Published: March 13, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
By now it’s crystal clear that no one individual, no business or organization or its employees are immune to email phishing attacks. And now, a socially engineered phishing campaign targeting top level EA (Electronic Arts) FIFA 22 video gamers and those with FIFA memberships was recently discovered. This successful email campaign may still be ongoing, EA FIFA warns in an online post.
EA alerted players that socially engineered email phishing campaigns led to account compromise of some of their top level gamers. The attackers also bypassed two-factor authentication protocols, a key layer of identity confirmation. EA currently believes fewer than “50 accounts have been taken over through a combination of phishing techniques and mistakes made by its customer experience team.”
They warn their members to be on high alert for any emails targeting them by name, making threats, and appearing to be from their organization, and claiming an email password change is needed. These are all “social engineering methods” warns EA in their post. They’re right about that.
A Phishing Email Favorite
On how the attacks are playing out, according to EA “Our investigation is ongoing as we thoroughly examine every claim of a suspicious email change request and report of a compromised account.” These emails use social engineering, a highly targeted hacking tactic using personal information gleaned from social media sites, online posts, and other sources to customize attacks.
Customized targeting or “socially engineered” means recipients are more likely to trust and open these emails, lower their guard, and act on a request. That’s why social engineering continues to be one of the most successful tactics for email phishing as shown with this EA/FIFA campaign.
EA announced they’re proactively working to prevent any email phishing and other attacks in the future. Their commitment to player security includes additional verification steps for account owners, updating their software to better identify suspicious activity and reduce user risk, and bolstering account security and re-training for EA Advisors and Customer Account teams. In this case, they say, the emphasis is on flagging phishing techniques.
FIFA Players: Protect Yourself
Using unique and strong password combinations gives better security for every online account and is always recommended. Keep a close lookout for emails with phishing red flags in mind, and always question an email asking you to take some type of action, especially if the request makes it sound urgent. This includes not clicking on links or opening attachments before you verify the sender is legitimate. And always enable MFA (multi-factor-authentication) whenever possible as it adds an additional layer of security that can stop a potential hack in its tracks. Whether you’re a top FIFA player or not, better account security is always a winning strategy.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org