[HOW TO] Prevent hacking & what to do if you've been phished

by XXXO77O4906
Reply

Original Post

[HOW TO] Prevent hacking & what to do if you've been phished

[ Edited ]
★★★★★ Expert

We know that it's important to keep your FIFA Ultimate Team account safe, so please read these important tips you can use to help keep your account safe and secure. For even more information, check out this article on How to Maintain Account Security.


TABLE OF CONTENTS

ASKING FOR YOUR INFORMATION
EA will never ask you for your login information
On the forums
On your console

PHISHING EMAILS, LINKS and WEBSITES
Fake emails and copycat websites
How can I tell the difference between a phishing site and the authentic EA one?
Misleading hyperlinks
Beware of redirects
Scare tactics

ADDITIONAL SECURITY

WHAT TO DO IF YOU’VE BEEN PHISHED
Overview
I received a phishing email
Report phishing sites to EA


ASKING FOR YOUR INFORMATION

EA will never ask for your login information:
There are no exceptions to this rule. Even if you receive an email that appears to be from EA, remember that if it asks for your account information it’s a scam.

Follow these four simple safety rules:

To help reduce the chance of your account of being compromised or “phished,” it’s always wise to follow these rules:

  • NEVER share your login information publicly
  • NEVER click links asking for login information or claiming your account has been compromised
  • ALWAYS double check the sign-in web address starts with: http://www.easports.com/
  • ALWAYS make sure the web address does not redirect to a non-EA site

Create an Origin security question:

Setting up an Origin security question gives your FUT account an important extra layer of protection.

Make sure you keep your Origin account up to date. To maximize your account security, make sure you use a unique password for each service or site that requires a login.

Back to Top


On the forums:
If you ever receive a private message in the forums asking for your account information, it is fake. Scammers will even use names that sound legitimate, such as “EA Admin” or “FIFA Developer.” Again, EA will never ask you for your account info.

If you do receive a message like this, report it to one of the forum moderators. Those responsible for sending messages of this kind will suffer swift justice – justice that could affect more than just their forum privileges, up to and including a full console ban.

Back to Top


On your console:
If you ever receive a private message through Origin's online messaging system asking for your account information, it is fake. EA will never contact you through Origin’s messaging system for any reason. Do not give out your details. Make sure to report the details of this message using the built-in report tool.

Back to Top


PHISHING EMAILS, LINKS and WEBSITES

"Phishing" is the term used when an online scammer attempts to trick someone into giving up valuable information (like your login information and password) by sending you to a fake website and prompting you to enter your account details. 

Fake emails and copycat websites:
You receive an email that appears to be from EA concerning an Ultimate Team (or other game) promotion. You click on the link in the email, go to what appears to be the Ultimate Team login page, and enter your account name and password. Two days later you discover all the gold players you’ve worked so hard for have disappeared.

Sound familiar? Hopefully not, as the scenario described above was a phishing scam. As the majority of phishing websites look identical to the real thing, most users don’t even realize they’ve been phished until it’s too late.

When browsing and regarding your account details, be sure to check the URL, as indicated below, to ensure you preserve your account's security.

User-added image


NOTE: Be sure to also read this article about the risks from buying or selling FUT Coins from a third party service. 

Back to Top


How can I tell the difference between a phishing site and the authentic EA site?
The official EA website uses the following URL: http://www.easports.com/.

You may also be contacted directly by EA or EA SPORTS via email containing one of more of the following official EA and EA SPORTS web links relating to EA SPORTS FIFA, FIFA Ultimate Team, EA SPORTS Football Club, or EA:

www.ea.com
www.futpromos.com
www.easportsfootball.com
www.easportsfootballclub.com

 
Any other similar-looking URL is not official and should not be clicked on.

 

 
Back to Top


Misleading hyperlinks:
The text of a hyperlink may contain a url that is not the url it actually links to. Roll your mouse over this link: www.ea.com/safe. Notice either in the bottom of your browser window or in a small text box over the link, the actual url does not match. Make sure any link you click on leads somewhere official.

User-added image

Back to Top


Beware of redirects:
Redirecting is a technique where a scammer embeds something in a link that takes you to the real site to begin with, but then moves you to a fake page that looks identical. There are many examples of this, but one simple thing to look out for in your address bar would be: http://www.ea.com/redirect?url=http://fakesite.com

Note the “redirect?” part of the URL. This means you will actually go to a different site than the one you were trying to reach.

