OFFICIAL SECURITY BLOG
April 11, 2014 | BY Christopher Boyd
We’ve observed a Twitter feed claiming to be a support channel for all things EA Sport.
What tends to happen is someone sends a query to the official EA Sport account (@EASPORTSFIFA, note the verified symbol on the profile), at which point the one in question (@EAFlFAHELPUK) will interject into the conversation with a link to visit.
As it uses the same avatar as the official account, recipients may not notice they’ve been sidelined into an entirely different conversation. This is a pretty clever tactic – here’s an example:
The account sending links isn’t verified, and swore at another Twitter user not too long ago – not common behaviour for a support channel!
The link is a bit.ly link which so far has had 282 clicks since April 2nd. It leads to an EA Sports Origin login page.
Origin is EA’s answer to Steam, and all your EA games are tied to your Origin account. Handing that login to phishers could prove expensive if you can’t reclaim your stolen credentials.
Red card, please…