EA Forums Online Security Newsletter - Volume 1
We're starting the year with a few changes to adapt to the transfer to the new forums. You'll notice a slight change in the naming of the newsletter and the badges. The newsletter will now be released in volumes every month. As usual - you can still receive badges for participating in volumes 1-12. I want to dedicate this month's subject to my nephew, who inspired me by asking some questions that intrigue him a lot—he just got his first PC and has many questions. So, let's start with the basics and answer one of his many questions: How do you download games safely? Let's consider why this is so important. Before diving into the world of games, everyone needs to download them first—and there's a right and wrong way to do this first step. The right way is safe for both the user and their device. Knowing a few simple rules can help us avoid problems and enjoy games stress-free. Those rules are especially crucial for young gamers and inexperienced parents, as it's easy to stumble upon unsafe sources or harmful apps. But I believe that even more experienced users can refresh or even update the "database". I'll share some tips and real-life examples that might be helpful. Don't forget to check them out and talk with your daughters, sons, nephews, nieces, grandparents, and parents. Okay, let's say it in a simple way: It will benefit everybody. How do you download games and applications safely? Download only from trusted sources Always download apps and games from official stores, such as Google Play, the App Store, or the Microsoft Store. Unknown sources may offer infected files that can harm your device. Check reviews and ratings Before downloading a new app, it's a good idea to read other users' reviews and check ratings. Apps with lots of positive reviews are usually more trustworthy. Beware of app permissions Before you install a new app, check what permissions are required. If a flashlight app wants access to your contacts and messages, it may be suspicious. Keep your apps and operating system up to date. Use antivirus software Installing antivirus software on your device can help detect and remove malware. Beware of "Cracked" versions Downloading “cracked” versions of games and applications is illegal and very risky. Such files often contain viruses and other malware. By following these tips, you can enjoy your favorite apps and games without worry! Stay safe and have fun! How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Positive Play Charter Report cheating, harassment, and illegal content How to avoid phishing Online Security Newsletter - Feedback Form Online Security Newsletter - Challange Creation Interest form Online Security Newsletter - Volume 1 QuizAHQ Archive: Online Security Newsletter - June 2024
Welcome, to new issue of our Answers HQ Online Security Newsletter! In the last issue, we explored the dangers of malware, how to recognize its signs, and most importantly, how to eliminate it. This month, we're focusing on securing your account with our tips brought to you by @EA_Kalina! While these tips are tailored for your EA account, they are also apply for safeguarding all your other accounts. Make sure to implement them after you finish reading our newsletter! As always, each participant of our newsletter will receive a unique badge on the forum. Join the discussion, solve the quiz, or participate in the challenge to showcase your achievement! Speaking of challenges ... We're thrilled to invite you to create challenges for our future newsletters! Want to test your skills and contribute? Fill out this form to get started. This month's challenges are brought to you by a regular contributor, @ElliotLH! Security focus - Account Security SECURE YOUR ACCOUNT IN 6 STEPS Securing your account is crucial for maintaining the integrity of your online gaming experience. Here are the six steps to ensure your account remains safe: Make sure you apply them after reading this guide! Password A password is a secret word or phrase that you use to log into your account. A password is a secret that only you know. Don't share it with anyone, not even your best friend. What should be the password? Strong: Use a combination of letters (upper and lower case), numbers and symbols. Unique: Don't use the same password on different accounts. Instead of "password123," use "S3cuR3P@$$w0rD!" Two-Factor Verification (TFA) Two-factor verification is an additional layer of security that requires more than just a password to log in. After you enter your password, you must also enter a code that is sent to your phone or email. - Why is it important? - Two-step Verification protects your account, even if someone knows your password. Using the app authenticator for Login Verification is the safest way to keep your account secure. Here’s how to set it up. Trusted Devices Trusted devices are those that you regularly use to log into your account. Trusted devices are saved in your account, so you do not have to go through additional verifications each time. - Why it's important? - It helps you log into your account faster and more securely. Be careful where you play Don't log into your account on public computers or in unknown places. Public computers can be infected with viruses that can steal your data. If you are playing on a friend's computer, be sure to log out of your account after the session is over. Your profile, account security, and games are all accessible when you leave your account logged in. Backup e-mail A backup email is an additional email address that you can add to your account as a security measure. If you can't get into your main email account, you can use the backup email to regain access. Don't share information Don't give out your password, personal information or other sensitive information to anyone, even friends. Sharing this information can lead to account theft and other dangers. By following these steps, you can significantly enhance the security of your account and enjoy a worry-free gaming experience. How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Answers HQ Online Security Newsletter Quiz - JuneAHQ Archive: Online Security Newsletter - February 2024
