OFFICIAL SECURITY BLOG
May 21, 2014 | BY Jovi Umawing
With FIFA World Cup for this year just around the corner and the popularity of the event’s associated games, scammers remain keen to get in on the act. We have just seen a new Twitter account currently hijacking fan conversations with EA Sport’s official feed in an attempt to redirect them to phishing pages designed to steal email addresses, passwords, and answers to certain security questions.
The fake channel, @EASP0RTSF1IFA, recently appeared disguised as an “Official EA Advsisor (sic)”. Notice the “1” in the name, a character which might be glossed over easily by anyone who rely more on identifying profiles via their avatars and not by reading the Twitter handles carefully.
This account looks like the legitimate FIFA World Cup 2014 (@EASPORTSFIFA) account. It also practices the same tactic of intercepting messages to the legitimate account from Twitter users done by @EAFlFAHELPUK, the bogus account Chris Boyd profiled before.
@EASP0RTSF1IFA spreads two bitly shortened links to phishing sites that look similar.
Once users click on either of these links, they are directed to sub-domains created on Weebly, particularly:
As of this writing, the bitly links this bogus account spreads have almost 500 clicks. As we can see, this scam is effective as users continue to fall for it.
Please steer clear from the fake Twitter account. We also encourage you to block it, but ideally, report it to Twitter for spamming. These can be done with no more than two mouse clicks.
Other related post(s):
Hat tip: Thanks to Janne Ahlberg (@JanneFI) for catching this!