OFFICIAL SECURITY BLOG

Origin is Giving Away Games and Coins — Not!

July 17, 2014 | BY

Recently, we found another Origin phish that promises freebies only to leave users frustrated for not getting anything in the end and embarrassed for falling for this scam. The phishing page is located at keys-ea-origin-for-free[dot]tk.

As a general rule, sites with the .tk extension must be avoided as the bad guys have been known to take advantage of this TLD for their nefarious purposes, such as hosting malware and phishing pages.

Seems legitclick to enlarge

As you can see, the page comes with a “Get Games” button for passers-by to click on. From here, it’s just a matter of selecting which titles they want to redeem:

Redeem these...click to enlarge

Potential victims are then presented with a form asking for their email address, password, ID, and security question. The “Contact Us” menu option at the left side of this page links to the official EA Support page.

Fake login formclick to enlarge

The embedded YouTube video we saw earlier, which claims to be from the BBC, links to an EA FIFA 14 coins phish:

Fake FIFA pageclick to enlarge

It’s interesting to see Origin scams becoming more and more popular.

Although they’re not as pervasive as scams about Steam, which remains the number one PC gaming platform fraudsters target, but they’re definitely on the up and up.

Whether you, dear Reader, have an account for either one or both, watch where you’re entering those logins and steer clear of danger.

Jovi Umawing

Other related post(s):


  • http://www.spam404.com spam404

    Thanks for documenting this. Freenom (the domain name provider behind “.tk”) have a very active abuse team when it comes to phishing content such as this.

    Abusive “.tk” content can be reported to the following email address – abuse[@]dot[.]tk

    I reported both phishing domains being promoted on the YouTube video to the above email address and both domains are now down.

    For abusive content being promoted on YouTube it would be ideal to flag the content but if no action is taken and you believe the content is definitely abusive you can report the content here – http://www.spam404.com/report.html – if the content is not removed after inital flagging efforts I will escalate the content directly to YouTube for review. However, in this case, it appears the YouTube video was removed – https://www.youtube.com/watch?v=LLJpX206zNM

  • Jovi Umawing

    @spam404 Hello :) No problem. Thank you for the info as well. Will report to abuse team of .tk if I come across abused sites in the future. I’ll take note of your other suggestions as well. Cheers!

  • still

    It’s like this site isn’t even trying, gosh, lol.