Our commitment to raising awareness about cybersecurity comes to the fourth week of Cybersecurity Awareness Month. This week, we will cover the topic of phishing: how to identify phishing and how to defend yourself against it.
So first – What exactly is phishing?
Phishing is a social engineering attack where the main goal of the attacker is to trick you into giving your sensitive information (personal and payment information, passwords, etc.). There are many types of phishing (the idea is the same, but we recognize them by the type of media used by the attacker).
- Smishing – via text messages
- Vishing – via voice messages
- Email phishing – via email
- Spear phishing – the attacker is targeting a specific group of people, for example, people from the same company or with the same interests.
- Search engine phishing – the attacker positions themselves as a first/top result in search engines. The victim clicks the link, thinking that they will be redirected to the legitimate website they’ve been searching for.
Recognizing phishing scams.
How to recognize a phishing email?
Since the body of the message might mimic the official EA message, first check the email address from which the message came (remember that e.ea.com is a legitimate address). Check for names in the email address – phishers will almost always use names in emails to seem trustworthy.
Also, remember that the Community Managers on the forums will never ask you for your account details in forum messages.
This rule also applies to messages sent over the console messaging system – we will never do it.
Phishers may also try to create urgency by sending you a message claiming that your account has been hacked. If you receive any email claiming that your account is in danger, always check the links within the email to see if they are redirecting you to official sites.
Without clicking anything in the email, hover over the pictures and buttons and make sure that the link is redirecting you to the advertised place.
Misleading hyperlinks and phishing sites.
The official EA website uses the URL http://www.ea.com. Be aware of any links that don't use “ea.com” as the domain name. Even if they include "ea" somewhere in the URL, make sure it is from an official subdomain, just like with email addresses.
The text of a hyperlink may contain a URL that is not the URL it actually links to.
Notice how in the image below, when you hover your mouse over this link, the URL in the text box in the bottom left does not match the original one we’ve hovered over.
Depending on your browser, you can check links like this at the bottom of your browser or in a small text box that hovers over the link.
Make sure that any link you click leads to the place it claims it will take you.
Redirection to a fake page:
The official EA website uses the URL http://www.ea.com. Be aware of any links that don't use “ea.com” as the domain name. Even if they include "ea" somewhere in the URL, make sure it is from an official subdomain, just like with email addresses.
The text of a hyperlink may contain a URL that is not the URL it actually links to.
Notice how in the image below, when you hover your mouse over this link, the URL in the text box in the bottom left doesn't match the original one we’ve hovered over.
Phishers may pretend they are EA.
Whenever you receive an email message pretending to be from us, where you are asked to provide your account information – that’s not us. No one from EA will ever ask for your password.
What’s a legitimate EA email address?
You may receive an email from the address – e.ea.com – that's an official EA email address. You may receive a message from us (Customer Support) or have a password reset link from this address.
If you receive a phishing email – don’t click anything in the body of the message. This includes not clicking links, banners, pictures, spoilers, or any buttons (like the report phishing button).
You might also be told that you’ve been offered freebies, offers, or any free in-game content. While this happens, if the offer is too good, always check any official messages about promotions, campaigns, and competitions you might have won. Be cautious about third-party websites that promise free in-game stuff or cheats.
Keep in mind that we will never sell currency that you can earn in-game by playing (like FC Coins) - the sale and purchase of those, as well as EA accounts themselves, are against our User Agreement.
Remember to buy games from trusted retailers.
In the event when we would have to add content to your account, it will be automatically added. We will not ask for your account info to give you prizes or presents.
To wrap up the information given in this post:
- Use official channels only – only log in to official EA sites.
- Check the email addresses.
- Inspect the hyperlinks in the email.
- Watch out for redirection URLs.
- Remember that we won't, ask for the password to your account.
Community Admin
Community Manager