EA Forums Online Security Newsletter - Volume 3
Hello everyone, 👋 Welcome to Volume 3 of the EA Forums Online Security Newsletter!🎉 Number 3 is special in the cybersecurity field, so we can treat this edition as quite special. Why is the number 3 special, you ask? There are many different approaches in cybersecurity that address fundamental aspects. Make your own research and let us know your findings!🧐 Speaking of fundamentals, last month we covered the basics of online safety. It’s a reminder not to overlook the most crucial aspects of your online life! If you missed Volume 2 or need a refresher, the link is here. This month we’ll cover the interesting topics of biometrics, passkeys, and the passwordless approach to online safety. As always, by interacting with the newsletter through participating in the quiz or sharing your experiences in the comments, you’ll receive a unique forum badge! Stay safe! What is biometrics? Biometric authentication uses your biological traits—fingerprint, face, or voice—to verify your identity. OK, and passkeys? Passkeys are cryptographic keys stored on your device, removing the need for traditional passwords entirely. Why should I care? Both biometrics and passkeys provide a seamless and secure way to log in, eliminating weak passwords susceptible to cracking, phishing risks, and brute force attacks. What are other benefits of biometrics and passkeys? First, there is no need to type your password anymore, nor use additional TFA. Another significant benefit is hardened phishing resistance. Even if someone gets hold of your password, they can't steal your fingerprint. Additionally, biometric data can't be guessed or cracked through brute force attacks. Alright, but what if someone gets my device? Biometric data is encrypted and stored securely on your device, not in a central database. Even if a hacker accesses your device, they won’t be able to extract your biometric information. Does my device keep a record of my fingerprint? Your device keeps a biometric value of your fingerprint, face, or voice, which is then encrypted. Your device does not store your actual fingerprint or photo of your face (apart from your photo reel). FIDO Alliance - industry standards for passwordless authentication NIST - Biometric security Electronic Frontier Foundation - Digital privacy Online Security Newsletter - Feedback Form Online Security Newsletter - Challange Creation Interest form Online Security Newsletter - Volume 3 QuizEA Forums Online Security Newsletter - September
Our newsletter is always published at the end of each month to discuss the previous month's security news. However, we’re excited to highlight that October is Cybersecurity Awareness Month. During October, you have the opportunity to earn a badge* (on AHQ) on the forum not only by participating in this newsletter but also by engaging in discussions and quizzes related to cybersecurity. At the start of each week, we’ll publish an article dedicated to online security on the forum! In the previous issue, we touched on the topic of securing our home network and how to protect ourselves from danger. Many valuable comments and tips appeared in the discussion. If you haven't had the opportunity to read the previous issue, be sure to check it outhere This month, the topic of our "Security Focus" will be bots. You will learn what bots are and whether bots are always good or bad. The topic of bots is very interesting, you can find out more in "Security Focus." As always, by joining the discussion or solving the quiz, you will receive a participation token - a unique badge on the forum! We would love to hear your feedback. Visit the Feedback Hub to share your thoughts about the newsletter, ask questions, or share your inspiring stories. If you're interested in hosting next month's challenge, you can also submit your application through the Feedback Hub. Your input helps us improve and keeps our community engaged! Without further delay, let's get started! Bots Bots definition A bot is basically an app that can do tasks on its own without needing someone to start it every time. They handle repetitive tasks way faster than humans. Not all bots are bad, but some are designed to cause trouble or benefit their creators at the expense of others. When multiple bots team up, they form a botnet, which can be used to launch attacks. How do they work? Bots run on algorithms that help them do their specific jobs, like chatting with people to seem human or gathering info from websites. There are many types of bots, each made to handle different kinds of tasks. Examples of good bots Search Engine Crawlers: Bots like Googlebot that index web content to make it searchable. Chatbots: Bots that provide customer service or support by interacting with users in real-time. Monitoring Bots: Bots that track website performance, uptime, and security. Examples of bad bots Spambots: Bots that distribute spam content or advertisements. Scraping Bots: Bots that harvest data from websites without permission. DDoS Bots: Bots that participate in Distributed Denial of Service attacks to overwhelm and shut down websites. How to protect yourself from bad bots? Ensure your passwords are strong and unique to protect against brute force attacks, and enable Two-Factor Authentication (TFA) to add an extra layer of security that bots find difficult to bypass. Guard your privacy by keeping personal information confidential, as sharing details recklessly can make you an easy target for bots that harvest data for malicious purposes. Download files only from trusted sources to avoid malicious software that can turn your device into a bot, unknowingly participating in attacks. Regularly update your operating system and antivirus software to patch vulnerabilities that bots exploit to gain unauthorized access. Keep your home network secure by updating your router's firmware, as outdated routers can be hijacked by bots to form part of a botnet. Stay alert to phishing attacks, as bots often use these to trick you into revealing sensitive information, leading to compromised accounts and systems. What Is A Bot? How Do Bots Work? What is a Googlebot? Botnet - NIST glossary Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - September QuizEA Forums Online Security Newsletter - Volume 2
