• Hail Guest!
    We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
  • Greetings Guest, Having Login Issues? Check this thread!
  • Hail Guest!,
    Please take a moment to read this post reminding you all of the importance of Account Security.
  • Hail Guest!
    Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!

Is this Legit??

P

Purdy

Guest
I received an Email telling me that I signed up for some EAgame, which I did not, and they told me to update my billing info and to click on this to do it? Just wondering if fun.ea.com is legit. I didn't click on it but I googled it and its to receive some game newsletter.


1.Click on the following URL:
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Bsyv0Eh

2.Enter your email address and password to log in to your EA account
(assuming you are not currently logged into EA)
3.Mouse over your email address located at the top right corner to
view the drop down menu
4.Click on 'My Account'
5.Click on 'Edit' to make any updates
6.Click on 'Submit' located at the bottom of the screen

Keeping your account information up-to-date will allow EA to provide
important product information.

Thank you for your continued support,

Electronic Arts

----------------------------------------------------------------------

(C) 2008 Electronic Arts Inc. All rights reserved.
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Df0EX

Privacy Policy
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Da0ES

Legal Notices
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Df0EX

Terms of Service
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Dg0EY

Piracy
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0EOG0EM

Powered by DREAMmail
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Bmnj0EE

PRIVACY POLICY: Our Certified Online Privacy Policy gives you
confidence whenever you play EA games. To view our complete
Privacy Policy, go to
http://fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Da0ES

or write to: Privacy Policy Administrator, Electronic Arts Inc., 209
Redwood Shores Parkway, Redwood City, CA 94065.
 
S

Shyanne1

Guest
You know, I got this too. I just figured that it was a delayed email from a game I did buy because I never received it when I registered. I just ignored it.
 
I

imported_Juniper Skye

Guest
It's not legit, EA will never ask ou to update your billing info. You are in charge of your account, not them!
 
I

imported_Gracie Nito

Guest
There is no official website fun.ea.com. This is obviously a scam to gain access to your account information and/or billing information.
 
G

Guest

Guest
It does take you to the EA site and it uses your email address as the sign on.

I never could navigate the EA site. But the link you provided does take you to the EA site and you can go to other EA areas and get back to that site.

I would go to www.thesimsonline.com and look at my profile from that area and see if that game shows up. It shows all your EA accounts.
 
P

Purdy

Guest
I've been registered with EA since the beginning of TSO and this would be the first time they asked me to check my billing acct. In fact, EA never emailed me for anything, I only get newsletters for The Sims 1&2.

Just wanted to put it out there so no one falls for it.
 
I

imported_Gracie Nito

Guest
<blockquote><hr>

It does take you to the EA site and it uses your email address as the sign on.

I never could navigate the EA site. But the link you provided does take you to the EA site and you can go to other EA areas and get back to that site.

I would go to www.thesimsonline.com and look at my profile from that area and see if that game shows up. It shows all your EA accounts.

[/ QUOTE ]

Those links do not take you to any official EA websites. They take you to websites that might look official but they are NOT.
 
P

Purdy

Guest
Is somebody from EA going to shut down the site? I put the info here hoping someone from EA would see it and check it out.
 
G

Guest

Guest
When I click that top one it goes to: https://profile.ea.com/login.do

When I go to EA.com and click login it also takes me to that same site.

Whether or not it is a scam is another story.

But, he can safely check his EA games using the link I provided.
 
G

Guest

Guest
Just keep in mind that it is possible to list a link on an email such as
http://fun.ea.com bladda bladda bladda and change the actual link address to another site. It's a widely used method to fool people to get them to a different site.

I'm not saying that this is what is happening here, but if you get something like that and you point to the link on the email or whatever ... the actual place you are going to go will show up in the botton of your window.

I have received email that will offer me software updates or free trials of new version and it looks like something from Adobe or microsoft and include all the logos and legal notices but when you scroll or point to the address printed it shows you going to "www.gotcha.com" or something like that. An example of this is if you point to my listing at the beginning of this message you will see what i mean.
 