Hello everyone, and welcome to the fourth edition of Answers HQ Online Security Newsletter. Last month, we covered the topic of secure downloads from the internet. If you missed it or would like a refresher on how to maintain security while downloading files, you can revisit the January issue here. This month, we will cover a quite hot topic from the last few months - which is AI (Artificial Intelligence). Specifically, we'll be discussing how AI can be exploited in phishing attacks. This edition will build upon the content from a previous one in November. If you missed that one, take a look here. We also have an important message about the change in the Answers HQ notification sender's email address. Read more in the Info Hub section. As usual, any discussion participant or challenger from previous editions would receive a unique badge. This month, similar to the November edition, we have a custom badge with the one and only, you favourite turian Garrus Vakarian! Have you noticed the hints in the previous newsletter? 😉 Security focus - AI in social engineering What is Artificial Intelligence? (I've asked this question to one of popular AI solution - ChatGPT) Artificial Intelligence, or AI, is a field in computer science where machines are made to mimic human intelligence, enabling them to learn, make decisions, recognize speech, and understand language. It's basically teaching machines to think and learn like humans. What is social engineering? Social engineering has various methods and mediums whose sole purpose is to trick the victim into revealing sensitive information about themselves. In some scenarios, it can also persuade unaware victims into performing actions that they normally wouldn't do. Spear Phishing Attack using AI One of the things that AI is good at is analyzing text-based data. When attackers gather enough data (for example, via OSINT), they can, by using AI, create convincing emails or text messages based on the information provided. This, of course, could be done without AI, but using this technology significantly speeds up the process. The best way to keep yourself safe from such situations is to maintain your online privacy and only share information with which you are comfortable. Vishing Attack Using AI Vishing is a type of phishing attack that is performed via voice communication. A Vishing attack, which is in itself a very dangerous attack, can be amplified if the attacker uses AI to create a voice similar to one we know. Without going too much into details, let's consider how to prevent such attacks. One of the best ways to ensure that we are talking with the person who says they are who they claim to be is to use a safe word. Having a certain keyword, which would be shared among friends and family, could help prevent falling into scam scenarios like this. Near future of AI in cybersecurity According to NCSC report about impact of AI on the cyber threat AI is expected to significantly enhance cyber criminals' capabilities in areas like social engineering, reconnaissance, and exfiltration over the next two years. Particularly, generative AI can be used to create more convincing interactions with victims, reducing the chance of identifying phishing attempts. Artificial Intelligence is constantly evolving, as are the dangers of using it in illegitimate ways. To stay secure, remember at least to: Use strong passwords and MFA whenever possible Be mindful of your digital footprint and your online privacy Make use of "safe words" and be aware of common phishing tactics IMPORTANT CHANGES related to Answers HQ sender's email address. In response with changes introduced by Google for email delivery at Gmail and Yahoo addresses, we are changing sending address for our Answers HQ mailer. This change aims to decrease the amount of spam and phishing emails received in your inbox. What will change? The email sender will change from Answers HQ <AnswerHQ@ea.com> to Answers HQ <AnswersHQ@ahq.ea.com> Where I can learn more about this change? The New Requirements for Email Delivery at Gmail Email sender guidelines PlayStation: Passkeys: Introducing a More Secure, More Convenient Way to Play What is a passkey? A passkey is a password replacement that provides faster, easier, and more secure sign-in to your account for PlayStation Network. It allows you to access your account without a password. Instead, you sign in through your mobile device or computer using the same convenient device screen unlocking method like a fingerprint, face scan or PIN. Answers HQ Online Security Newsletter Quiz - February OSINT + Cipher challenge Same as we did in the Protecting your gaming account(s) thread during October Cybersecurity Awareness month, whenever you crack the cipher reply in this thread in spoiler. Over the next weeks we'll give you hints to crack the code, if you get stuck 😉 01001000 01101111 01110111 00100000 01110100 01101111 00100000 01100111 01100101 01110100 00100000 01101000 01100101 01110010 01100101 00100000 01101001 01101110 00100000 01110011 01110101 01101101 01101101 01100101 01110010 00111111 72.5801054094715, -38.458521276138626 Clgc Fkllcu 1 - Spuitp - Vrtba gimpnnk - Caaq Smov'h Rnfvtvh Nt Cd Stneerbh Annmups.AHQ Archive Oct 2023: Interview with Elise Murphy, Sr. Director of Game Security & Anti-Cheat