Hey everyone, welcome to the second edition of our newsletter dedicated to online safety for gamers. Last month, we examined security measures designed to protect us from malicious programs that can appear when we are not careful when using our phones, tablets, and computers. We also looked at this topic from the perspective of protecting the youngest from the dangers lurking online. If you have not yet had time to read the previous edition, you can find the link here. In this edition, we want to remind you of the basic rules of security for your online account, which you use for games and more! As always, for participating in the newsletter, whether by sharing your experiences with us or by completing the quiz, you will receive a participation token - a unique badge on the forum. Stay safe! Basic rules of security for your online account. Strong, Unique Passwords Think of your password as the key to your digital vault. A strong password is long, complex, and unique. It should mix uppercase and lowercase letters, numbers, and symbols. Use hard-to-guess information instead of common choices such as "123456" or "password," and avoid words that are easy to guess, such as birthdays and names like "Daniel93." However, remembering numerous complex passwords can be daunting. You can store your passwords securely, and they'll fill in automatically with password managers. Using them, you can generate strong passwords and prevent using the same password twice. Two-Factor Authentication (TFA) Two-Factor Authentication adds an extra layer of security by requiring a second form of verification. Google Authenticator is a popular choice that generates time-based codes, ensuring only you can access your accounts. Google Authenticator and other apps now support seamless device integration and offer biometric options, making 2FA quicker and more secure. Guarding Against Phishing Phishing is a deceptive attempt to steal your data. Always verify the sender's email address and look for typos, grammatical errors, or suspicious links. Use multi-factor authentication for extra security. Keep software updated and employ strong, unique passwords. Be cautious with attachments and never share personal information. Trust your instincts; if it feels off, it probably is. Securing Your Email Your email is a gateway to many of your accounts. Enable two-factor authentication for your email, and regularly review your account activity. Use encryption tools for sensitive communications and be wary of unsolicited requests for personal information. Many companies partner to ensure the highest level of security. You can read about EA's cooperation with Google in our news section "Keeping your EA account safe by working with others." This partnership addresses cases where email accounts tied to EA Accounts were compromised, allowing attackers to take over the EA Account and other valuable internet accounts connected to that email. EA has been working closely with Google to address this quickly and safely through their Cross-Account Protection program. Google shared more about this partnership in a recent post here! How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Positive Play Charter Report cheating, harassment, and illegal content How to avoid phishing Online Security Newsletter - Feedback Form Online Security Newsletter - Challange Creation Interest form Online Security Newsletter - Volume 2 QuizEA Forums Online Security Newsletter - Volume 1
We're starting the year with a few changes to adapt to the transfer to the new forums. You'll notice a slight change in the naming of the newsletter and the badges. The newsletter will now be released in volumes every month. As usual - you can still receive badges for participating in volumes 1-12. I want to dedicate this month's subject to my nephew, who inspired me by asking some questions that intrigue him a lot—he just got his first PC and has many questions. So, let's start with the basics and answer one of his many questions: How do you download games safely? Let's consider why this is so important. Before diving into the world of games, everyone needs to download them first—and there's a right and wrong way to do this first step. The right way is safe for both the user and their device. Knowing a few simple rules can help us avoid problems and enjoy games stress-free. Those rules are especially crucial for young gamers and inexperienced parents, as it's easy to stumble upon unsafe sources or harmful apps. But I believe that even more experienced users can refresh or even update the "database". I'll share some tips and real-life examples that might be helpful. Don't forget to check them out and talk with your daughters, sons, nephews, nieces, grandparents, and parents. Okay, let's say it in a simple way: It will benefit everybody. How do you download games and applications safely? Download only from trusted sources Always download apps and games from official stores, such