EA Forums Online Security Newsletter - December
Last time, we explored the rising issue of phishing during the holiday season. If you're not familiar with this or need a refresher, make sure to revisit our previous edition! This month, together with our co-host @EA_Kalina, we're excited to share how far our newsletter has reached over the past year. Your engagement has been key to this success, and we hope you'll keep joining us for future editions. Take a look at the infographic below for more details! As a usual token of appreciation for your participation, you'll receive a unique badge on the forum! @EA_Kalina As we head into the new year, we want to thank you for your engagement in this year’s newsletter series. Your participation and feedback had a direct impact on the security of our community. Here’s to the new year and the challenges it may bring! The new year often comes with resolutions, so we encourage you to consider making resolutions about your online safety as well. My New Year's resolution is to share knowledge about staying safe with young gamers who are just beginning their online adventures. Additionally, next year we'll provide more resources to help parents and guardians safely guide their children through the digital world. I hope you'll share your resolutions with us and, most importantly, that we all achieve them! Online Security - A Year in Review January - Secure Downloading Downloading from unverified resources can lead to the installation of trojan malware, which creates backdoors for attackers. This malware can compromise sensitive data and potentially allow control over your PC.Always download from secure, legitimate sources to protect your system. February - AI in social engineering AI is anticipated to enhance cybercriminals' abilities in social engineering, reconnaissance, and data exfiltration.Generative AI can craft more convincing interactions, making phishing attempts harder to detect. March - Passwords Use a memorable phrase turned into an acronym, incorporating at least 8 characters with a mix of uppercase, lowercase, numbers, and special charactersto enhance security. This method helps create a robust password that's easier to remember. April -Stream(er) Safety Use Two-Factor Authentication or Multi-Factor Authentication and create strong, unique passwords.Establish separate accounts specifically for streaming to protect your personal information and adjust privacy settings on streaming platforms. May -Malware Signs of malware include slow performance, unexpected pop-ups, new browser toolbars or extensions, and system instability. These symptoms suggest malicious software might be consuming resources or altering settings. June -Account Security TFA provides an extra layer of security by requiring an additional code to protect your account even if someone knows your password. For enhanced security, it is recommended that you use an app authenticator. July - Online Communication Review and update your privacy settings to control what information is visible to others.This helps protect against spear phishing attacks, where attackers impersonate trustworthy entities to steal sensitive information. August - Securing your home network Default credentials are often printed on the device, making them easy targets for unauthorized access.Changing them to something more secure helps protect your network from intruders. September - Bots Use strong, unique passwords and enable Two-Factor Authentication. Guard your privacy by keeping personal information confidential. Download files only from trusted sources and regularly update your operating system and antivirus software. Keep your home network secure by updating your router's firmware, and stay alert to phishing attacks. October -Two-Factor Authentication Deep Dive Authenticator apps are more secure because they generate codes locally on your device, avoiding interception or SIM swapping risks. Codes are unique and time-based, changing every 30 seconds for extra protection. November -Phishing Deep Dive Enable Two-Factor Authentication (TFA) using an authenticator app. Verify links and sources by checking URLs carefully.Be skeptical of urgent requests and keep your software updated. Recognize red flags like spelling errors and generic greetings. Secure your email with strong passwords and TFA. Familiarize yourself with account recovery features. How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Positive Play Charter Report cheating, harassment, and illegal content How to avoid phishing Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - December QuizEA Forums Online Security Newsletter - November