EA will never redirect you from http://www.ea.com/ to another site.

Back to Top


Scare tactics:
Another common tactic involves scaring you into thinking your account has been compromised when it actually hasn’t. You may receive a message saying something like: “Your account has been temporarily suspended due to suspicious activity. Please login here to see more information.” This is another attempt to get you to give up your username and password. As always, the end result its directing you to a site other than http://www.ea.com or http://www.easports.com/fifa.

EA will never send you emails claiming your account has been compromised. EA will never contact you via ANY means asking for your login information.

Back to Top



ADDITIONAL SECURITY

Here are some additional precautions you can take to ensure your information is protected.

  • Preview links: Before you click on a link, preview where it is taking you by hovering over it with your mouse cursor. In some browsers the link location will be displayed at the bottom of your browser window.
  • Home computer: Set your browser to remember your password for EA sites. This way it will auto-fill the login form every time you visit the site. If you unknowingly go to a phishing site, the username and password will not be filled in, so you will know it’s a fake. Be sure to only do this on your home computer.
  • Public computers: If you log in from a public computer, such as at a school or a coffee shop, double check that your login information isn’t being saved by the browser. Be sure to delete the browser cache after you logout as well.
  • Password integrity: This is important, so we will say it again! Updating and maintaining your passwords is an important part of online security. A secure password that is updated regularly is much less likely to lead to a compromised account.
    • EA IDs only require 4 characters, but you should use at least 8. Use a combination of letters, numbers, and special characters
    • Use different passwords for your EA account, console login, and email
    • Do not use any information in your password that could easily be obtained (like your Gamertag/PSN name or FUT Squad)
    • Delete any emails that contain your password information 
  • Browser tools: These browser tools and plugins will not stop all phishing sites, but they are valuable resources. These tools can also help you avoid sites that attempt to install malicious software without your knowing.
    • Many major browsers have built-in phishing filters. Ensure that they are enabled. You can also check a website’s security by using this Google diagnostic: http://www.google.com/safebrowsing/diagnostic?site=easports.com
    • Web of Trust: This plugin is available for all operating systems. It can be installed on Firefox, Chrome, Internet Explorer, Safari, and Opera. It uses a stoplight-style rating system to warn against unsafe sites. It will install an icon beside your browser's address bar, as well as links and search engine results. http://www.mywot.com/en/download
    • Locationbar2 (Firefox only): Similar to the address bar on Chrome, the Locationbar2 plugin puts emphasis on the domain name in order to help avoid phishing sites. https://addons.mozilla.org/en-US/firefox/addon/locationbar%C2%B2/
  • FUT Security Question: In order to prevent unwanted users from accessing your account you will be asked to create a Security Answer on the FUT Web App. You will be required to enter this answer the next time you log in via your console.
    • Make sure to remember the answer! It will occasionally be asked on the FUT Web App and EASFC Mobile app so that your coins and players stay safe. If you ever happen to change your console, it will be asked as well.

Back to Top


 


WHAT TO DO IF YOU’VE BEEN PHISHED

Overview:
If you believe you’ve entered your login info into a phishing site by accident, change your password right away. It’s likely that your account has been compromised, but you may still have time to save it.

Then contact EA’s customer service team immediately at http://help.ea.com, providing as much detail and evidence as you can. In particular, our team will need accurate details of what items (if any) you have lost, plus the date and time that you lost them.

Back to Top

 


I received a phishing email:
If you receive a phishing email message, don’t panic. Your account has not been compromised. All the scammer has is your email address, which can be relatively easy to find. Scammers duplicate the images and text from an official EA email in the same way they copy websites. If you receive a suspicious-looking email, check who the sender is, as well as where the links in the email are taking you.

Some things to be aware of with phishing emails:

  • Names are easy to obtain—phishers will almost always use these in emails
  • Other links or elements in the email may actually take you to the real site, but the “click here” or “login” link will always lead to a fake site
  • When clicking on links in emails, be sure it is directing you to the same place that was advertised
  • The only time EA will contact you through email regarding your account is if you have forgotten your password and you make a request to have it changed


Back to Top


Report phishing sites to EA
We are continually taking action against phishing sites as we are made aware of them. We are also taking strong, prompt action against any users attempting to scam others using these sites or any other scams.

Please let us know about phishing sites by contacting us.