as Google Play, the App Store, or the Microsoft Store. Unknown sources may offer infected files that can harm your device. Check reviews and ratings Before downloading a new app, it's a good idea to read other users' reviews and check ratings. Apps with lots of positive reviews are usually more trustworthy. Beware of app permissions Before you install a new app, check what permissions are required. If a flashlight app wants access to your contacts and messages, it may be suspicious. Keep your apps and operating system up to date. Use antivirus software Installing antivirus software on your device can help detect and remove malware. Beware of "Cracked" versions Downloading “cracked” versions of games and applications is illegal and very risky. Such files often contain viruses and other malware. By following these tips, you can enjoy your favorite apps and games without worry! Stay safe and have fun! How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Positive Play Charter Report cheating, harassment, and illegal content How to avoid phishing Online Security Newsletter - Feedback Form Online Security Newsletter - Challange Creation Interest form Online Security Newsletter - Volume 1 QuizAHQ Archive: Online Security Newsletter - June 2024
Welcome, to new issue of our Answers HQ Online Security Newsletter! In the last issue, we explored the dangers of malware, how to recognize its signs, and most importantly, how to eliminate it. This month, we're focusing on securing your account with our tips brought to you by @EA_Kalina! While these tips are tailored for your EA account, they are also apply for safeguarding all your other accounts. Make sure to implement them after you finish reading our newsletter! As always, each participant of our newsletter will receive a unique badge on the forum. Join the discussion, solve the quiz, or participate in the challenge to showcase your achievement! Speaking of challenges ... We're thrilled to invite you to create challenges for our future newsletters! Want to test your skills and contribute? Fill out this form to get started. This month's challenges are brought to you by a regular contributor, @ElliotLH! Security focus - Account Security SECURE YOUR ACCOUNT IN 6 STEPS Securing your account is crucial for maintaining the integrity of your online gaming experience. Here are the six steps to ensure your account remains safe: Make sure you apply them after reading this guide! Password A password is a secret word or phrase that you use to log into your account. A password is a secret that only you know. Don't share it with anyone, not even your best friend. What should be the password? Strong: Use a combination of letters (upper and lower case), numbers and symbols. Unique: Don't use the same password on different accounts. Instead of "password123," use "S3cuR3P@$$w0rD!" Two-Factor Verification (TFA) Two-factor verification is an additional layer of security that requires more than just a password to log in. After you enter your password, you must also enter a code that is sent to your phone or email. - Why is it important? - Two-step Verification protects your account, even if someone knows your password. Using the app authenticator for Login Verification is the safest way to keep your account secure. Here’s how to set it up. Trusted Devices Trusted devices are those that you regularly use to log into your account. Trusted devices are saved in your account, so you do not have to go through additional verifications each time. - Why it's important? - It helps you log into your account faster and more securely. Be careful where you play Don't log into your account on public computers or in unknown places. Public computers can be infected with viruses that can steal your data. If you are playing on a friend's computer, be sure to log out of your account after the session is over. Your profile, account security, and games are all accessible when you leave your account logged in. Backup e-mail A backup email is an additional email address that you can add to your account as a security measure. If you can't get into your main email account, you can use the backup email to regain access. Don't share information Don't give out your password, personal information or other sensitive information to anyone, even friends. Sharing this information can lead to account theft and other dangers. By following these steps, you can significantly enhance the security of your account and enjoy a worry-free gaming experience. How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Answers HQ Online Security Newsletter Quiz - JuneAHQ Archive: Online Security Newsletter - February 2024
Hello everyone, and welcome to the fourth edition of Answers HQ Online Security Newsletter. Last month, we covered the topic of secure downloads from the internet. If you missed it or would like a refresher on how to maintain security while downloading files, you can revisit the January issue here. This month, we will cover a quite hot topic from the last few months - which is AI (Artificial Intelligence). Specifically, we'll be discussing how AI can be exploited in phishing attacks. This edition will build upon the content from a previous one in November. If you missed that one, take a look here. We also have an important message about the change in the Answers HQ notification sender's email address. Read more in the Info Hub section. As usual, any discussion participant or challenger from previous editions would receive a unique badge. This month, similar to the November edition, we have a custom badge with the one and only, you favourite turian Garrus Vakarian! Have you noticed the hints in the previous newsletter? 