• Hail Guest!
    We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
  • Greetings Guest, Having Login Issues? Check this thread!
  • Hail Guest!,
    Please take a moment to read this post reminding you all of the importance of Account Security.
  • Hail Guest!
    Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!

Is this a spoof e mail from EA?

G

Guest

Guest
I received this e mail yesterday for the first time. I didn't click on anything I thought I would come here first to verify it. Has anyone got one of these and are they legit?

Dear Valued EA Customer,

Our records indicate the email address [email protected] was used to
create an account when registering or entitling an EA product. If you
wish to update your account information, such as email address, email
preference, or billing/shipping information, please follow the below
steps:

1.Click on the following URL:
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bsyv0Eu fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bsyv0Eu]http://fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bsyv0Eu]http://fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bsyv0Eu

2.Enter your email address and password to log in to your EA account
(assuming you are not currently logged into EA)
3.Mouse over your email address located at the top right corner to
view the drop down menu
4.Click on 'My Account'
5.Click on 'Edit' to make any updates
6.Click on 'Submit' located at the bottom of the screen

Keeping your account information up-to-date will allow EA to provide
important product information.

Thank you for your continued support,

Electronic Arts

----------------------------------------------------------------------

(C) 2008 Electronic Arts Inc. All rights reserved.
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Df0Ek fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Df0Ek

Privacy Policy
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Ef fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Ef fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Ef fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Ef

Legal Notices
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Df0Ek fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Df0Ek fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Df0Ek fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Df0Ek

Terms of Service
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Dg0El fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Dg0El fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Dg0El fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Dg0El

Piracy
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0EOG0EZ] fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0EOG0EZ fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0EOG0EZ fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0EOG0EZ

Powered by DREAMmail
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bmnj0ER fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bmnj0ER fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bmnj0ER fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Bmnj0ER

PRIVACY POLICY: Our Certified Online Privacy Policy gives you
confidence whenever you play EA games. To view our complete
Privacy Policy, go to
fun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Effun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Effun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Effun.ea.com/cgi-bin24/DM/y/ekMh0XKJQR0MJV0Da0Ef

or write to: Privacy Policy Administrator, Electronic Arts Inc., 209
Redwood Shores Parkway, Redwood City, CA 94065.


All active links have been removed for reasons of safety.
 
I

imported_Spiritless

Guest
If those URLs do not direct elsewhere within the actual email itself, and go to the URLs that you've posted, then it's legitimate. Those are all EA's domains.
 
G

Guest

Guest
Seems to me like a phishing attempt. Those aren't the actual URLs for the EA sites for the information listed. Not to mention each URL is exactly the same. Tried going there on a linux VM... got an invalid URL message. So yea...hoax.
 
G

Guest

Guest
With so many hacks going on these days I just didn't trust the email. If ea wanted to know if I had any updated information it could have been posted on my account page for the game. But maybe it is just my over cautious attitude. I just don't respond to this type of e mail and I won't to this one. Real or not. Thanks for verifing the authenticity.
 
G

Guest

Guest
How hard is it to remember to always go to the site yourself (with your own link) to change anything? Any email with a link like this is generally a scam.
 
M

Maximinus Thrax

Guest
Phishing indeed.

No legitimate business will ever ask you for your password.
 
G

Guest

Guest
This is why I do not respond to any e mails game related. I feel even better now that I deleted it. I guess it was the fun.ea that concerned me it just didn't feel corporate enough to me. Thanks
 
G

Guest

Guest
<blockquote><hr>

How hard is it to remember to always go to the site yourself (with your own link) to change anything? Any email with a link like this is generally a scam.

[/ QUOTE ]

Crysta there are a few new players to the game that may just go to the site not knowing it is a scam. It never hurts to post something like this to make others aware these are being sent out. At least I don't think so.
 
I

imported_Spiritless

Guest
<blockquote><hr>

Phishing indeed.

No legitimate business will ever ask you for your password.

[/ QUOTE ]Stratics asks you for your password each time you have to sign in to the forums. Is that a phishing attempt too? Your comments are pretty stupid, since that's essentially exactly what the links in the first post are asking you to do.

Once again, those URLs are legitimate. The domain "ea.com" belongs to EA. "fun" is just a subdomain. What's more, the SSL certificate is signed by Equifax and it is valid.

There is no scam or phishing attempt here. Just a whole lot of paranoia.
 
G

Guest

Guest
There's a difference is that when you go to stratics.com, you're going to a URL you know from a bookmark. When you click on a link in an email, are you really going to the website you think you are? Does the URL really point to the company's domain? Does it contain a typo? Does it contain a unicode character that, in your font, is displayed as an "e" and an "a" but isn't? Does the URL contain javascript or gibberish that attempts to override what your browser displays to you as a URL. Does it use some exploit that isn't widely understood/patched yet.