G

Guest

Guest
<font color=blue>Since jamming is BORING AS HELL. I hopped over to the UO stratics site. A member there also got this email. Also many told him it was a phishing attempt.

Notice the posters there are a little more hardcore than they are here.

I did not write this post: </font color=blue>

Dear Lord.

I'll educate you a little about this, then move on because this isn't worth too much of my time. You're talking to someone incredibly well versed and qualified in this field; not that you'd need to be to understand why those URLs are not illegitimate, but anyway.

"ea.com" is known as a domain name. It is a member of the ".com" top level domain. This is where the data is ultimately being served from here. Let's take a look at who owns that domain name, shall we?



--------------------------------------------------------------------------------

Registrant:
ELECTRONIC ARTS
209 Redwood Shores Parkway
REDWOOD CITY, CA 94065
US

Domain Name: EA.COM




--------------------------------------------------------------------------------

Right, so Electronic Arts own the domain. Good.

The "fun" part of the URL, which prefixes the "ea.com" is known as a subdomain. Subdomains are part of the parent domain, and are used by organizations typically to direct to alternative servers or areas within their network.

The URL in the first post which requests a login actually gets redirected to "profile.ea.com," which has an IP address of: 159.153.234.77. Let's take a look at the whois information for that IP then to see who it's assigned to:



--------------------------------------------------------------------------------

OrgName: Electronic Arts, Inc.
OrgID: ELECTR-60
Address: 209 Redwood Shores Parkway
City: Redwood City
StateProv: CA
PostalCode: 94065
Country: US




--------------------------------------------------------------------------------

Oh look, it's within EA's network assignment. Looks like EA are trying to scam your password from you! Oh wait, they already know it. They're just asking you to sign in.

Additionally, as I've already pointed out, the SSL certificate at profile.ea.com is valid and signed by a trusted third party who issues SSL certificates. This means your client has a connection to their server and the server is what it purports to be, since its certificate is valid and has been authenticated by a trusted authority.

There is no XSS exploit taking place here either, and the form upon signing in with valid credentials behaves normally.

The only way this would be a phishing attempt would be if the links in the actual email purported to go to those URLs, but in actual fact redirected elsewhere. As they stand in the first post, they only go to EA's servers. The only other way would be if someone had actually cracked into EA's servers, but then they'd have access to all your details anyway so they sure as hell wouldn't be asking you to sign in with them. I doubt they'd also be risking serious jail time for a few UO accounts, either.

You're certainly right to question links received in emails, or anywhere for that matter. However not everything asking you to sign in is a phishing attempt and in this case it simply is not. You're spreading fear for no reason in this case by persisting with the believe that it is, despite being told to the contrary by someone who has looked into it properly, and knows what she's talking about.

For the record, I've just signed in with that URL myself and here's the page you should eventually end up at:

--- A screenshot was here----

The only thing I'd say here was that EA's instructions in the email are out of date since they updated their site. You have to go over to the left-hand side to click "My Account" and edit it from there.
 
G

Guest

Guest
<blockquote><hr>

It's not legit, EA will never ask you to update your billing info. You are in charge of your account, not them!

[/ QUOTE ]


in this case this should be removed if its not legit email. thanks
 
T

Tristan Lewis

Guest
The thing some of you arent realising is if you sign up for the sims 3 newsletter the site name in the comfirmation email starts with fun.ea.com and it dont ask you to sign in. So is this legit honestly I have no clue.
 
P

Purdy

Guest
I don't remember signing up for Sims 3 newsletters and I don't remember when I signed up for Sims 1 &amp; 2 if I ever received a confirmation and to log in. Why would they bother sending a confirmation for a newsletter? I think all they send is a thank-you for signing up and it would say 'thank-you for signing up for the Sims 3 newsletter'.