😉 Security focus - AI in social engineering What is Artificial Intelligence? (I've asked this question to one of popular AI solution - ChatGPT) Artificial Intelligence, or AI, is a field in computer science where machines are made to mimic human intelligence, enabling them to learn, make decisions, recognize speech, and understand language. It's basically teaching machines to think and learn like humans. What is social engineering? Social engineering has various methods and mediums whose sole purpose is to trick the victim into revealing sensitive information about themselves. In some scenarios, it can also persuade unaware victims into performing actions that they normally wouldn't do. Spear Phishing Attack using AI One of the things that AI is good at is analyzing text-based data. When attackers gather enough data (for example, via OSINT), they can, by using AI, create convincing emails or text messages based on the information provided. This, of course, could be done without AI, but using this technology significantly speeds up the process. The best way to keep yourself safe from such situations is to maintain your online privacy and only share information with which you are comfortable. Vishing Attack Using AI Vishing is a type of phishing attack that is performed via voice communication. A Vishing attack, which is in itself a very dangerous attack, can be amplified if the attacker uses AI to create a voice similar to one we know. Without going too much into details, let's consider how to prevent such attacks. One of the best ways to ensure that we are talking with the person who says they are who they claim to be is to use a safe word. Having a certain keyword, which would be shared among friends and family, could help prevent falling into scam scenarios like this. Near future of AI in cybersecurity According to NCSC report about impact of AI on the cyber threat AI is expected to significantly enhance cyber criminals' capabilities in areas like social engineering, reconnaissance, and exfiltration over the next two years. Particularly, generative AI can be used to create more convincing interactions with victims, reducing the chance of identifying phishing attempts. Artificial Intelligence is constantly evolving, as are the dangers of using it in illegitimate ways. To stay secure, remember at least to: Use strong passwords and MFA whenever possible Be mindful of your digital footprint and your online privacy Make use of "safe words" and be aware of common phishing tactics IMPORTANT CHANGES related to Answers HQ sender's email address. In response with changes introduced by Google for email delivery at Gmail and Yahoo addresses, we are changing sending address for our Answers HQ mailer. This change aims to decrease the amount of spam and phishing emails received in your inbox. What will change? The email sender will change from Answers HQ <AnswerHQ@ea.com> to Answers HQ <AnswersHQ@ahq.ea.com> Where I can learn more about this change? The New Requirements for Email Delivery at Gmail Email sender guidelines PlayStation: Passkeys: Introducing a More Secure, More Convenient Way to Play What is a passkey? A passkey is a password replacement that provides faster, easier, and more secure sign-in to your account for PlayStation Network. It allows you to access your account without a password. Instead, you sign in through your mobile device or computer using the same convenient device screen unlocking method like a fingerprint, face scan or PIN. Answers HQ Online Security Newsletter Quiz - February OSINT + Cipher challenge Same as we did in the Protecting your gaming account(s) thread during October Cybersecurity Awareness month, whenever you crack the cipher reply in this thread in spoiler. Over the next weeks we'll give you hints to crack the code, if you get stuck 😉 01001000 01101111 01110111 00100000 01110100 01101111 00100000 01100111 01100101 01110100 00100000 01101000 01100101 01110010 01100101 00100000 01101001 01101110 00100000 01110011 01110101 01101101 01101101 01100101 01110010 00111111 72.5801054094715, -38.458521276138626 Clgc Fkllcu 1 - Spuitp - Vrtba gimpnnk - Caaq Smov'h Rnfvtvh Nt Cd Stneerbh Annmups.AHQ Archive Oct 2023: Interview with Elise Murphy, Sr. Director of Game Security & Anti-Cheat
Hey everyone! Welcome to the final days of Answers HQ Cybersecurity Awareness Month! Please join us for an interview with Elise Murphy, the Senior Director of Game Security & Anti-Cheat at Electronic Arts. We will discuss Elise's team role and, of course, focus on online safety and awareness. Q: What are the main tasks and responsibilities of you and your team? A: I lead EA Security’s Secure Product Engineering & Anti-Cheat Response (SPEAR) team. We are responsible for ensuring that EA’s games, platforms and services are safe and secure throughout their entire lifecycle, from the ideation phase until they are sunset or deprecated. EA has a large game portfolio, and there are many dozens of services and platforms that power them, so our remit and the scope of work we do is quite large. In a nutshell, we support 3 key areas: Game Security We conduct security design reviews, threat models, & penetration tests of our games & services. We operate a Coordinated Vulnerability Disclosure program, ensuring that security researchers all over the world can confidentially submit potential security issues for us to address. We build powerful, yet simple, security tools that allow EA developers to find and fix security issues in real-time. Anti-Cheat We build and operate custom anti-cheat technology