Are free V-Bucks websites safe?

No. There is no legitimate website that generates free V-Bucks. Every 'free V-Bucks generator' is a scam — they exist to phish your Epic login, harvest personal data, trick you into 'human verification' offer spam, or push malware. V-Bucks are only obtained through the official Fortnite Item Shop, the Battle Pass, or in-game rewards.

How do I tell if an Epic Games email is real?

Don't trust the display name — check the actual sender domain and never click login links inside the email. Real Epic emails won't pressure you with urgent 'account locked, log in now' threats. When in doubt, ignore the link entirely and go to epicgames.com directly by typing it yourself, then check your account. If the 'problem' only exists according to the email, it's phishing.

What should I do if I entered my Epic password on a fake site?

Act immediately: go to the real epicgames.com, change your password, enable two-factor authentication, and sign out of all other devices/sessions to invalidate any stolen access. Review your sign-in activity and linked accounts, remove anything you don't recognize, and if you also reused that password elsewhere, change it there too. Then report the phishing site so others are warned.

Home / Resources / Fortnite & Epic Games Phishing

Fake Epic Games & Fortnite Verification Phishing: How to Spot and Stop It

A Fortnite account can hold years of rare skins, a stack of V-Bucks, and — for creators — a real payout pipeline. That value makes Epic accounts one of the most phished targets in gaming. This guide shows you the exact phishing playbook attackers use, how to recognize a fake page or email in seconds, and what to do if you already typed your password where you shouldn't have.

Part of the Fortnite & UEFN Creator Safety guide.

Why Epic Accounts Are Prime Targets

Phishers go where the value is. A single Fortnite account can carry hundreds of dollars' worth of cosmetics, spendable V-Bucks, and saved payment methods — and for UEFN/Creative creators, access to a creator portal with real earnings. Stolen accounts get resold or stripped, and rare "OG" skins fetch a premium. The result is a constant stream of phishing aimed at players of every age, much of it designed to look completely routine.

The Phishing Playbook

Free V-Bucks and Skin "Generators"

The classic bait: a site, video, or ad promises free V-Bucks or a rare skin if you enter your username and "log in to claim," or complete "human verification." There is no generator — V-Bucks only come from the official Item Shop, Battle Pass, or in-game rewards. The login box is the trap, and the "verification" is endless offer spam or a malware funnel.

Fake "Account Locked" and Verification Emails

An email claims your account is locked, flagged, or needs you to "verify" — with an urgent deadline. The link goes to a convincing fake login. Urgency is the tell: it's there to make you act before you think. Real Epic notices don't herd you to an emergency login through an email link.

Look-Alike Login Domains

Phishing pages live on domains that look right at a glance — extra words, swapped characters, odd endings (think "epicgames-login.com" or "epic-verify.net" rather than the real epicgames.com). The page can be a pixel-perfect copy of the real login. The address bar is what gives it away, not the page design.

Discord "I'll Gift You" and Login-Token Theft

In DMs, a "friend" or stranger offers to gift you a skin or V-Bucks, then asks you to "log in to receive it," scan a QR code, or screen-share a page. QR-code and token tricks are especially dangerous: scanning a malicious code or approving a prompt can hand over a login token that gets the attacker in without your password. No legitimate gift requires you to log in on someone else's page or scan a code to "receive" it. These DMs often come from already-compromised friends — see creator code scams for how the same accounts get weaponized.

Fake Creator-Portal Logins

Creators get a tailored version: emails or messages about "payout verification," "tax info required," or "partner portal access," linking to a fake creator/portal login. The goal is to take over your earnings or your whole account. Manage anything payout-related only by navigating to Epic directly.

How to Spot a Fake Page or Email

Check the domain, every time. The only real Epic login lives on epicgames.com. Read the address bar carefully — extra words and look-alike spellings are the giveaway.
Never log in from a link. Don't sign in through email links, DM links, or "reward" sites. Open a new tab and type epicgames.com yourself.
There is no free V-Bucks site. Treat any such promise as automatically fake.
Distrust urgency. "Locked," "suspended," "act now" pressure is a phishing signature.
Never scan codes or approve prompts to "receive" a gift. Gifts in Fortnite are sent in-game; they never require you to log in elsewhere.

Lock Down Your Epic Account

Strong account hygiene makes most phishing fail even if you slip:

Enable two-factor authentication — an authenticator app is stronger than email or SMS.
Review sign-in devices and activity in your account settings, and sign out anything you don't recognize.
Check connected/linked accounts (console, social, Discord) and unlink anything unfamiliar.
Save your backup/recovery codes somewhere safe and offline.
Use a unique password you don't reuse on any other site.

If You Already Entered Your Credentials

Move fast and in order:

Go to the real epicgames.com (type it yourself) and change your password immediately.
Enable two-factor authentication if it wasn't already on.
Sign out of all other devices/sessions to cut off any active intruder.
Review sign-in activity and linked accounts; remove anything unknown.
If you reused that password elsewhere, change it on those accounts too.
If you downloaded or ran anything from the scam, scan your device for malware — info-stealers can grab saved logins and session tokens.

Then report it. Submit the phishing site or scammer to the VerifyUGC blacklist with screenshots — flagging the source is what protects the next player who gets the same link.

A 10-Second Red-Flag Check

When a link, email, or DM lands, run it through this fast filter before you touch it. If any one of these is true, stop:

It promises free V-Bucks, free skins, or a "reward" for logging in.
It creates urgency — "account locked," "verify within 24 hours," "last chance."
It asks you to log in somewhere that isn't epicgames.com, or to scan a QR code or approve a prompt to "receive" something.
The sender domain or page URL is even slightly off from the real one.
A "friend" you haven't talked to in a while is suddenly offering you a gift with a link.

None of these are individually proof of a scam, but each one is a reason to slow down and verify through the official app or site instead of the message in front of you.

Why Younger Players Get Hit Hardest

Fortnite's audience skews young, and phishers design for that. The "free V-Bucks" hook works because younger players want cosmetics they can't easily buy, and the urgency tactics work because kids are less likely to pause and check a domain. If you're a parent or older sibling, the single most protective step is enabling two-factor authentication on the account and having a simple house rule: never type the Epic password anywhere except the official launcher or epicgames.com, and never "log in to claim" anything. Linking the account to a recovery email an adult controls also makes account recovery far easier if something does go wrong.

Build Phishing-Proof Habits

Phishing only works when it catches you on autopilot. Make a few rules permanent: only log in at epicgames.com, never trust a "free V-Bucks" anything, never scan a code to "claim" a gift, and keep 2FA on. With those locked in, the steady stream of fake pages and emails simply bounces off. Want the full walkthrough? Take our free account safety course, and if you create, build a verified VerifyUGC profile so your audience can tell the real you from an impersonator.

Report a Phishing Site Before It Catches Someone Else

Add fake Epic login pages and scammers to the VerifyUGC blacklist — it's free, and every report warns the next player before they click. Verify your own identity so the community can trust it's really you.

Report to the Blacklist