There are cheats out there who want your Ultimate Team account information. Here’s how to spot them, avoid them, and keep your Ultimate Team experience safe.
Remember, EA will never ask you for your login information. If you receive a message or link that feels suspicious, it most likely is. Always being aware of this is half of the battle. Now for the rest:
How It Works
Phishing is a way of tricking someone into giving up valuable personal information, like a user name and password. It always depends on the victim landing on a website that looks identical to the real thing. The goal of phishing is to have someone give up sensitive account information without even knowing it.
These types of scams are sometimes dependent on links that redirect you to another site. Normal examples of link re-direction are the tinyurl.com or bit.ly links that most people use on Twitter. Bad link re-direction happens when the scammer embeds something in the link that takes you to the real site to begin with, but then moves you to a fake page that looks identical. There are many examples of this, but one simple thing to look out for would be:
Another common tactic involves scaring you into thinking your account has been compromised when it actually hasn’t. You may receive a message saying something like: “Your account has been temporarily suspended due to suspicious activity. Please login here to see more information.” This is another attempt to get you to give up your username and password.
Is this site the real EA SPORTS Football login page?
The only way of recognizing a fake site is if you look carefully at your browser’s address bar. If you are quickly logging into the site without paying attention, your account will be compromised. To the casual observer, this site is a carbon copy. All of the other links on the fake site lead to the real EA site, but the scammer only cares about you filling out your login information and clicking the Sign In button. Once that is done, they have everything they need.
Compare the address bar on the fake site to the actual login page below:
How are users being scammed with FUT web in particular? This is mainly happening with Squad Share Links. This feature allows you to show off your squad through a unique URL.
Scammers post links asking other users to check out their squad. The link then re-directs the victim to a fake EA login page. It is important to remember that you don’t need to be logged into your EA account to view someone else’s share link. Share links can be viewed by anyone. If you are trying to view a share link and you are directed to a login page, don’t proceed any further.
A real share link will begin with: http://www.ea.com/uk/football/fifa-ultimate-team/app# and ends with a unique code consisting of letters and numbers.
Like this: http://www.ea.com/uk/football/fifa-ultimate-team/app#dLzZZb5hbakTS
Private Messages on Forums and Game Consoles
If you receive a private message on the Official FIFA 11 Forums, through Xbox Live or the Playstation Network, and it asks for your account details, it is a fake.
Scam artists will sometimes sign these messages with names like “EA Admin” or “FIFA Developer”. This is an obvious give away that the message should be ignored. If you receive a message like this, use the report feature built into your console’s messaging system. If the message comes from the forums, let one of the moderators know about it.
EA will also never contact you through your console’s messaging system. Ignore any console messages asking for your account details, or offering to give you coins and duplicate players. Any official communication from EA will always be sent out through email.
Before you click on a link, preview where it is taking you by hovering over it with your mouse cursor. The link location will be displayed at the bottom of your browser window.
Passwords and Bookmarks
Set your browser to remember your password for EA sites. This way, it will auto-fill the login form every time you visit the site. If you unknowingly go to a phishing site, the user name and password will not be filled in, so you will know it’s a fake.
Be sure to only do this on your home computer. If you login from a public computer, such as at school or a coffee shop, double check that your login information isn’t being saved by the browser. Be sure to delete the browser cache after you logout as well.
While not directly related to phishing, updating and maintaining your passwords is an important part of online security. EA IDs only require 4 characters, but you should use at least 8. Use a mix of letters, numbers, and special characters.
- Use different passwords for your EA account, console login, and e-mail.
- Change your passwords often.
- Do not use any information in your password that could easily be obtained (like your Gamertag/PSN name or FUT Squad).
- Delete any emails that contain password information, after writing it down in a safe place.
If you realize that you’ve entered your login info on a phishing site by accident, change your password right away. It’s most likely that the account has been compromised, but you may have time to save it.
Bookmarking the official EA sites is a good safety measure. It will not prevent you from clicking on phishing links, but it can help in avoiding logging into fake sites. Use the bookmarked version any time you need to login.
http://www.ea.com/uk/football/ (this address may vary slightly depending on your language and region, but it will always start with ea.com)
If you receive a phishing email message, don’t panic. Your account has not been compromised. All the scammer has is your email address, which can be relatively easy to find.
Scammers can duplicate the images and text from an official EA email in the same way they duplicate websites. If you receive a suspicious looking email, check who the sender is, as well as where the links in the email are taking you.
Some things to be aware of with phishing emails:
- Names are easy to obtain. Phishers will almost always use these in emails.
- Other links or elements in the email will actually take you to the real site, but the “click here” or “login” link will always be to a fake site.
- Good email will generally not ask you to do anything. Even if it is a promotional email for a game, there will be nothing saying you need to perform an action immediately.
- When clicking on links in emails, be sure it is directing you to the same place that was advertised.
The only time EA will contact you through email regarding your account is if you have forgotten your password and make a request to have it changed.
These browser tools and plugins will not stop all phishing sites. Unsafe website lists are used to keep track of phishing sites. These tools can also help you avoid sites that attempt to install malicious software without you knowing.
IE 7 and 8 have a built in phishing filter. Ensure this is enabled. It can be found under the Tools Menu.
This feature is built into Chrome and Firefox. You can also check a website’s security by using this Google diagnostic:
Web of Trust
This plugin is available for all operating systems. It can be installed on Firefox, Chrome, Internet Explorer, Safari and Opera. It uses a stoplight style rating system to warn against unsafe sites. It will install an icon beside your browsers address bar, as well as links and search engine results.
This plugin is very useful, and successfully blocked a known EA phishing site.
Locationbar2 (Firefox Only)
Similar to the address bar on Chrome, the Locationbar2 plugin puts emphasis on the domain name in order to help avoid phishing sites.
Report Phishing Sites to EA
We are continually taking action against phishing sites as we are made aware of them. We are also taking strong, prompt action against any users attempting to scam others using these sites or any other scams.
Please let us know about phishing sites by visiting http://support.ea.com
Login on the left and click Contact Us.