Hey everyone! Welcome to the final days of Answers HQ Cybersecurity Awareness Month! Please join us for an interview with Elise Murphy, the Senior Director of Game Security & Anti-Cheat at Electronic Arts. We will discuss Elise's team role and, of course, focus on online safety and awareness. Q: What are the main tasks and responsibilities of you and your team? A: I lead EA Security’s Secure Product Engineering & Anti-Cheat Response (SPEAR) team. We are responsible for ensuring that EA’s games, platforms and services are safe and secure throughout their entire lifecycle, from the ideation phase until they are sunset or deprecated. EA has a large game portfolio, and there are many dozens of services and platforms that power them, so our remit and the scope of work we do is quite large. In a nutshell, we support 3 key areas: Game Security We conduct security design reviews, threat models, & penetration tests of our games & services. We operate a Coordinated Vulnerability Disclosure program, ensuring that security researchers all over the world can confidentially submit potential security issues for us to address. We build powerful, yet simple, security tools that allow EA developers to find and fix security issues in real-time. Anti-Cheat We build and operate custom anti-cheat technology to keep our games fair and free of cheaters and bots. We try to find all possible ways that someone could cheat in our games, we monitor for working cheats, and work with the game teams to prevent them. Security Product & Program Management We play a pivotal role in ensuring that the entire EA Security team is successful and that we meet the needs of our partners and customers by overseeing the development, launch, and ongoing success of security products and services. Q: Can you provide an explanation of the role of EA anticheat in games for those who may not be familiar with it? A: EA anticheat is a suite of in-house developed anti-cheat technologies that protect both our games and our players. EA anticheat prevents reverse engineering of and tampering in our games, making it more difficult to create or utilize cheats. It also has robust detection capabilities that allow us to flag when cheating behavior is happening and take action accordingly. If interested, you can read more about EA anticheat in our deep dive article. Q: How can players actively contribute to maintaining a secure gaming environment? Do you have any tips or best practices to share? A: We ask that all players respect and understand EA’s Positive Play Charter by: Understanding and playing within the rules of the game. Understanding that fair competition is in everyone’s best interest. And not: Using exploits, cheats, undocumented features, design errors, bugs, or problems to get a leg up on others. Disturbing the peace or making it harder for someone else to play the game. Promoting or being involved in in-game currency buying / selling / farming. Offering to sell, buy, trade, or transfer your EA Account. As with many security-related issues - if you see something, say something! Let us know if you believe there is a systemic cheating issue in one of our titles! Q: What are some common signs or red flags that players should be aware of to spot scams, phishing attempts, and malware? A: In email, always check the sender’s email address (not just their name) and be wary of clicking on links or attachments that you don’t recognize or were unsolicited. Never provide personal information, passwords, or payment details to anyone over the internet, no matter how insistent the requestor is. Beware of urgency and grammatical errors, oftentimes fraudsters will prey on our human urge to respond quickly when pressured. Don’t download “cracked” or free versions of paid games – often these cracked versions contain malware that allow bad actors to use your computer for crimes or other bad things without your awareness or leak your personal data. Watch out for unusual activity within your own account and if you see something you don’t recognize, change your password and report it right away! Q: Are there any specific security features or tools that players can use to improve their online gaming security? A: Protect your accounts from theft or takeover by ensuring you have two-factor authentication (2FA/TFA/MFA) enabled. This requires a second form of authentication, such as a code sent to your phone or a time-bound value from an authenticator app, in addition to your password. Ensure you don’t re-use passwords across multiple sites, especially when the same email address is linked. Use a password manager to generate and store strong passwords so that you don’t have to remember them. Check to see if your computer is capable of “Secure Boot” and enable it, if possible. Secure Boot is a security feature developed by Microsoft to prevent malicious programs from running on your computer. If you make a mistake and download