to keep our games fair and free of cheaters and bots. We try to find all possible ways that someone could cheat in our games, we monitor for working cheats, and work with the game teams to prevent them. Security Product & Program Management We play a pivotal role in ensuring that the entire EA Security team is successful and that we meet the needs of our partners and customers by overseeing the development, launch, and ongoing success of security products and services. Q: Can you provide an explanation of the role of EA anticheat in games for those who may not be familiar with it? A: EA anticheat is a suite of in-house developed anti-cheat technologies that protect both our games and our players. EA anticheat prevents reverse engineering of and tampering in our games, making it more difficult to create or utilize cheats. It also has robust detection capabilities that allow us to flag when cheating behavior is happening and take action accordingly. If interested, you can read more about EA anticheat in our deep dive article. Q: How can players actively contribute to maintaining a secure gaming environment? Do you have any tips or best practices to share? A: We ask that all players respect and understand EA’s Positive Play Charter by: Understanding and playing within the rules of the game. Understanding that fair competition is in everyone’s best interest. And not: Using exploits, cheats, undocumented features, design errors, bugs, or problems to get a leg up on others. Disturbing the peace or making it harder for someone else to play the game. Promoting or being involved in in-game currency buying / selling / farming. Offering to sell, buy, trade, or transfer your EA Account. As with many security-related issues - if you see something, say something! Let us know if you believe there is a systemic cheating issue in one of our titles! Q: What are some common signs or red flags that players should be aware of to spot scams, phishing attempts, and malware? A: In email, always check the sender’s email address (not just their name) and be wary of clicking on links or attachments that you don’t recognize or were unsolicited. Never provide personal information, passwords, or payment details to anyone over the internet, no matter how insistent the requestor is. Beware of urgency and grammatical errors, oftentimes fraudsters will prey on our human urge to respond quickly when pressured. Don’t download “cracked” or free versions of paid games – often these cracked versions contain malware that allow bad actors to use your computer for crimes or other bad things without your awareness or leak your personal data. Watch out for unusual activity within your own account and if you see something you don’t recognize, change your password and report it right away! Q: Are there any specific security features or tools that players can use to improve their online gaming security? A: Protect your accounts from theft or takeover by ensuring you have two-factor authentication (2FA/TFA/MFA) enabled. This requires a second form of authentication, such as a code sent to your phone or a time-bound value from an authenticator app, in addition to your password. Ensure you don’t re-use passwords across multiple sites, especially when the same email address is linked. Use a password manager to generate and store strong passwords so that you don’t have to remember them. Check to see if your computer is capable of “Secure Boot” and enable it, if possible. Secure Boot is a security feature developed by Microsoft to prevent malicious programs from running on your computer. If you make a mistake and download malware, which can happen to anyone, Secure Boot can help prevent the program from being able to run. If you’re a parent, consider adding parental controls to help prevent children from accessing inappropriate content or interacting with strangers online. Q: Are there any initiatives or collaborative efforts in place to involve gamers in creating a safer gaming environment? A: Yes - sign up to become an EA Playtester! Our game teams want to hear your feedback, not only on story, game mechanics, and performance, but also in other aspects of the game such as accessibility, inclusivity, and safety. Playtesting gives you a voice in the development process so that we can create the best experiences for all our players. EA also participates in many partnerships with non-profit organizations and collaborations with others in the industry to make our games safer, more inclusive, and more accessible for our gaming community. As someone who’s encountered toxicity in games before, I don’t always feel up to participating via audio. So, one of my personal favorite innovations in this space is Apex Legends’ ping system. Q: Can you give an overview of the current cybersecurity threats in the gaming community? What are the most common risks that gamers should be aware of? A: Security in the gaming industry is really interesting because not only are we subject to the same attacks that are common against all software companies (ransomware, supply chain, phishing, etc), but game companies also attract a niche set of attackers with a variety of motivations like cheat development. Distributed denial-of-service attacks aren’t new, but they do happen regularly and they have a huge impact. By taking online gameplay servers offline, attackers can not only ruin the ability for others to play but can cause financial loss for game companies. As more and more games look to leverage user generated content or experiences, and that content is picked up by other players, ensuring it is free from toxicity and malware