Back to Top

 

Message 1 of 4 (50,331 Views)

Re: [IMPORTANT] How not to get hacked and what to do if it already happened

★★★★★ Expert

Be sure to see this steps here, for a bit more extra tips (some of it is in the above post as well):

 

Online accounts are an inviting target for the hackers and phishers. Keeping your account information safe and secure is a top priority for us here at EA, but there are steps you can take to protect yourself as well.


TABLE OF CONTENTS

PASSWORD SECURITY
Password Overview
Resetting Your Password
Password Integrity

MALWARE/VIRUSES
Overview

AVOIDING PHISHING SCAMS OVERVIEW
Phishing Overview
Some simple rules to avoid phishing scams

ASKING FOR YOUR INFORMATION
EA will never ask you for your login information
On the Forums
On Your Console

PHISHING EMAILS, LINKS and WEBSITES
Fake emails and copycat websites
How can I tell the difference between a phishing site and the authentic EA one?
Misleading Hyperlinks
Beware of Redirects
Scare Tactics

ADDITIONAL SECURITY
Overview

WHAT TO DO IF YOU’VE BEEN PHISHED
Overview
I Received a Phishing Email
Report Phishing Sites to EA
 



PASSWORD SECURITY

Password Overview:
One of the ways someone may gain access to your account is if you have a weak password, making it easier to guess. As such, we have recently increased our password security requirements in order to better protect your account & reduce the risk of unauthorized access. Simple passwords, for example those that contain part of your email address, are no longer permitted.

We apologize for any inconvenience that this may cause, and wish to assure you that our efforts intend only to better protect your information and identity.

Back to Top


Resetting Your Password:
If you want to reset your password, please use the password retrieval page. Pogo users will need to follow the steps in this article.

Back to Top


Password Integrity:
Updating and maintaining your passwords is an important part of online security. One way others may be able to compromise your account is by successfully guessing your password.

Use the following suggestions to help develop a password that is harder to guess.

  • EA IDs – you should use at least 8 characters. Use a combination of letters, numbers, and symbols. For some examples, check out this article from Pogo!
  • Use different passwords for your EA account, console login, and email. If you use the same password for all of your accounts and one of them is compromised, then all of your accounts are at risk.
  • Change your passwords often
  • Do not use any information in your password that could easily be obtained (like your Gamertag/PSN name, squad names, your name, date of birth, etc.)
  • Delete any emails that contain password information after writing it down in a safe place

Back to Top



MALWARE/VIRUSES

Viruses and malware (malicious software) can be detrimental to your account security and can allow someone else to gain access to your account user names, passwords, and other important information. Most of the time, you won’t even know that you just allowed malware or a virus on to your computer.

With a little caution you can help protect yourself against malware and viruses:

  • Regularly use an antivirus/malware scanner such as Microsoft Security Essentials or another well-known antivirus program. These can detect and remove any potential threats to your computer’s security
  • Ensure you have the latest updates for your computer and software
  • Avoid clicking on links or websites you don’t recognize, even if they appear to come from people you know via email, instant messages, or in-game messages. It’s possible their account may have been used by someone else in an attempt to phish information or put malware on your system
  • Avoid any cheat sites or sites promising levels/xp/in-game currency/etc. These sites may put malware or viruses on your system or may be trying to steal your account information by requesting you to login.

Back to Top


 

AVOIDING PHISHING SCAMS

Phishing Overview:
"Phishing" is the practice of tricking users out of their account info and passwords for malicious purposes. Phishing scams typically work by fooling the player into thinking they are putting information into a legitimate website, when in fact they are providing info to another party. It is the player’s responsibility to avoid such scams and be vigilant against links and emails addresses that are not part of the official ea.com domain.

Back to Top


Some simple rules to avoid phishing scams:

  • Watch for requests for Account Info or Password
  • Always double check the sign-in URL starts with: http://www.ea.com
  • Always make sure the URL does not redirect to another site
  • Never click links in emails asking for account information or claiming your account has been compromised
  • Beware of pop-ups, as some phishing scams use pop-ups that ask for your info, pretending to be related to the website you are trying to use. Check the authenticity of anything that asks for information from you.
  • Verify all emails. Phishing can take place via email, so beware emails asking for any data, even from addresses that appear to fall under the EA domain.
  • Do not post your data online. Be cautious when sharing your data with anyone, from your ID or your Gamertag, to screenshots that show details of your account.