malware, which can happen to anyone, Secure Boot can help prevent the program from being able to run. If you’re a parent, consider adding parental controls to help prevent children from accessing inappropriate content or interacting with strangers online. Q: Are there any initiatives or collaborative efforts in place to involve gamers in creating a safer gaming environment? A: Yes - sign up to become an EA Playtester! Our game teams want to hear your feedback, not only on story, game mechanics, and performance, but also in other aspects of the game such as accessibility, inclusivity, and safety. Playtesting gives you a voice in the development process so that we can create the best experiences for all our players. EA also participates in many partnerships with non-profit organizations and collaborations with others in the industry to make our games safer, more inclusive, and more accessible for our gaming community. As someone who’s encountered toxicity in games before, I don’t always feel up to participating via audio. So, one of my personal favorite innovations in this space is Apex Legends’ ping system. Q: Can you give an overview of the current cybersecurity threats in the gaming community? What are the most common risks that gamers should be aware of? A: Security in the gaming industry is really interesting because not only are we subject to the same attacks that are common against all software companies (ransomware, supply chain, phishing, etc), but game companies also attract a niche set of attackers with a variety of motivations like cheat development. Distributed denial-of-service attacks aren’t new, but they do happen regularly and they have a huge impact. By taking online gameplay servers offline, attackers can not only ruin the ability for others to play but can cause financial loss for game companies. As more and more games look to leverage user generated content or experiences, and that content is picked up by other players, ensuring it is free from toxicity and malware is vital to protecting not only our games and our brands, but also our players machines. Account takeover, where a fraudster steals a players account, is important to protect against in games. Particularly accounts with a high value of in-game currency / items or accounts that have obtained a high level in competitive play are compelling targets. We also see that specific players with a higher public profile (streamers, competitive gamers, etc) targeted. And then there’s cheating. Cheaters and hackers can exploit vulnerabilities in game code or logic to gain an unfair advantage over other players. Cheat development can actually be a pretty lucrative business! Many cheats sell using a subscription model and can sell for over USD $150 / month to use! Q: What important message would you like to share with our gaming community regarding cybersecurity awareness? A: Security is everyone’s responsibility and it only takes one mistake to be compromised. Stay vigilant and don’t take security for granted! If something looks suspicious, say something and verify it’s legit through another medium (e.g. text or phone call) before you take any action. Q: What's your favorite game, and what do you like about it? A: My all-time favorite game is The Legend of Zelda: The Wind Waker. It was the first game in the Zelda franchise I played and I had an absolute blast getting on my boat to explore new islands and using the Wind Waker to change where and how I moved around the sea. It ignited my love for the franchise and inspired me to play most of the other Zelda games (I’m still working on Tears of the Kingdom now). As far as EA games go, Battlefield has a special place in my heart. In college, my husband, brother and I would spend countless hours in the evenings and on weekends squadding up and playing Conquest or Capture the Flag in Battlefield Bad Company 2 and Battlefield 3. We’d set up multiple tvs and consoles in the same room when we were together and when we were all in different places we’d play online, which provided us a fun way to stay connected and spend time together. Those are some of my favorite memories from that time in my life. Q: Where's a good place to start for someone interested in learning more about a career in cybersecurity? A: There are so many different career paths in security, I’d start with exploring what types of roles and focus areas are out there. There are also so many different resources out there, understand what your learning style is and search out resources that play to your strengths. There are a vast variety of podcasts, videos, books, trainings, certifications that all teach the same information in different ways. Some of my personal favorites: The Darknet Diaries Podcast provides compelling stories around the background of security issues and attackers and the real-world impact the attackers have had. Visit the Villages at your local BSides Conference or DEFCON. The Villages provide a fun, interactive way to learn about various aspects of security like AppSec, Bio Hacking, IoT, or Social Engineering just to name a few. Attend a free SANS workshop and learn directly from industry experts. Dive deeper by checking out interactive training courses provided by online training providers like Udemy or Coursera. Keep up to date on industry trends and attacks in the wild with newsletters like tl;dr sec or KrebsOnSecurity.AHQ Archive: Online Security Newsletter - November 2023
