playing a game that has micro-transactions, but you don't want to give your credit card or debit card info, you have options. The main one is a reloadable prepaid card. If you get one with the Visa or MasterCard logo, the transaction processor will treat it like a regular credit card, as long as the processor is based in the US. You can get these cards at most grocery and convenience stores. If PayPal is a payment option, that company offers a reloadable card with the MasterCard logo that draws funds directly from your PayPal account. American Express offers a card called Bluebird that can be used internationally, but AmEx is not accepted in nearly as many places as Visa or MasterCard.
4. Beware fake links. URLs that lead you to real-looking fake websites are common in phishing emails, but they've also become popular in chat apps. Steam users have frequently fallen victim to this scam. How it works: a stranger tells you that a friend wants to trade for something in your Steam inventory, but they can't log in to Steam and ask themselves, because of some (false) technical difficulty. The scammer gives you a link that looks like it will take you somewhere in the official steampowered.com domain. But if you look closely, the website is spelled wrong. You'll be sent to a fake Steam page that asks for your account name and password, and now your account may get hacked. Thankfully, Steam has two-factor authentication, but it's not mandatory. If you haven't set that up, get started at Steam's 2FA support page.