EA Forums Online Security Newsletter - November
Welcome to our latest newsletter!
Last month, we talked about the importance of setting up Two-Factor Authentication (TFA) to safeguard your gaming accounts, emphasizing the use of authenticator apps as the most secure option. If you missed it, here’s the short version: SMS-based TFA is good, but authenticator apps like Google Authenticator are significantly better. Why? They’re harder for attackers to intercept, and generally more reliable. If you want to check the full article have a look here.
If you’ve already made this upgrade, congratulations - you’ve taken a significant step toward securing your gaming accounts! But even with TFA in place, you’re not invincible. One of the most persistent threats that gamers face, especially during the holiday season, is phishing.
Phishing is a method bad actors use to trick you into giving away your personal information, like login credentials or payment details. During the holidays, phishing scams often ramp up as cybercriminals prey on the increased online activity.
To illustrate the importance of staying vigilant, let's look at how EA is working with Google’s Cross-Account Protection program. This initiative helps prevent compromised email accounts from being used to take over gaming accounts. These efforts highlight the need for us, as players, to take an active role in defending ourselves.
This month’s deep dive is here to arm you with knowledge about phishing scams specifically targeting gamers, including how these scams work and, more importantly, how you can outsmart them.
As usual - for interacting with the newsletter, either by sharing your tips, experiences or checking yourself in the newsletter challenges will earn you a unique forum badge for your collection.
If you have any feedback or want to design your own additional challenge, make sure to check the Feedback Hub and choose the correct form.
Phishing Deep Dive
What is Phishing?
Phishing isn’t a one-size-fits-all attack. Phishing is a cyberattack where scammers pose as trustworthy entities to trick you into revealing sensitive information. This can take many forms (at least nineteen!), including fake emails, voice calls, misleading websites, malicious direct messages, or even impersonation in gaming chats.
How Phishing works?
Phishing attacks targeting gamers can take several forms. Attackers often send emails or messages claiming there's an issue with an account or an exclusive offer, leading users to a fake login page that mimics a trusted platform. Another tactic involves messages from "friends," whose accounts have been hacked, asking for assistance. Additionally, scammers may disguise links as offers for free in-game currency or access to special events. Advanced scammers are even using AI tools to craft more convincing phishing messages, mimicking the tone and typing style of the victim's friends.
Where it can happen?
Phishing attempts can occur across various channels commonly used by gamers. These include app-based chats like Steam and the EA app, native console chats, and mobile game chats. Discord, email, text messages and direct messages on the forums are also targets for these deceptive tactics.
How to protect yourself from phishing?
- Enable Two-Factor Authentication (TFA):
Use an authenticator app for added security. This ensures even if someone steals your password, they can’t log in without the second verification step. - Verify links and sources
Hover over links in emails or messages before clicking. Official gaming platforms usually have consistent, recognizable URLs (e.g., ea.com, not ea-support.xyz). - Is e.ea.com an official email address?
Yes, e.ea.com is an official EA email address. Because it leads with the subcategory, then ends with ea.com, we can tell it’s a legitimate address. - Be sceptical of urgent requests:
Scammers often use fear (e.g., "your account will be banned") or excitement (e.g., "exclusive offer!") to rush you into acting without thinking. - Keep software updated:
Ensure your games, devices, and antivirus software are up-to-date. Modern security measures can often block known phishing attempts. - Recognize common red flags:
Spelling errors, mismatched logos, or generic greetings like “Dear User” in emails are the giveaways. - Secure your email:
Since your email is the backbone of most gaming accounts, protect it with strong passwords, TFA, and regular scans for suspicious activity. - Account recovery features:
Familiarize yourself with recovery processes for your gaming accounts, such as backup codes or secondary email options.
- 19 Types Of Phishing Attacks
- Keeping your EA Account safe by partnering with others
- How to avoid phishing
Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi...
Answers HQ Online Security Newsletter - Challenge Creation Interest form
Read the latest updates and useful tips and tricks around EA Forums.