Hello everyone! Welcome to the first edition of the Answers HQ Online Security Newsletter! Following the positive feedback we received during the Answers HQ Cybersecurity Awareness Month survey, we've understood that you would appreciate more content on the topic of online security. Therefore, we're introducing newsletter-style posts. A new issue will be posted every last day of the month. Similar to this Answers HQ Online Security Newsletter, we'll provide tips for your online safety, challenges, and more. Anyone who participates in the discussion or takes on the challenge will receive a unique badge that aligns with the theme of the issue. Now, without further ado, let's dive into this month's issue of the Answers HQ Online Security Newsletter! To some, he is well known, but others might need a little introduction. Meet Bob Pancakes, your special host for our November Online Security Newsletter! Bob is one of the Sims living in Willow Creek in The Sims 4. Have a read about this month's security focus and join us in the discussion or take part in this month's challenge to receive a unique forum badge. Security focus - Phishing What is phishing? Phishing is a type of social engineering attack aimed at tricking a person into providing sensitive information. This can be done through various methods including text messages (Smishing), voice messages (Vishing), emails, and even through search engines. Common methods of phishing A common strategy used in phishing is to create a sense of urgency, such as sending an email claiming that the recipient's account has been hacked. It's crucial to verify the legitimacy of such messages, for example by checking the links to ensure they redirect to official sites. Misleading links False hyperlinks are another method used for phishing. Even if the text of a hyperlink includes a familiar brand or company name, it may not actually link to the official site. The best way to verify it is to hover over the link to confirm the URL before clicking. Imitating legitimacy Phishers may also impersonate legitimate companies or individuals to appear more authentic. No legitimate organization will ask for passwords or sensitive account information through email or other communication channels. How to avoid phishing To avoid phishing attacks, log in only to official sites, inspect hyperlinks in emails, watch out for redirection URLs, and remember that official representatives of companies will not ask for your account password. TryHackMe (TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!) How to avoid phishing Maze challenge (Challange works best of it is viewed from PC browser) Bob needs your help! He has faced a challenge where he has to retrieve a code by answering the questions and noting down the number next to it. Check the challenge rules for more details. Challenge rules: Your task is to retrieve 9 digit code You can get the code by answering the questions and writing down the number which is next to the correct statement The number you written down is also the number of the next question you need to proceed to. Numbers cannot repeat if you have already 9 digits and next number is duplicated it means that you have all necessary digits if you dont have 9 numbers and number is duplicated the code is incorrect, and you have to start over again Submit the answer by replying in this thread (use spoilers) Offers for free in-game content or cheats from third-party websites are usually legitimate and safe to accept. (9 True / False 3 ) Phishing is a type of social engineering attack where the attacker tricks the victim into providing sensitive information. (3 True / False 5 ) A common phishing tactic is creating a sense of urgency, such as claiming that the recipient's account has been hacked. (6 True / False 4) Phishing attacks are only carried out via email. (8 True / False 7) It is a good practice to verify the URL of a hyperlink before clicking on it to avoid phishing scams. (8 True / False 3) Legitimate companies will ask for your password through email for verification purposes. (9 True / False 2) Phishers may impersonate legitimate companies or individuals to gain trust and seem more credible. (9 True / False 7) Hyperlinks in phishing emails always directly display the malicious site they link to. (2 True / False 4) If an email claims to be from a legitimate company and asks for your account information, it is most likely a phishing attempt. (5 True / False 1) Logging in to official sites, inspecting email hyperlinks, and not sharing passwords are some of the ways to protect from phishing attacks. (1 True / False 6)AHQ Archive: Online Security Newsletter - May 2024
Hello everyone, welcome to the seventh edition of Answers HQ Online Security Newsletter! Last month, we covered an interesting topic regarding the security of your privacy (and more) while streaming games. If you haven't had a chance to check out this issue or want to refresh your knowledge, be sure to check out this link! 🤓 Additionally, in the past months we have covered many other topics that pay attention to safety when playing online. From previous issues you can learn more about: Phishing Online Privacy Secure Downloading AI in social engineering Passwords This month we will face an unfortunate situation when your device is attacked by malware. Unfortunate because, after reading the previous editions of the newsletter, you should be quite well prepared to face the threats that await you in the online world. 