is vital to protecting not only our games and our brands, but also our players machines. Account takeover, where a fraudster steals a players account, is important to protect against in games. Particularly accounts with a high value of in-game currency / items or accounts that have obtained a high level in competitive play are compelling targets. We also see that specific players with a higher public profile (streamers, competitive gamers, etc) targeted. And then there’s cheating. Cheaters and hackers can exploit vulnerabilities in game code or logic to gain an unfair advantage over other players. Cheat development can actually be a pretty lucrative business! Many cheats sell using a subscription model and can sell for over USD $150 / month to use! Q: What important message would you like to share with our gaming community regarding cybersecurity awareness? A: Security is everyone’s responsibility and it only takes one mistake to be compromised. Stay vigilant and don’t take security for granted! If something looks suspicious, say something and verify it’s legit through another medium (e.g. text or phone call) before you take any action. Q: What's your favorite game, and what do you like about it? A: My all-time favorite game is The Legend of Zelda: The Wind Waker. It was the first game in the Zelda franchise I played and I had an absolute blast getting on my boat to explore new islands and using the Wind Waker to change where and how I moved around the sea. It ignited my love for the franchise and inspired me to play most of the other Zelda games (I’m still working on Tears of the Kingdom now). As far as EA games go, Battlefield has a special place in my heart. In college, my husband, brother and I would spend countless hours in the evenings and on weekends squadding up and playing Conquest or Capture the Flag in Battlefield Bad Company 2 and Battlefield 3. We’d set up multiple tvs and consoles in the same room when we were together and when we were all in different places we’d play online, which provided us a fun way to stay connected and spend time together. Those are some of my favorite memories from that time in my life. Q: Where's a good place to start for someone interested in learning more about a career in cybersecurity? A: There are so many different career paths in security, I’d start with exploring what types of roles and focus areas are out there. There are also so many different resources out there, understand what your learning style is and search out resources that play to your strengths. There are a vast variety of podcasts, videos, books, trainings, certifications that all teach the same information in different ways. Some of my personal favorites: The Darknet Diaries Podcast provides compelling stories around the background of security issues and attackers and the real-world impact the attackers have had. Visit the Villages at your local BSides Conference or DEFCON. The Villages provide a fun, interactive way to learn about various aspects of security like AppSec, Bio Hacking, IoT, or Social Engineering just to name a few. Attend a free SANS workshop and learn directly from industry experts. Dive deeper by checking out interactive training courses provided by online training providers like Udemy or Coursera. Keep up to date on industry trends and attacks in the wild with newsletters like tl;dr sec or KrebsOnSecurity.AHQ Archive: Online Security Newsletter - November 2023
Hello everyone! Welcome to the first edition of the Answers HQ Online Security Newsletter! Following the positive feedback we received during the Answers HQ Cybersecurity Awareness Month survey, we've understood that you would appreciate more content on the topic of online security. Therefore, we're introducing newsletter-style posts. A new issue will be posted every last day of the month. Similar to this Answers HQ Online Security Newsletter, we'll provide tips for your online safety, challenges, and more. Anyone who participates in the discussion or takes on the challenge will receive a unique badge that aligns with the theme of the issue. Now, without further ado, let's dive into this month's issue of the Answers HQ Online Security Newsletter! To some, he is well known, but others might need a little introduction. Meet Bob Pancakes, your special host for our November Online Security Newsletter! Bob is one of the Sims living in Willow Creek in The Sims 4. Have a read about this month's security focus and join us in the discussion or take part in this month's challenge to receive a unique forum badge. Security focus - Phishing What is phishing? Phishing is a type of social engineering attack aimed at tricking a person into providing sensitive information. This can be done through various methods including text messages (Smishing), voice messages (Vishing), emails, and even through search engines. Common methods of phishing A common strategy used in phishing is to create a sense of urgency, such as sending an email claiming that the recipient's account has been hacked. It's crucial to verify the legitimacy of such messages, for example by checking the links to ensure they redirect to official sites. Misleading links False hyperlinks are another method used for phishing. Even if the text of a hyperlink includes a familiar brand or company name, it may not actually link to the official site. The best way to verify it is to hover over the link to confirm the URL before clicking. Imitating legitimacy Phishers may also impersonate legitimate companies or individuals to appear more authentic. No legitimate organization will ask for passwords or sensitive account