Sadly, despite the best efforts of various software and email providers, email phishing has become so widespread and so well-polished that IMHO, you just shouldn't trust any unexpected email any more. Opinions may vary, but that's mine.
 
G

Guest

Guest
Please remove the active link so ppl that do not know better will be hurt further. We have a lost alot of player base as it is now.
 
I

imported_Spiritless

Guest
All of what you said is valid. However the poster said that "no legitimate business would ask you for your password." This is just incorrect. Passwords are needed to sign in to accounts, obviously.

Fact is, those URLs are legitimate if they do indeed direct to the locations that they appear to in the first post. End of discussion really. This isn't a phishing attempt.

<blockquote><hr>

Please remove the active link so ppl that do not know better will be hurt further. We have a lost of player base as it is now.

[/ QUOTE ]THE URLS IN THE FIRST POST ARE VALID EA LINKS. They will "hurt" no-one. Read the thread.
 
G

Guest

Guest
<blockquote><hr>

<blockquote><hr>

Phishing indeed.

No legitimate business will ever ask you for your password.

[/ QUOTE ]Stratics asks you for your password each time you have to sign in to the forums. Is that a phishing attempt too? Your comments are pretty stupid, since that's essentially exactly what the links in the first post are asking you to do.

Once again, those URLs are legitimate. The domain "ea.com" belongs to EA. "fun" is just a subdomain. What's more, the SSL certificate is signed by Equifax and it is valid.


There is no scam or phishing attempt here. Just a whole lot of paranoia.


[/ QUOTE ]

If they are valid why don't you go toss all your information in and see how long it is before you are hacked then come tell us all about it.

fun.ea.com is a scam. There was another page that used a different ea.com url and it directed you to a clone of the real uo page and on the clone page it looked like a post by someone at ea with a link to more info the minute you clicked that link you were had.

So yes there are scam pages that use an ea.com address.
 
I

imported_Spiritless

Guest
Dear Lord.

I'll educate you a little about this, then move on because this isn't worth too much of my time. You're talking to someone incredibly well versed and qualified in this field; not that you'd need to be to understand why those URLs are not illegitimate, but anyway.

"ea.com" is known as a domain name. It is a member of the ".com" top level domain. This is where the data is ultimately being served from here. Let's take a look at who owns that domain name, shall we?

<blockquote><hr>

Registrant:
ELECTRONIC ARTS
209 Redwood Shores Parkway
REDWOOD CITY, CA 94065
US

Domain Name: EA.COM

[/ QUOTE ]Right, so Electronic Arts own the domain. Good.

The "fun" part of the URL, which prefixes the "ea.com" is known as a subdomain. Subdomains are part of the parent domain, and are used by organizations typically to direct to alternative servers or areas within their network.

The URL in the first post which requests a login actually gets redirected to "profile.ea.com," which has an IP address of: 159.153.234.77. Let's take a look at the whois information for that IP then to see who it's assigned to:

<blockquote><hr>

OrgName: Electronic Arts, Inc.
OrgID: ELECTR-60
Address: 209 Redwood Shores Parkway
City: Redwood City
StateProv: CA
PostalCode: 94065
Country: US

[/ QUOTE ]Oh look, it's within EA's network assignment. Looks like EA are trying to scam your password from you! Oh wait, they already know it. They're just asking you to sign in.

Additionally, as I've already pointed out, the SSL certificate at profile.ea.com is valid and signed by a trusted third party who issues SSL certificates. This means your client has a connection to their server and the server is what it purports to be, since its certificate is valid and has been authenticated by a trusted authority.

There is no XSS exploit taking place here either, and the form upon signing in with valid credentials behaves normally.

The only way this would be a phishing attempt would be if the links in the actual email purported to go to those URLs, but in actual fact redirected elsewhere. As they stand in the first post, they only go to EA's servers. The only other way would be if someone had actually cracked into EA's servers, but then they'd have access to all your details anyway so they sure as hell wouldn't be asking you to sign in with them. I doubt they'd also be risking serious jail time for a few UO accounts, either.


You're certainly right to question links received in emails, or anywhere for that matter. However not everything asking you to sign in is a phishing attempt and in this case it simply is not. You're spreading fear for no reason in this case by persisting with the believe that it is, despite being told to the contrary by someone who has looked into it properly, and knows what she's talking about.