😉 So, let's get to this month's topic. Ah, I would have nearly forgotten! As every month, each participant of the discussion, challenge or quiz will receive a unique badge for the forum collection! Security focus - Malware What exactly is malware? A common misconception is that malware is just another word for a computer virus. That's partially true. The term "malware" is short for malicious software. Malware includes not only viruses but also Trojans, spyware, ransomware, and worms. All the mentioned threats differ in their operation, but they have one goal: to expose our data to danger. How to recognise you are affected by malware? If your computer starts running slowly after the operating system loads, this may be a sign that there is malware on your computer. Slow performance can be caused by the excessive use of processor resources by malicious software. This rule applies to some extent even to computers with high specifications. Take a look at your browser to see if it has new toolbars, new extensions, or a new homepage. Do windows with advertisements or notifications appear unexpectedly while you're browsing the Internet? If the answer to any of these questions is yes, it's possible that your browser has been infected. Additionally, any windows that pop up unexpectedly while using your computer, unknowingly installed applications and programs, and general system instability may also indicate the presence of malware. How to get rid of malware? Removing malware from your computer typically involves scanning your computer with an antivirus program. Most free versions of antivirus programs are capable of handling this task. However, if you are dealing with a stubborn and recurring problem, you need to take a few additional steps. First, disconnect your device from the internet. Malware can re-download copies of itself without your knowledge, so conventional malware removal might not be effective if the device remains connected to the internet. Moreover, your private data may be at risk of being compromised. Start your computer in Safe Mode (this is different from a clean boot). When your computer starts in this mode and is disconnected from the internet, perform a full malware scan again. If the problem appeared, when using a web browser, it is a good time to clear its cache and cookies. Change Your Passwords If you suspect that your private data might have been compromised, it's crucial to change your passwords for the most critical services you use. For tips on password management, refer to one of the previous editions of our newsletter - Answers HQ Online Security Newsletter - March. Don't download cracks or cracked versions of the games As we mentioned in one of our previous newsletters, exercise caution when downloading files from the internet. Additionally, refrain from downloading cracked versions of games; not only does this violate terms of service agreements, but it also increases the risk of inadvertently downloading malicious software. Refrain from downloading "freebies" from the internet. Be particularly vigilant if you are strongly encouraged to download a free game, demo, or game expansion from source different than official. First, verify that the source from which you are downloading is reputable. If the game isn't available directly from the producers website, or if there's no official redirection to another site from the producers website, there's a high likelihood that the offer's description is misleading. For these and other tips on safe online practices, refer to an interview with our expert - Senior Director of Game Security & Anti-Cheat. Start your PC in safe mode in Windows Start up your Mac in safe mode Windows 11 and Secure Boot Mitigating malware and ransomware attacks Answers HQ Online Security Newsletter Quiz - MayAHQ Archive: Online Security Newsletter - December 2023
Welcome to the second edition of AHQ Online Security Newsletter. This month, we're focusing on the importance of privacy settings and how to maintain a secure online presence. We encourage you to participate in the tasks that we've prepared for you. We have prepared two tasks for you this month: a quiz to test the knowledge you've gained from this and the previous month's newsletter, and a separate, more advanced task for those seeking a challenge. Nothing should stop you from participating in both tasks! If you happened to miss out on our previous newsletter, no worries! You can catch up right here: Answers HQ Online Security Newsletter - November - Answer HQ Thanks and Happy New Year! edit 18/01/24 @EA_Kuba wrote: Hey everyone! A bit later than usual, but I wanted to let you know that everyone who participated (or will participate) in this month's newsletter, will receive a unique forum badge! Security focus - Online Privacy Understanding the importance of privacy Interacting with other players while playing online is an essential part of any online game. While playing online, we can exchange tips, game experiences, or just talk. It is crucial to maintain your privacy by refraining from sharing any private information that could lead to your identification during text or voice chats. Secure your account Maintaining strong passwords is as crucial as being careful during online interactions. They serve as your primary defense against unauthorized access to your data. To enhance security, it's important to frequently update your passwords and ensure they are complex enough. If you wish to evaluate your password's