information through email or other communication channels. How to avoid phishing To avoid phishing attacks, log in only to official sites, inspect hyperlinks in emails, watch out for redirection URLs, and remember that official representatives of companies will not ask for your account password. TryHackMe (TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!) How to avoid phishing Maze challenge (Challange works best of it is viewed from PC browser) Bob needs your help! He has faced a challenge where he has to retrieve a code by answering the questions and noting down the number next to it. Check the challenge rules for more details. Challenge rules: Your task is to retrieve 9 digit code You can get the code by answering the questions and writing down the number which is next to the correct statement The number you written down is also the number of the next question you need to proceed to. Numbers cannot repeat if you have already 9 digits and next number is duplicated it means that you have all necessary digits if you dont have 9 numbers and number is duplicated the code is incorrect, and you have to start over again Submit the answer by replying in this thread (use spoilers) Offers for free in-game content or cheats from third-party websites are usually legitimate and safe to accept. (9 True / False 3 ) Phishing is a type of social engineering attack where the attacker tricks the victim into providing sensitive information. (3 True / False 5 ) A common phishing tactic is creating a sense of urgency, such as claiming that the recipient's account has been hacked. (6 True / False 4) Phishing attacks are only carried out via email. (8 True / False 7) It is a good practice to verify the URL of a hyperlink before clicking on it to avoid phishing scams. (8 True / False 3) Legitimate companies will ask for your password through email for verification purposes. (9 True / False 2) Phishers may impersonate legitimate companies or individuals to gain trust and seem more credible. (9 True / False 7) Hyperlinks in phishing emails always directly display the malicious site they link to. (2 True / False 4) If an email claims to be from a legitimate company and asks for your account information, it is most likely a phishing attempt. (5 True / False 1) Logging in to official sites, inspecting email hyperlinks, and not sharing passwords are some of the ways to protect from phishing attacks. (1 True / False 6)AHQ Archive: Online Security Newsletter - May 2024
Hello everyone, welcome to the seventh edition of Answers HQ Online Security Newsletter! Last month, we covered an interesting topic regarding the security of your privacy (and more) while streaming games. If you haven't had a chance to check out this issue or want to refresh your knowledge, be sure to check out this link! 🤓 Additionally, in the past months we have covered many other topics that pay attention to safety when playing online. From previous issues you can learn more about: Phishing Online Privacy Secure Downloading AI in social engineering Passwords This month we will face an unfortunate situation when your device is attacked by malware. Unfortunate because, after reading the previous editions of the newsletter, you should be quite well prepared to face the threats that await you in the online world. 😉 So, let's get to this month's topic. Ah, I would have nearly forgotten! As every month, each participant of the discussion, challenge or quiz will receive a unique badge for the forum collection! Security focus - Malware What exactly is malware? A common misconception is that malware is just another word for a computer virus. That's partially true. The term "malware" is short for malicious software. Malware includes not only viruses but also Trojans, spyware, ransomware, and worms. All the mentioned threats differ in their operation, but they have one goal: to expose our data to danger. How to recognise you are affected by malware? If your computer starts running slowly after the operating system loads, this may be a sign that there is malware on your computer. Slow performance can be caused by the excessive use of processor resources by malicious software. This rule applies to some extent even to computers with high specifications. Take a look at your browser to see if it has new toolbars, new extensions, or a new homepage. Do windows with advertisements or notifications appear unexpectedly while you're browsing the Internet? If the answer to any of these questions is yes, it's possible that your browser has been infected. Additionally, any windows that pop up unexpectedly while using your computer, unknowingly installed applications and programs, and general system instability may also indicate the presence of malware. How to get rid of malware? Removing malware from your computer typically involves scanning your computer with an antivirus program. Most free versions of antivirus programs are capable of handling this task. However, if you are dealing with a stubborn and recurring problem, you need to take a few additional steps. First, disconnect your device from the internet. Malware can re-download copies of itself without your knowledge, so conventional malware removal might not be effective if the device remains connected to the internet. Moreover, your private data may be at risk of being compromised. Start your computer in Safe Mode (this is different from a clean boot). When your computer starts in this mode and is disconnected from the internet, perform a full malware scan again. If the problem appeared, when using a web browser, it is a good time to clear its cache and cookies. Change