Last month, we talked about the importance of setting up Two-Factor Authentication (TFA) to safeguard your gaming accounts, emphasizing the use of authenticator apps as the most secure option. If you missed it, here’s the short version: SMS-based TFA is good, but authenticator apps like Google Authenticator are significantly better. Why? They’re harder for attackers to intercept, and generally more reliable. If you want to check the full article have a lookhere. If you’ve already made this upgrade, congratulations - you’ve taken a significant step toward securing your gaming accounts! But even with TFA in place, you’re not invincible. One of the most persistent threats that gamers face, especially during the holiday season, isphishing. Phishing is a method bad actors use to trick you into giving away your personal information, like login credentials or payment details. During the holidays, phishing scams often ramp up as cybercriminals prey on the increased online activity. To illustrate the importance of staying vigilant, let's look at howEA is working with Google’s Cross-Account Protection program. This initiative helps prevent compromised email accounts from being used to take over gaming accounts. These efforts highlight the need for us, as players, to take an active role in defending ourselves. This month’s deep dive is here to arm you with knowledge about phishing scams specifically targeting gamers, including how these scams work and, more importantly, how you can outsmart them. As usual - for interacting with the newsletter, either by sharing your tips, experiences or checking yourself in the newsletter challenges will earn you a unique forum badge for your collection. If you have any feedback or want to design your own additional challenge, make sure to check the Feedback Hub and choose the correct form. Phishing Deep Dive What is Phishing? Phishing isn’t a one-size-fits-all attack. Phishing is a cyberattack where scammers pose as trustworthy entities to trick you into revealing sensitive information. This can take many forms (at least nineteen!), including fake emails, voice calls, misleading websites, malicious direct messages, or even impersonation in gaming chats. How Phishing works? Phishing attacks targeting gamers can take several forms. Attackers often send emails or messages claiming there's an issue with an account or an exclusive offer, leading users to a fake login page that mimics a trusted platform. Another tactic involves messages from "friends," whose accounts have been hacked, asking for assistance. Additionally, scammers may disguise links as offers for free in-game currency or access to special events. Advanced scammers are even using AI tools to craft more convincing phishing messages, mimicking the tone and typing style of the victim's friends. Where it can happen? Phishing attempts can occur across various channels commonly used by gamers. These include app-based chats like Steam and the EA app, native console chats, and mobile game chats. Discord, email, text messages and direct messages on the forums are also targets for these deceptive tactics. How to protect yourself from phishing? Enable Two-Factor Authentication (TFA): Use an authenticator app for added security. This ensures even if someone steals your password, they can’t log in without the second verification step. Verify links and sources Hover over links in emails or messages before clicking. Official gaming platforms usually have consistent, recognizable URLs (e.g., ea.com, not ea-support.xyz). Is e.ea.com an official email address? Yes, e.ea.com is an official EA email address. Because it leads with the subcategory, then ends with ea.com, we can tell it’s a legitimate address. Be sceptical of urgent requests: Scammers often use fear (e.g., "your account will be banned") or excitement (e.g., "exclusive offer!") to rush you into acting without thinking. Keep software updated: Ensure your games, devices, and antivirus software are up-to-date. Modern security measures can often block known phishing attempts. Recognize common red flags: Spelling errors, mismatched logos, or generic greetings like “Dear User” in emails are the giveaways. Secure your email: Since your email is the backbone of most gaming accounts, protect it with strong passwords, TFA, and regular scans for suspicious activity. Account recovery features: Familiarize yourself with recovery processes for your gaming accounts, such as backup codes or secondary email options. 19 Types Of Phishing Attacks Keeping your EA Account safe by partnering with others How to avoid phishing Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - NovemberEA Forums Online Security Newsletter - October
Can you believe our newsletter has just hit its first anniversary? That's a significant milestone, and we are really grateful for each comment, tip, and experience shared! 