strength, you can do so using the following website: https://passwordmeter.com. Additionally, using password managers can be a viable option for password management and security. Do not share your private information with others Providing only your name during interaction is not a bad thing. However, sharing personal details alongside your name might make you susceptible to social engineering attacks. It is worth being careful with whom and what information we share while playing. It is also advisable to review the privacy settings on your EA account to ensure control over the information that other players can see about you. Beware of phishig Phishing is a social engineering attack that aims to deceive you into providing sensitive information about yourself. Phishing can take many forms, such as email or telephone calls. A phishing attack can also be carried out via in-game chats. In the last newsletter, we covered this topic by providing information on how to recognize phishing and how to protect yourself from it. Make sure to check it out. @ElliotLH tip to help identify which companies might be selling your information if you start receiving unsolicited emails. (...) My one is more for spam handling but figured it could be useful for security still: if you use Gmail or Outlook, add a "+" and the name of the site to your email when registering on websites. E.G emailaddress+companyname@ Not only can this be helpful with filtering your inbox, if your details from that company are exposed (or sold, as some less than reputable companies do) and you start receiving spam to that email address, you'll know something has gone wrong straight away. Edit: Added Outlook too as @SharpGoblin mentioned that works as well, which it does. Update your privacy settings and email preferences (eahelp article) How to change privacy settings on PSN Manage app privacy settings on Xbox How to turn on EA Login Verification HackTheBox (Hack The Box is a leading gamified cybersecurity upskilling, certification, and talent assessment software platform enabling individuals, businesses, government institutions, and universities to sharpen their offensive and defensive security expertise.) Answers HQ Online Security Newsletter Quiz - December Invisible Ink Challenge Your task will be to find a hidden message in one of posts made by myself on 31/12/2023. When you find the message reply in this thread. Over the next few weeks, we will post tips to help you solve it.AHQ Archive: Online Security Newsletter - January 2024
Welcome to the third edition of the AHQ Online Security Newsletter! This month's theme is focused around downloading files from the internet and the measures to take if something goes not as planned. Similar to previous editions, we have prepared a challenge for you to participate in. Make sure to have a look at our past editions of the newsletter! You'll learn more about securing your online privacy and protecting yourself against phishing. Answers HQ Online Security Newsletter - November - Answer HQ Answers HQ Online Security Newsletter - December - Answer HQ Did we mention the perks of participation? Every participant receives a unique badge for their forum badge collection! Join conversation sharing your experiences, or participate in the challenge ... or both! 😉 Before moving on to the next section of the newsletter, we just wanted to thank to all our readers, both new and regular for holding the line of online safety and awareness! Security focus - Secure Downloading Don't download cracks or cracked versions of the games Apart from the ToS infringement, this might put you at risk of downloading harmful files onto your PC. Most commonly, if you are downloading files from unverified resources, you could download a trojan file which might put you at risk of revealing your sensitive data. Often, Trojan malware creates a "backdoor" for an attacker, so they can control your PC, see your keystrokes, or even your webcam. If you are downloading mods for our games that support using them, download them from a secure resource. • As you might know, some of our games, namely The Sims 4, and Command & Conquer: Remastered Collection, support the creativity of users by allowing the use of mods. That being said, The Sims and Command & Conquer team doesn’t pre-screen, endorse, or specifically support any particular Mod. You should use Mods with caution and understand there may be risk. When downloading mods, make sure you are doing so from a legitimate resource. For more information on mods, refer to the articles below. Command & Conquer™ Modding FAQ The Sims 4 - Mods and game updates Enable Secure Boot, which helps prevent malware from running. Secure Boot is a security feature that, upon starting your PC, checks every application which is pre-loading even before your Operating System starts. For example, if you buy accident download a malware called rootkit (or bootkit), it could potentially evade your antivirus as it operates on the same level (kernel level) as your operating system. Having Secure Boot enabled, which checks signatures of any file being loaded upon starting your system, can prevent a rootkit from being installed. If you are downloading a mobile app, check the vendor from whom the app is coming. Another way of unintentionally downloading a harmful file is by doing so via your phone. In some cases, not-so-legitimate applications might slip through Google/Apple systems and pretend to be well-known applications