For the record, I've just signed in with that URL myself and here's the page you should eventually end up at:



The only thing I'd say here was that EA's instructions in the email are out of date since they updated their site. You have to go over to the left-hand side to click "My Account" and edit it from there.
 
G

Guest

Guest
Ok,

I not going to say your wrong, since it does seem that you did the research.

But have we not been told over and over by EAMythic representatives (jeremy, etc) That EA would never ask for your account password?

Since this email seems to be valid, would this not present a change in EAMythic policies/practices? And if they have changed their policy, why were we not told, either here or other forums, a post on the herald, or on the log in screen?

Seems to be generating needless confusion, between the company and the paying community.
 
G

Guest

Guest
Well, the e-mail does not ask for your password directly. It simply states the steps to take if you would like to update your EA Account. So, a little different than the fake e-mails that ask you to reply with your account information.

It's always best to be on the safe side and research things out before jumping in though.
 
I

imported_Spiritless

Guest
Well, this seems to be an email from EA generally rather than the UO branch. Accounts with EA are global and that's where this kind of thing appears that it's come from.

When they refer to "not asking for your account information" though, they're talking about things like this:

<blockquote><hr>

To: [email protected]
From: EA Games &lt;[email protected]&gt;
Subject: update ur EA account today!

hi, plz to send ur acct name and password and we wil mk sure UR acct is up 2 date thx? k.

plx click reply and send to this address!!1

[/ QUOTE ]Sometimes, it's necessary to use your account details for purposes of logging in.

Let's take a look at http://uogamecodes.com for example. A lot of people made noise about this site asking for your UO account name and password. But, if you think about it, how else are they going to authenticate you? Signing in to these sites is just like typing your UO account name and password into the UO client's window.

So, while the policy of employees "not asking for your password" through email or PM on the message boards apply, for example, there are situations where you'll be required to use these details to sign in to official EA sites, just as you require them to use the game itself.

Obviously when signing in to these sites, caution should be applied. The original poster here and all those questioning the legitimacy of the email were right to do so. The unfortunate truth is that links generally shouldn't be trusted; you should always look out for your own security by verifying the basics by yourself such as ensuring you're visiting a valid URL and the necessary encryption and certification technologies are in place prior to entering any details which may be sensitive. Not all phishing attempts are as obvious as the one in my post here and indeed some are quite sophisticated in their nature and deceptive. That's why airing on the site of caution is the best policy.
 
G

Guest

Guest
<blockquote><hr>

Ok,

I not going to say your wrong, since it does seem that you did the research.

But have we not been told over and over by EAMythic representatives (jeremy, etc) That EA would never ask for your account password?

Since this email seems to be valid, would this not present a change in EAMythic policies/practices? And if they have changed their policy, why were we not told, either here or other forums, a post on the herald, or on the log in screen?

Seems to be generating needless confusion, between the company and the paying community.

[/ QUOTE ]

Maybe I missed something, but it doesn't sound like the email is asking for you to send your password (in a reply for example) but asking you to follow the link and log in with account info and password, which is normal procedure. Many phishing emails do this of course, but the links are misleading, and do not go to where they appear. In this case though, as someone else pointed out, fun.ea.com is a child domain of ea.com. You can always check a link's destination by hovering the mouse cursor over it (don't click on it!).

For example, I can make my link say:

http://www.uo.com/account.html

But hover the cursor over it and look in the lower left portion of your browser window.

-Skylark
 
M

Mormgeil

Guest
<blockquote><hr>

Dear Lord.

I'll educate you a little about this, then move on because this isn't worth too much of my time. You're talking to someone incredibly well versed and qualified in this field; not that you'd need to be to understand why those URLs are not illegitimate, but anyway.



[/ QUOTE ]

Since you are so incredibly well versed and qualified in the field (which field was that? ) you should be aware of cache poisoning. In the case of which, your simplistic analysis is not worth a hill of beans.

You might want to turn the certainty dial down a bit since you are overlooking more than one method of exploitation in your little universe of options.

Don't click links in mail kids.
 
I

imported_Spiritless

Guest
<blockquote><hr>

[...] you should be aware of cache poisoning. In the case of which, your simplistic analysis is not worth a hill of beans.

[/ QUOTE ]You realized that the SSL digital certificate validation makes cache poisoning highly unlikely before posting, right? Something which I've already talked about previously.

I could sit here all day and quote methods of attack to you. Ultimately, if we ran through them all, we'd all be too scared to even type a link into a browser and visit it.

There's no such thing as complete security when you're connected to a public network. There becomes a threshold, however, in which vectors of attack become increasingly less likely though.
 
You must log in or register to reply here.
Top