🥳 During October, we've celebrated Cybersecurity Awareness Month by publishing four articles filled with tips for your online safety. Most importantly, there were several comments with additional tips from the community. Make sure to check them all out and put the tips into practice! Personal Security & Online Privacy Phishing & Social Engineering Threats Safe Downloads & Malware Protection Network & Streaming Security This month, ourSecurity Focuswill be adeep dive into Two-Factor Authentication (TFA). We'll cover crucial aspects to consider and share a few tips for enhancing your online safety. Additionally you'll learn whatin-game benefits enabling TFA gives you in EA games! As always, participation in the newsletter - whether by commenting in the thread, sharing your tips and experiences, or solving the quiz- will earn you a unique forum badge for your collection. If you have any feedback or want to design your own additional challenge, make sure to check the Feedback Hub and choose the correct form. Two Factor Authentication Deep Dive What is TFA and why do I need it? TFA is a second layer of defence against account takeover. Even if a bad actor gets your login details, they won’t be able to access your account without a unique number you get via an authenticator app. Types of TFA There are several types of Two-Factor Authentication (TFA) available.Authenticator apps, such as Google Authenticator, Steam Guard, and Battle.net Authenticator,are highly recommendedbecause they work offline and are more secure than text messages or email. For those seeking ultra security, hardware keys like YubiKey and Google Titan are available, though they might be overkill for casual gamers, they are a solid choice for competitive gamers or streamers. Lastly, SMS or email authentication can serve as a backup, but they are less secure compared to authenticator apps. Why use an Authenticator App over SMS/Email? App-based authentication offers significant security advantages over SMS and email. Unlike SMS, whichcan be intercepted or fall victim to SIM swapping, app-based codes are generated locally on your device, ensuring they are unique and time-based. This provides a faster and more secure login process, additionally, app codes change every 30 seconds, for additional phishing protection. Red Flags to watch For Be cautious if anyone asks to "borrow" your TFA device or requests to disable TFA for "troubleshooting" purposes. Additionally, be wary of suspicious TFA prompts when you're not actively logging in and be cautious of any "emergency" authentication bypasses. These can all be signs of potential security threats. General Tips for TFA First, make sure to enable TFA on all your gaming platforms. It's a good idea to use different TFA methods for various services to enhance your security. Always keep your authenticator apps updated, and try to avoid using the same device for both factors, such as a password manager and authenticator on the same phone. Never share your TFA codes, even with "support staff," as real support will only ask for a different verification code. Avoid disabling TFA for convenience and be cautious of fake authenticator apps. Recovery Methods Store your backup codes securely and away from your gaming PC. Consider printing them, writing them down, or using the secure notes feature in a password manager. Your gaming account is only as secure as its weakest link. TFA might seem like an extra step, but it’s worth the few seconds it takes to keep your accounts secure. What are the EA games benefits of turning on Login Verification? Gifting in Apex Legends If you want to send your friend a gift, you need to have Login Verification on.Check out our FAQ for more details on gifting. EA SPORTS FC™ Companion App To use the Companion App and manage your Ultimate Team™ on the go, your account needs to have Login Verification turned on.Learn how to access the EA SPORTS FC™ 25 Web and Companion Apps. Platform specific guides: EA app Steam Epic Games Battle.net PlayStation Network Microsoft Authenticator app Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - OctoberEA Forums Online Security Newsletter - September
Our newsletter is always published at the end of each month to discuss the previous month's security news. However, we’re excited to highlight that October is Cybersecurity Awareness Month. During October, you have the opportunity to earn a badge* (on AHQ) on the forum not only by participating in this newsletter but also by engaging in discussions and quizzes related to cybersecurity. At the start of each week, we’ll publish an article dedicated to online security on the forum! In the previous issue, we touched on the topic of securing our home network and how to protect ourselves from danger. Many valuable comments and tips appeared in the discussion. If you haven't had the opportunity to read the previous issue, be sure to check it outhere This month, the topic of our "Security Focus" will bebots. You will learn what bots are and whether bots are always good or bad. The topic of bots is very interesting, you can find out more in "Security Focus." As always, by joining the discussion or solving the quiz, you will receive a participation token - a unique badge on the forum! We would love to hear your feedback. Visit theFeedback Hub to share your thoughts about the newsletter, ask questions, or share your inspiring stories. If you're interested in hosting next month's challenge, you can also submit your application through the Feedback Hub. Your input helps us improve and keeps our community engaged! Without further delay, let's get started! Bots Bots definition A bot is basically an app that can do tasks on its own without needing someone to start it every time. They handle repetitive tasks