that we know. Before downloading, make sure that the app is verified (or access the app store via the product website), and if you notice anything suspicious, especially before logging in, setting up a payment method, or providing any personal data, stop, double-check, and then check again, and only then, if you are sure, continue. In this month's discussion, let's explore the following questions: What are the typical symptoms of malware? What steps should you take if you've downloaded malware? How can malware be deleted? We will, of course, look forward to hearing your experiences related to this month's topic 😊 National Cybersecurity Alliance Security Awareness: Internet Downloads What is a rootkit? What is a trojan virus? Answers HQ Online Security Newsletter Quiz - JanuaryAHQ Archive: Online Security Newsletter - April 2024
Hello everyone! Welcome to the sixth edition of the Answers HQ Online Security Newsletter! Can you believe it's already been six months since we launched our first newsletter issue?😮 I'd like to take this opportunity I would like to thank all regular participants, as well as welcome new ones and encourage everyone to share their thoughts related to the topic of this issue. Last month, we explored the importance of having complex and unique passwords. We also highlighted the most frequent errors made when creating or entering passwords. If you wish to review previous releases, you'll find a list to all previous editions at the bottom of this post. 😊 For this issue, we'll concentrate on topic closely related to online gaming - specifically, streaming gameplay. We will also think about the precautions you can take to ensure your online safety isn't compromised. If you are a streamer, you are more than welcome to share a link to your streaming platform profile! However, please refrain from providing profiles to gain monetary value. As usual if you participate in the newsletter by joining the conversation, solve the challenge or take the quiz you'll receive an unique badge to your forum badge collection! Security focus - Stream(er) Safety Threat of doxxing to online Streamers; What is doxxing? Doxxing poses a significant risk to unsuspecting streamers. It involves unauthorized public disclosure of personal information. Those might be possessed through social media, or through social engineering. The individual publishing such data often aims to embarrass, harm, or online-shame the victim victim by revealing potentially shocking information. Mind your digital footprint While streaming, it's important to be mindful of both what you're saying and what you're displaying. Remember, your stream could be recorded and later used to extract your private information. Make sure not to disclose details that could reveal your location or address. If your correct location is mentioned by someone during the stream, remain calm and refrain from confirming the accuracy of the information. Create a Safe Streaming Environment This includes your computer - ensure that your desktop or browser doesn't display any information that could be personally identifiable. Additionally, keep an eye on what's visible in the camera's view like windows, mirrors, doors, or a pin board with memos. Secure your accounts and use privacy features Whenever possible, use Two-Factor Authentication (TFA) or Multi-Factor Authentication (MFA), and create unique, strong passwords. It is crucial to create separate PC account, email address just for the stream purposes, and any other social media platform accounts which are not associated with your own private account. Check the privacy features on the streaming platforms and adjust them to your preference. Never mention your real name in in the chat. Use moderation tools, or ask someone to look after your stream as a moderator In addition to securing your personal information and creating a safe environment, it's also essential to have control over what's happening during your live streams. Utilize the moderation tools provided by the platform to manage comments and engagement. These tools allow you to filter out inappropriate comments, block users, or chat to certain users. You might also consider asking trusted person to act as a moderator on your streams. Having extra pair of eyes (and hands 😉) and ensure that the conversations remains respectful and safe. When it comes to moderation don't allow to use links in the chat, as they are usually used for phishing attacks. Never share your stream key A stream key is a unique string of characters that allows programs to stream your gameplay directly to the platform. If someone possesses your stream key, it might lead to a takeover of your stream. A person in possession of your stream key could, without your account details, stream as you! What to Do if You’re Being Doxed - an Interview with Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation Answers HQ Online Security Newsletter - April Maze Challenges Over the course of the month, we'll release 3 Maze challenges. Each of them will hold different questions, but they will all stay within the theme of this month's topic. Guide for the Challenge: Your task is to answer 10 questions. Note down the questions you have already answered. Pick the question you want to start from (it doesn't have to be question 1). After choosing the correct statement, note down the characters marked in blue next to the answer you have chosen. Proceed to the question whose number is next to #