Back to Top



ASKING FOR YOUR INFORMATION

EA will never ask you for your login information:
There are no exceptions to this rule. Even if you receive an email that looks like it’s coming from EA, if it asks for your account information it’s a scam.

Back to Top


On the forums:
If you ever receive a private message in the forums asking for your account information, it is fake. Scammers will even use names that sound legitimate, such as “EA Admin” or “FIFA Developer”. Again, EA will never ask you for your account info.

If you do receive a message like this, report it to one of the forum moderators. Those responsible for sending messages of this kind will suffer swift justice – justice that could affect more than just their forum privileges, up to and including a full console ban.

Back to Top


On your console:
If you ever receive a private message through your console’s online messaging system asking for your account information, it is fake. EA will never contact you through your console’s messaging system for any reason. Do not give out your details and report the details of this message using the built-in report tool.

Back to Top



PHISHING EMAILS, LINKS and WEBSITES

Fake emails and copycat websites:
Sometimes emails and websites can appear to be official emails or websites from EA, but they are actually from a third party.

For example: You receive an email that appears to be from EA concerning an Ultimate Team (or other game) promotion. You click on the link in the email, go to what appears to be the Ultimate Team login page, and enter your account name and password. Two days later you discover all the gold players you’ve worked so hard for have disappeared.

Sound familiar? Hopefully not, as the person above was just phished. Phishing is a way of tricking someone into giving up valuable information (like your account name and password) by landing on a fake website and entering in your account details. As the majority of phishing websites look identical to the real thing, most users don’t even realize they’ve been phished until it’s too late.

Back to Top


How can I tell the difference between a phishing site and the authentic EA one?
The official EA website uses the following URL: http://www.ea.com/. Be aware of any links that don't use “ea.com” as the domain name, even if they include "ea" somewhere in the url. For example, "ea.account.com” would not be an official EA site. However, “help.ea.com” is an official EA website.Always double check the sign-in URL starts with: http://www.ea.com

Back to Top


Misleading Hyperlinks:
The text of a hyperlink may contain a url that is not the url it actually links to. Roll your mouse over this link: www.ea.com/safe. Notice either in the bottom of your browser window or in a small text box over the link, the actual url does not match. Make sure any link you click on leads somewhere official.

Back to Top


Beware of Redirects:
Redirecting is a technique where a scammer embeds something in a link that takes you to the real site to begin with, but then moves you to a fake page that looks identical. There are many examples of this, but one simple thing to look out for in your address bar would be: http://www.ea.com/redirect?url=http://fakesite.com
Note the “redirect?” part of the URL. This means you go to a different site than official EA one.
EA will never redirect you from http://www.ea.com/ to another site.

Back to Top


Scare Tactics:
Another common tactic involves scaring you into thinking your account has been compromised when it actually hasn’t. You may receive a message saying something like: “Your account has been temporarily suspended due to suspicious activity. Please login here to see more information.” This is another attempt to get you to give up your username and password. As always, the end result its directing you to a site other than http://www.ea.com.
EA will never send you emails claiming your account has been compromised. EA will never contact you via ANY means asking for this information.

Back to Top


 

ADDITIONAL SECURITY

Here are some additional precautions you can take to ensure your information is protected.

  • Preview Links- Remember those Misleading Links? Before you click on a link, preview where it is taking you by hovering over it with your mouse cursor. In some browsers the link location will be displayed at the bottom of your browser window.
  • Home Computer- passwords and bookmarks- Set your browser to remember your password for EA sites. This way it will auto-fill the login form every time you visit the site. If you unknowingly go to a phishing site, the username and password will not be filled in, so you will know it’s a fake. Be sure to only do this on your home computer.
  • Public Computers- If you login from a public computer, such as at a school or a coffee shop, double check that your login information isn’t being saved by the browser. Be sure to delete the browser cache after you logout as well.
  • Password Integrity- This is important, so we will say it again! While not directly related to phishing, updating and maintaining your passwords is an important part of online security. A secure password that is updated often is much less likely to lead to a compromised account.
  • Browser tools- These browser tools andplugins will not stop allphishing sites. Unsafe website lists are used to keep track ofphishing sites. These tools can also help you avoid sites that attempt to install malicious software without you knowing.
    • Many major browsers have built-in phishing filters. Ensure that they are enabled. You can also check a website’s security by using this Google diagnostic:http://www.google.com/safebrowsing/diagnostic?site=easports.com
    • Web of Trust- This plugin is available for all operating systems. It can be installed on Firefox, Chrome, Internet Explorer, Safari and Opera. It uses a stoplight-style rating system to warn against unsafe sites. It will install an icon beside your browsers’ address bar, as well as links and search engine results. http://www.mywot.com/en/download
    • Locationbar2 (Firefox Only)- Similar to the address bar on Chrome, the Locationbar2 plugin puts emphasis on the domain name in order to help avoid phishing sites.https://addons.mozilla.org/en-US/firefox/addon/locationbar%C2%B2/