way faster than humans. Not all bots are bad, but some are designed to cause trouble or benefit their creators at the expense of others. When multiple bots team up, they form a botnet, which can be used to launch attacks. How do they work? Bots run on algorithms that help them do their specific jobs, like chatting with people to seem human or gathering info from websites. There are many types of bots, each made to handle different kinds of tasks. Examples of good bots Search Engine Crawlers: Bots like Googlebot that index web content to make it searchable. Chatbots: Bots that provide customer service or support by interacting with users in real-time. Monitoring Bots: Bots that track website performance, uptime, and security. Examples of bad bots Spambots: Bots that distribute spam content or advertisements. Scraping Bots: Bots that harvest data from websites without permission. DDoS Bots: Bots that participate in Distributed Denial of Service attacks to overwhelm and shut down websites. How to protect yourself from bad bots? Ensure yourpasswords are strong and uniqueto protect against brute force attacks, and enable Two-Factor Authentication (TFA) to add an extra layer of security that bots find difficult to bypass. Guard your privacy by keeping personal information confidential, as sharing details recklessly can make you an easy target for bots that harvest data for malicious purposes. Download files only from trusted sourcesto avoid malicious software that can turn your device into a bot, unknowingly participating in attacks. Regularly update your operating system and antivirus software to patch vulnerabilities that bots exploit to gain unauthorized access. Keep your home network secure by updating your router's firmware, as outdated routers can be hijacked by bots to form part of a botnet. Stay alert to phishing attacks, as bots often use these to trick you into revealing sensitive information, leading to compromised accounts and systems. What Is A Bot? How Do Bots Work? What is a Googlebot? Botnet - NIST glossary Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - September QuizEA Forums Online Security Newsletter - August
This month again we’ve got a double edition for you. Our newsletter is available on both AHQ and the EA forums! You can find the link to the newsletter on Answers HQ here. Last month, we talked about the importance of communication, particularly how our emotional reactions in games can sometimes lead to negative outcomes and how to handle such situations. We also covered tips on protecting your privacy and reporting inappropriate content in-game. Make sure to catch up on the previous issue with these links: Answers HQ Online Security Newsletter - July - Answer HQ EA Forums Online Security Newsletter - July | EA Forums Now, before we jump into this edition, I want to address a question that came up in one of our newsletter forms (I read these regularly and value your feedback!). Do I need a high rank on the forum to participate in the newsletter? Absolutely not! Our newsletter is for everyone, whether you're a silent reader (I know that there are many of you 😉), just posted your first comment yesterday, or are a seasoned forum veteran. Everyone is welcome here! If you have something to share, or a story to tell, don’t hesitate! At the end of this newsletter, you’ll also find a form where you can ask any online security questions that are on your mind. We’ll answer these in future editions. For participating in the newsletter—whether it’s posting a comment, solving a quiz, or completing an extra challenge—you’ll receive a participation token, which is a unique badge on the forum. This month, we’re focusing on how to secure your home network. Without further ado, let’s get into it! Securing home network Change your router’s default password and username Your internet provider probably gave you a device to get online. Usually, these devices have a default network password and admin login printed on the back. It’s a good idea to change this password to something more secure and, if possible, change the default username from “admin” to something less obvious. Enable network encryption At the very least, use WPA2 encryption, and if your router supports WPA3, definitely enable that. Disable WPS WPS stands for Wi-Fi Protected Setup. It’s a feature that makes it easy to connect devices to your network quickly. While handy, it doesn’t need to be on all the time. Turn it on only when absolutely necessary. Disable remote management Sometimes, you might need to enable this feature if you’re having trouble with your device. However, for security reasons, it’s best to keep it disabled unless needed. Update firmware Although firmware updates are usually automatic, it's a good practice to manually check for updates regularly. Keeping your device's firmware updated enhances its security against vulnerabilities. Enable firewall on your router Ensure the firewall service is enabled on your router. This measure significantly reduces the risk of security threats to your device. SANS Ouch! Newsletter - Creating a Cybersecure