Blog Post

EA Forums Info Hub
3 MIN READ

EA Forums Online Security Newsletter - Volume 6

EA_Kalina's avatar
EA_Kalina
Icon for Community Manager rankCommunity Manager
23 days ago

Welcome to the latest edition of our Online Security Newsletter!

Before we begin this issue’s regular sections, we want to thank everyone who participated in the discussion in the previous edition. Your shared experiences and kind words of appreciation mean a lot to us. 🥰

In this issue, we’ll again examine phishing methods from a psychological perspective, exploring why they are so effective and how we can better protect ourselves. Phishing isn't just about dodgy links; it's about exploiting fundamental human tendencies. Scammers are master manipulators, playing on our emotions, our desire for efficiency, and even our inherent trust. When you understand the psychological levers they pull, you gain a powerful advantage in spotting and avoiding their traps. 🤓

If you missed the previous edition, you can find it [here].

As always, joining the discussion or solving the quiz will earn you a token of participation in the form of a unique badge on the forum. 🤠

 

Stay safe!

The Psychology of Phishing

  • The Lure of Urgency and Scarcity, aka Fear of Missing Out

Phishers often create a sense of immediate crisis or limited-time opportunity (e.g., "Your account will be suspended in 24 hours!" or "Exclusive limited-time skin unlock!"). This triggers our primal fight-or-flight response, bypassing rational thought and pushing us to act without deliberation. The fear of loss (of access, of a rare item) is a powerful motivator.

When you feel a sudden surge of urgency or excitement from an unexpected message, stop and take a deep breath. A legitimate service will rarely demand immediate action without prior warning. Verify independently through official channels, not by clicking links in the suspicious message.

  • Authority Bias

Humans are conditioned to respect and obey authority figures. Phishers expertly mimic legitimate sources like game developers, platform support, or even government agencies. The use of familiar logos, official-sounding language, and seemingly authentic sender addresses exploits our tendency to trust perceived authority without question.

Never assume legitimacy based solely on appearance. Always cross-reference. If you receive an unexpected email from "EA Support," don't click a link in the email. Instead, open your browser and manually navigate to EA's official support website to log in or check your account.

  • The "Intriguing Mystery" Phishing

 Our brains are wired to seek out novelty and resolve unknowns. Phishers exploit this by sending messages that pique our curiosity (e.g., "See who's talking about you!" or "Your private photo has been leaked!"). The desire to know, to uncover the "secret," overrides caution, leading us to click. 

Before clicking on anything that triggers intense curiosity, engage your critical thinking. Is this too good to be true? Does it make sense that I would receive this message? If it sounds sensational or unbelievable, it likely is.

  • Reward Phishing

We often feel a subconscious obligation to repay a favor or respond positively to someone who has given us something. Phishers leverage this by offering enticing "rewards," "freebies," or "exclusive access" (e.g., "Claim your free legendary loot box!"). The desire to accept the perceived gift can blind us to the underlying danger.

While it's nice to receive gifts, be highly suspicious of unsolicited windfalls, especially those requiring you to click a link or provide personal information. Legitimate giveaways from reputable companies will always direct you to their official website or have a clear, secure claiming process. If you didn't enter a contest, you didn't win.

  • The "Everyone is doing it" Phishing

Humans are social creatures, and we often look to the actions of others to determine what is correct or safe. Phishers can create a false sense of social proof by impersonating friends, guildmates, or popular streamers, often sending messages like "Hey, check out this amazing new game!" or "I just got this awesome item using this link, you should too!" This can lead us to believe that if others are clicking, it must be safe.

Even if a message appears to come from a trusted friend, consider the context and how they usually communicate. If it seems out of character, or if the link is suspicious, contact your friend through a separate, verified channel (e.g., a direct message on a platform you know is secure, or even a quick call) to confirm.

Stay vigilant!

Pause, verify, and think critically before clicking on unexpected links or acting on urgent messages—protect yourself from phishing scams!

Updated 2 months ago
Version 1.0

14 Comments

  • GawgPorkChop's avatar
    GawgPorkChop
    New Veteran
    13 days ago

    Thanks for the, "food for thought." I did actually giggle, just a little too, Asmodeus566! 😁

    Edit: True story. Years ago I was reading an article by an I.T. center help technician for staff of his very large, organization. (Internal support)  I forget, Over 10 years ago, but one thing stuck, below.

    (Way before A.I. was even talked about.) Help was provided in person, or phone. Not via internal mail.

    He said one of his customers/staff had constant problems which were in fact very simple to solve. A reboot! He told this worker after numerous help requests, below:

    "Get a Post it sticky note. Write in Uppercase Large letters, "REBOOT," stick it on the side, clearly visible place of your monitor."

     He, didn't need support again for a long time. 

    When he did, it was a legit error in the system. Yes, he had tried to REBOOT, twice in fact.

  • I mainly get emails from "CashApp" or "PayPal" claiming that I had been sent money, and all I do is report the email for phishing and then I delete the email.

    These types of emails never fooled me, (especially when I have those apps installed, and neither app had sent a notification about receiving any money).

    Furthermore, here are some tips to help you figure out if the email is a phishing email: 

    • Check the sender's information. Is it what you expect it to be?


    Note: You can find the sender's information by hitting the "v" arrow from within the email, (which is located below the sender's name and the email's title).

    If the email is "from your bank", (for example), and the sender's information doesn't match your bank's information, then its safe to assume its NOT from your bank!

    • On PC, hover your mouse over any of the links that are within the email, (but don't click on anything!), and look at the bottom left of the screen.


    Does the text you have the mouse over match what you expect the link to be? (Again, if its from "your bank", the link should match your bank's website, (and in this example, its better to log into your bank's website directly to avoid any risks!))

    • On mobile, you can just press and hold on the link, and it should popup a dialogue box that contains the link for you to review without opening it.


    Still doubtful if an email is legitimate?

    If the email is from EA, log into your EA Account through EA's website, and if its from Facebook, Google, Steam, etc., log into your account from those websites respectfully to check them that way.

    Its better to log into your accounts using a link you know and trust then to use one from an email you are unsure about!

  • This is a very good newsletter, but it should be placed in a more prominent location to share such important information with more people.

  • Thanks EA_Kalina​  for another interesting newsletter.
    The psychology in the hands of bots is a very bad combination.