Back to Top



WHAT TO DO IF YOU’VE BEEN PHISHED

Overview:
If you believe you’ve entered your login info into a phishing site by accident, change your password right away. It’s likely that your account has been compromised, but you may still have time to save it.

Then contact EA’s customer service team immediately at http://help.ea.com, providing as much detail and evidence as you can. In particular, our team will need accurate details of what items (if any) you have lost, plus the date and time that you lost them.

Back to Top


I Received a Phishing Email:
If you receive a phishing email message, don’t panic. Your account has not been compromised. All the scammer has is your email address, which can be relatively easy to find. Scammers duplicate the images and text from an official EA email in the same way they copy websites. If you receive a suspicious looking email, check who the sender is, as well as where the links in the email are taking you.

Some things to be aware of with phishing emails:

  • Names are easy to obtain—phishers will almost always use these in emails;
  • Other links or elements in the email will actually take you to the real site, but the “click here” or “login” link will always be to a fake site;
  • When clicking on links in emails, be sure it is directing you to the same place that was advertised;
  • The only time EA will contact you through email regarding your account is if you have forgotten your password and you make a request to have it changed.

Back to Top


Report Phishing Sites to EA
We are continually taking action against phishing sites as we are made aware of them. We are also taking strong, prompt action against any users attempting to scam others using these sites or any other scams.

Please let us know about phishing sites by contacting us.

Back to Top

Message 2 of 4 (49,871 Views)

Re: [IMPORTANT] How not to get hacked and what to do if it already happened

[ Edited ]
★★★★★ Expert

Be also sure to check this thread here: http://answers.ea.com/t5/FIFA-14/IMPORTANT-How-not-to-get-hacked-and-what-to-do-if-it-already/m-p/15... . For ultimate guide on how to protect your account and what to do if think you have been hacked.

 

Also see this thread here, on how to restor your account security, after you have been hacked/phished and your account has become compromised: http://answers.ea.com/t5/FIFA-15/IMPORTANT-Hacked-or-compromised-accounts-Start-here-to-restore/m-p/....

Message 3 of 4 (49,865 Views)

Re: [IMPORTANT] How not to get hacked and what to do if it already happened

★★★★★ Expert

If by any chance, you think you have been hacked, please follow the steps below:

 

The following process should be followed if you believe that your Origin (EA) Account has been hacked or compromised.

If you have been notified that your email address has been changed but have not requested a change of email address, suffered any other similarly suspicious activity, or have any other reason to doubt the security of your account, please follow the steps below to create a new account in order to request contact us for support.

Note, before contacting, be sure to have the following information available so that we may help you as quickly as possible:

  • serial number from one of your games, if possible, is the easiest identifier we can use to locate your account. If you do not a serial number available we will be able to accept your Gamertag,PSN ID, or Character Names from online games.
  • The email address you would like to be contacted at
  • The original email address for your compromised account
  • Your actual date of birth
  • The date of birth used to set up your account

Create a new Origin (EA) Account:

  • Go to help.ea.com and select "Sign Up" (located in the upper-right corner) 
  • Enter an email address you have never used with an EA account before
  • Choose a Master ID and a Password, enter your date of birth and rest of the required fields using only accurate information.

Contact Us from your New Account

  • Go to help.ea.com and select "Log in"  (located in the upper-right corner) 
  • Select "Origin" as your product by typing it in the search bar.
  • Select "Contact Us" located at the bottom of the page.
  • Select "PC" as your platform.
  • Select "Account Security" as your category and describe your issue.

For customers in North America:

  • Select "Call me."
  • Enter your phone number.
  • Select "Submit."

For Customers outside of North America:

  • Go to the "choose a contact method" section
  • Contact us using the telephone number provided within the listed opening hours

Please be aware that it is likely that the agent you speak to will need to confirm information on this account.

Message 4 of 4 (49,864 Views)