Home NSA | Best Practices for Securing Your Home Network I would also want you to invite to read an interview with Elise Murphy, Head of Game Security, and AC Ward, Director of Anti-Cheat Engineering. The interview highlights the efforts to develop and expand EA Anti-Cheat, and discussed its ongoing development, emphasizing their mission to protect players by leveraging the latest advancements in anti-cheat technology. Have a read, by clicking the link below: EA anticheat is leveling the playing field Do I need a high rank on the forum to participate in the newsletter? Absolutely not! Our newsletter is for everyone, whether you're a silent reader (I know that there are many of you 😉), just posted your first comment yesterday, or are a seasoned forum veteran. Everyone is welcome here! If you have something to share, or a story to tell, don’t hesitate! Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form Answers HQ Online Security Newsletter - August Quiz If you wish to test yourself in this months extra challenge, head over to Answers HQ thread! 😊EA Forums Online Security Newsletter - July
We are excited to present the first edition of our newsletter on the new forum platform!🥳 Additionally, we have refreshed the appearance of our newsletter with new visuals 🌈, and re-branded our newsletter📛. In the future, we may expand the newsletter with new sections based on your feedback! ~How can this happen? At the end of the newsletter, you will find a new section called the Feedback Hub. Here, you can share your observations, ask questions, or share your stories via the form. Two new sections would be: Q&A:This section is for those who have long-awaited answers to their pressing questions but may now feel hesitant to ask. It’s also for questions about topics covered in previous editions. Questions must be related to the topic of the newsletters, and the answers to them may be included in future editions. Community Spotlight: This section is for sharing inspiring experiences in the field of security. Last month, thanks to the input from EA_Kalina, we focused on account security and explored the most important methods to prevent account takeovers. While this article provided information specific to your EA account, you can apply these guidelines to secure your other accounts as well. We hope you have followed all the instructions by now. If not, please do so as soon as possible. This month, we will explore the important topic of communication, in-game and beyond. As with every edition, each newsletter participant will receive a unique token of appreciation: a special badge on the forum. Now, without further ado, let's dive into this month's topic. ... Oh, I nearly forgot if you want to host the next challenge, you'll find the right form at the end of this post! Online Communication Look after your privacy Protect your privacy by reviewing and updating your privacy settings. Control what information is visible to other players or contacts you interact with. If too much personal information is visible on the internet, you might be vulnerable to spear phishing attacks. Spear phishing is a targeted attempt to steal your sensitive information by pretending to be a trustworthy entity. Keep your cool Try not to send messages under the influence of strong emotions. Playing online can be very challenging when it comes to keep your emotions cool. However, when you're emotionally charged this can lead to unintended consequences. You might say something you regret, and it could get you into more trouble. Remember, everything you say or post on the Internet can persist for a long time. This includes private information unintentionally shared during an argument or inappropriate remarks. Message with caution It is a good habit to be distrustful of unexpected messages or messages from people we do not know. In the context of online games and gaming communities, it is easy to make new contacts and interact. However, during these conversations, do not provide your private information and always verify the identity of the person you are talking to by checking their profile or asking for additional information. Report Inappropriate Content We use real-time moderation technology to ensure that all text entered in our games complies with the Positive Play Charter. Additionally, our automated system filters all images uploaded by users, which is further supported by manual reviews from our team. Recently, we introduced a pilot voice reporting system in Battlefield 2042, allowing you to report inappropriate content from other users during gameplay. Your submissions are crucial in improving these tools and creating a safe, welcoming environment for our community. If you encounter inappropriate content in the game, please report it. Positive Play Charter Report cheating, harassment, and illegal content Content Moderation and Enforcement What’s voice chat moderation in Battlefield 2042? EA Forums Online Security Newsletter - July Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissions) Answers HQ Online Security Newsletter - Challenge Creation Interest form