Your Passwords If you suspect that your private data might have been compromised, it's crucial to change your passwords for the most critical services you use. For tips on password management, refer to one of the previous editions of our newsletter - Answers HQ Online Security Newsletter - March. Don't download cracks or cracked versions of the games As we mentioned in one of our previous newsletters, exercise caution when downloading files from the internet. Additionally, refrain from downloading cracked versions of games; not only does this violate terms of service agreements, but it also increases the risk of inadvertently downloading malicious software. Refrain from downloading "freebies" from the internet. Be particularly vigilant if you are strongly encouraged to download a free game, demo, or game expansion from source different than official. First, verify that the source from which you are downloading is reputable. If the game isn't available directly from the producers website, or if there's no official redirection to another site from the producers website, there's a high likelihood that the offer's description is misleading. For these and other tips on safe online practices, refer to an interview with our expert - Senior Director of Game Security & Anti-Cheat. Start your PC in safe mode in Windows Start up your Mac in safe mode Windows 11 and Secure Boot Mitigating malware and ransomware attacks Answers HQ Online Security Newsletter Quiz - MayAHQ Archive: Online Security Newsletter - December 2023
Welcome to the second edition of AHQ Online Security Newsletter. This month, we're focusing on the importance of privacy settings and how to maintain a secure online presence. We encourage you to participate in the tasks that we've prepared for you. We have prepared two tasks for you this month: a quiz to test the knowledge you've gained from this and the previous month's newsletter, and a separate, more advanced task for those seeking a challenge. Nothing should stop you from participating in both tasks! If you happened to miss out on our previous newsletter, no worries! You can catch up right here: Answers HQ Online Security Newsletter - November - Answer HQ Thanks and Happy New Year! edit 18/01/24 @EA_Kuba wrote: Hey everyone! A bit later than usual, but I wanted to let you know that everyone who participated (or will participate) in this month's newsletter, will receive a unique forum badge! Security focus - Online Privacy Understanding the importance of privacy Interacting with other players while playing online is an essential part of any online game. While playing online, we can exchange tips, game experiences, or just talk. It is crucial to maintain your privacy by refraining from sharing any private information that could lead to your identification during text or voice chats. Secure your account Maintaining strong passwords is as crucial as being careful during online interactions. They serve as your primary defense against unauthorized access to your data. To enhance security, it's important to frequently update your passwords and ensure they are complex enough. If you wish to evaluate your password's strength, you can do so using the following website: https://passwordmeter.com. Additionally, using password managers can be a viable option for password management and security. Do not share your private information with others Providing only your name during interaction is not a bad thing. However, sharing personal details alongside your name might make you susceptible to social engineering attacks. It is worth being careful with whom and what information we share while playing. It is also advisable to review the privacy settings on your EA account to ensure control over the information that other players can see about you. Beware of phishig Phishing is a social engineering attack that aims to deceive you into providing sensitive information about yourself. Phishing can take many forms, such as email or telephone calls. A phishing attack can also be carried out via in-game chats. In the last newsletter, we covered this topic by providing information on how to recognize phishing and how to protect yourself from it. Make sure to check it out. @ElliotLH tip to help identify which companies might be selling your information if you start receiving unsolicited emails. (...) My one is more for spam handling but figured it could be useful for security still: if you use Gmail or Outlook, add a "+" and the name of the site to your email when registering on websites. E.G emailaddress+companyname@ Not only can this be helpful with filtering your inbox, if your details from that company are exposed (or sold, as some less than reputable companies do) and you start receiving spam to that email address, you'll know something has gone wrong straight away. Edit: Added Outlook too as @SharpGoblin mentioned that works as well, which it does. Update your privacy settings and email preferences (eahelp article) How to change privacy settings on PSN Manage app privacy settings on Xbox How to turn on EA Login Verification HackTheBox (Hack The Box is a leading gamified cybersecurity upskilling, certification, and talent assessment software platform enabling individuals, businesses, government institutions, and universities to sharpen their offensive and defensive security expertise.) Answers HQ Online Security Newsletter Quiz - December Invisible Ink Challenge Your task will be to find a hidden message in one of posts made by myself on 31/12/2023. When you find the message reply in this thread. Over the next few weeks, we will post tips to help you solve it.
