Blog Post

EA Forums Info Hub
3 MIN READ

EA Forums Online Security Newsletter - November

EA_Kuba's avatar
EA_Kuba
Icon for Community Manager rankCommunity Manager
12 days ago

Welcome to our latest newsletter!

Last month, we talked about the importance of setting up Two-Factor Authentication (TFA) to safeguard your gaming accounts, emphasizing the use of authenticator apps as the most secure option.  If you missed it, here’s the short version: SMS-based TFA is good, but authenticator apps like Google Authenticator are significantly better. Why? They’re harder for attackers to intercept, and generally more reliable. If you want to check the full article have a look here

If you’ve already made this upgrade, congratulations - you’ve taken a significant step toward securing your gaming accounts! But even with TFA in place, you’re not invincible. One of the most persistent threats that gamers face, especially during the holiday season, is phishing

Phishing is a method bad actors use to trick you into giving away your personal information, like login credentials or payment details. During the holidays, phishing scams often ramp up as cybercriminals prey on the increased online activity. 

To illustrate the importance of staying vigilant, let's look at how EA is working with Google’s Cross-Account Protection program. This initiative helps prevent compromised email accounts from being used to take over gaming accounts. These efforts highlight the need for us, as players, to take an active role in defending ourselves. 

This month’s deep dive is here to arm you with knowledge about phishing scams specifically targeting gamers, including how these scams work and, more importantly, how you can outsmart them. 

As usual - for interacting with the newsletter, either by sharing your tips, experiences or checking yourself in the newsletter challenges will earn you a unique forum badge for your collection. 

 

If you have any feedback or want to design your own additional challenge, make sure to check the Feedback Hub and choose the correct form.

Phishing Deep Dive

What is Phishing?
Phishing isn’t a one-size-fits-all attack. Phishing is a cyberattack where scammers pose as trustworthy entities to trick you into revealing sensitive information. This can take many forms (at least nineteen!), including fake emails, voice calls, misleading websites, malicious direct messages, or even impersonation in gaming chats. 

How Phishing works?
Phishing attacks targeting gamers can take several forms. Attackers often send emails or messages claiming there's an issue with an account or an exclusive offer, leading users to a fake login page that mimics a trusted platform. Another tactic involves messages from "friends," whose accounts have been hacked, asking for assistance. Additionally, scammers may disguise links as offers for free in-game currency or access to special events. Advanced scammers are even using AI tools to craft more convincing phishing messages, mimicking the tone and typing style of the victim's friends.

Where it can happen?
Phishing attempts can occur across various channels commonly used by gamers. These include app-based chats like Steam and the EA app, native console chats, and mobile game chats. Discord, email, text messages and direct messages on the forums are also targets for these deceptive tactics.

How to protect yourself from phishing?

  • Enable Two-Factor Authentication (TFA):
    Use an authenticator app for added security. This ensures even if someone steals your password, they can’t log in without the second verification step.
  • Verify links and sources
    Hover over links in emails or messages before clicking. Official gaming platforms usually have consistent, recognizable URLs (e.g., ea.com, not ea-support.xyz).
  • Is e.ea.com an official email address?
    Yes, e.ea.com is an official EA email address. Because it leads with the subcategory, then ends with ea.com, we can tell it’s a legitimate address.
  • Be sceptical of urgent requests:
    Scammers often use fear (e.g., "your account will be banned") or excitement (e.g., "exclusive offer!") to rush you into acting without thinking.
  • Keep software updated:
    Ensure your games, devices, and antivirus software are up-to-date. Modern security measures can often block known phishing attempts.
  • Recognize common red flags:
    Spelling errors, mismatched logos, or generic greetings like “Dear User” in emails are the giveaways.
  • Secure your email:
    Since your email is the backbone of most gaming accounts, protect it with strong passwords, TFA, and regular scans for suspicious activity.
  • Account recovery features:
    Familiarize yourself with recovery processes for your gaming accounts, such as backup codes or secondary email options.

Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi...
Answers HQ Online Security Newsletter - Challenge Creation Interest form

EA Forums Online Security Newsletter - November

Published 12 days ago
Version 1.0
  • As always a well-written and timely article especially with the holidays just around the corner @EA_Kuba. I will take this opportunity to share some history related to phishing.

    Phishing's roots trace back to the 1990s during the rise of the internet and early online services like AOL and Yahoo. Initially phishing was a simple scam known as “account theft” where hackers impersonated trusted entities like AOL support to steal user credentials. These early attempts were often conducted via email or fake websites that appeared similar to legitimate ones. The term "phishing" is believed to have originated from the analogy to fishing as cybercriminals "cast a line" with fake emails to lure victims into revealing personal information.

    Can you believe it? After more than 30 years, this scam is still in use and continues to be successful. Staying vigilant is key and securing your account as @EA_Kuba has said is a big part of being safe.