I know I didn't register a new game with EA that's why I questioned it.
 
T

Tristan Lewis

Guest
This is a copy and paste of the email I cot when signing up for the sims 3 newsletter. Its titled "Your Email Signup Confirmation"


Thanks for signing up for emails and newsletters from The Sims(tm) 3!
You'll now receive all of the latest and greatest news and info about The Sims(tm) 3 at this email address, as you've requested.

If you'd like to manage your preferences or sign up for more emails and newsletters from Electronic Arts, just click on the link below:
http://preferences.fun.ea.com/ea/ea_prefctr.asp?Brand=gam

Have fun,

The Sims(tm) 3
 
I

imported_rpsky3

Guest
that is the same exact email i received on april 18. there is another post with this as well. there are others also receiving this. I did not click it, i dont trust things that come like that and i did not subscribe to anything on ea, nor did i update any information on it. My email is also not listed on the boards so i dont know why i got it either. just as another stated, just be cautious and if in doubt, dont click!
 
G

Guest

Guest
Looks like all these people signed up for the sims 3 newsletter.

LOL There was a thread here a few days ago about it. Seems people forget they sign up for stuff...

The new game it mentions is Sims 3!

They want you to update your info so EA can have a nice database of emails for them to use to advertise their products to you.
 
I

imported_Gracie Nito

Guest
<blockquote><hr>

Is somebody from EA going to shut down the site? I put the info here hoping someone from EA would see it and check it out.

[/ QUOTE ]

Purdy,

There is a sticky thread about email scams at the top of City Hall that gives you the steps you should take to report such events.
 
P

Purdy

Guest
The point is this email didn't mention Sims 3. I didn't paste the whole thing. The beginning of it said it looks like you registered this email, and it named my email address, for an EA game. What EA game?

It didn't mention the game that's why I thought it was odd. If it said thank you for registering for Sims 3 I wouldn't have questioned it.
 
G

Guest

Guest
With all the recent email scams and dev impersonators in game recently, I think its very sensible to double check and be safe rather than sorry


Polly
 
P

Purdy

Guest
<blockquote><hr>

This is a copy and paste of the email I cot when signing up for the sims 3 newsletter. Its titled "Your Email Signup Confirmation"


Thanks for signing up for emails and newsletters from The Sims(tm) 3!
You'll now receive all of the latest and greatest news and info about The Sims(tm) 3 at this email address, as you've requested.

If you'd like to manage your preferences or sign up for more emails and newsletters from Electronic Arts, just click on the link below:
http://preferences.fun.ea.com/ea/ea_prefctr.asp?Brand=gam

Have fun,

The Sims(tm) 3

[/ QUOTE ]


So your email looks a lot different than the one I got. Did yours have the same links as mine? And mine did not mention The Sims 3, it didn't mention any specific game it just said an EA game and I thought that was odd cause I did sign up for newsletters from EA and I know what the confirmations looks like and this didn't look like them. So I just posted it here to see if anyone from EA would confirm that they sent it.

Well anyway I ignored and deleted it.
 
O

oXTheSicknessXo

Guest
Just make a new account, sign in with that account with that link and see what happends
 
T

Tristan Lewis

Guest
YES it does look alot differant i was jus using it as an example that some lagit EA sites start out fun.ea.com.No need to be rude.Next time you need help call the cops i wont reply.
 
T

Tristan Lewis

Guest
They wont reply about the status of the game WTF makes you think they will reply bout this.
 
G

Guest

Guest
<blockquote><hr>

<font color=blue>Since jamming is BORING AS HELL. I hopped over to the UO stratics site. A member there also got this email. Also many told him it was a phishing attempt.

Notice the posters there are a little more hardcore than they are here.

I did not write this post: </font color=blue>

Dear Lord.

I'll educate you a little about this, then move on because this isn't worth too much of my time. You're talking to someone incredibly well versed and qualified in this field; not that you'd need to be to understand why those URLs are not illegitimate, but anyway.

"ea.com" is known as a domain name. It is a member of the ".com" top level domain. This is where the data is ultimately being served from here. Let's take a look at who owns that domain name, shall we?



--------------------------------------------------------------------------------

Registrant:
ELECTRONIC ARTS
209 Redwood Shores Parkway
REDWOOD CITY, CA 94065
US

Domain Name: EA.COM




--------------------------------------------------------------------------------

Right, so Electronic Arts own the domain. Good.

The "fun" part of the URL, which prefixes the "ea.com" is known as a subdomain. Subdomains are part of the parent domain, and are used by organizations typically to direct to alternative servers or areas within their network.

The URL in the first post which requests a login actually gets redirected to "profile.ea.com," which has an IP address of: 159.153.234.77. Let's take a look at the whois information for that IP then to see who it's assigned to:



--------------------------------------------------------------------------------

OrgName: Electronic Arts, Inc.
OrgID: ELECTR-60
Address: 209 Redwood Shores Parkway
City: Redwood City
StateProv: CA
PostalCode: 94065
Country: US




--------------------------------------------------------------------------------

Oh look, it's within EA's network assignment. Looks like EA are trying to scam your password from you! Oh wait, they already know it. They're just asking you to sign in.

Additionally, as I've already pointed out, the SSL certificate at profile.ea.com is valid and signed by a trusted third party who issues SSL certificates. This means your client has a connection to their server and the server is what it purports to be, since its certificate is valid and has been authenticated by a trusted authority.

There is no XSS exploit taking place here either, and the form upon signing in with valid credentials behaves normally.

The only way this would be a phishing attempt would be if the links in the actual email purported to go to those URLs, but in actual fact redirected elsewhere. As they stand in the first post, they only go to EA's servers. The only other way would be if someone had actually cracked into EA's servers, but then they'd have access to all your details anyway so they sure as hell wouldn't be asking you to sign in with them. I doubt they'd also be risking serious jail time for a few UO accounts, either.

You're certainly right to question links received in emails, or anywhere for that matter. However not everything asking you to sign in is a phishing attempt and in this case it simply is not. You're spreading fear for no reason in this case by persisting with the believe that it is, despite being told to the contrary by someone who has looked into it properly, and knows what she's talking about.

For the record, I've just signed in with that URL myself and here's the page you should eventually end up at:

--- A screenshot was here----

The only thing I'd say here was that EA's instructions in the email are out of date since they updated their site. You have to go over to the left-hand side to click "My Account" and edit it from there.

[/ QUOTE ]

You are absolutely 100% correct with what you have said here.
For anyone that doesn't understand what Aqua Lung means, the important part of any web address is what immediately proceeds the .com and follows a full stop before it.
In this case it is “ea”.
Look here to what I have highlighted.

fun.ea.com/cgi-bin24/DM/y/ekMh0PZshv0MJV0Bsyv0Eh

The bold section I have shown means that address is located in EAs domain, which means it is legit.
The "fun" that is before the full stop is controlled by EAs server, it is a sub domain they have set up.
You should also always check what comes up as the link address at the bottom left corner of your screen when you mouse over the link. Because there are ways to show one address as a link and have it go to another. They cannot however hide what the actual address it is linked to when showing at the bottom of the screen.
 
G

Guest

Guest
LOL took awhile for someone to read the whole thread. Too bad the OP didnt...
 
G

Guest

Guest
Even though I've studied computer security and know at least the basics about this stuff, I would just treat that as a phishing attempt and not bother trying to see if it's legit or not.

Anything in the mail that says "Go here and input your account information" is something that goes straight in the bin.

Spoofing is common and they probably know a lot more about how to make it appear legitimate, than I know about seeing if it's legitimate.
The bad guys are often a step ahead of the rest of us, after all, they study the subject on a daily basis.
 
You must log in or register to reply here.
Top