Electronic Arts SportsThe EA Sports logo
Share

FIFA 17 Ultimate Team™ - Account Safety

Posted September 29th at 7:30pm.

With several promotions occurring in FIFA Ultimate TeamTM throughout the year, it’s important to keep your login information safe.

This article will help you keep your FIFA Ultimate Team safer and avoid falling for some of the scams cheaters use to steal information and compromise accounts.

COIN BUYING/selling CAN LEAD TO ACCOUNT LOSS

Be aware that buying coins or pre-loaded accounts from third-party sites violates EA’s Terms of Service and will lead to an account ban.

Click here to read our new ban policy for FIFA 17 and how we’re keeping FUT fair, fun, and secure.

HOW TO PROTECT YOUR FIFA ULTIMATE TEAM

EA will NEVER ask you for your login information.

There are no exceptions to this rule. Even if you receive an email that looks like it’s coming from EA, if it asks for your login information it’s a scam.

FOUR SIMPLE RULES

To help reduce accounts being compromised or “phished”, it’s always wise to follow these rules:

  • NEVER share your login information publicly.
  • NEVER click links asking for login information or claiming your account might be compromised
  • ALWAYS double-check the sign-in web address starts with http://www.easports.com/
  • ALWAYS make sure the web address does not redirect to a non-EA site

Set-up login (two-step) verification for added security. Click here to get started.

Make sure you keep your Origin account up to date. To maximize your account security make sure you use a unique password for all the services you use as well.

What is “phishing”?

'Phishing' is the term used when an online scammer attempts to trick someone into giving up valuable information (like your login information and password) by landing on a fake website and entering in your account details.

FAKE EMAILS AND COPYCAT WEBSITES

You receive an email that appears to come from EA about a FIFA Ultimate Team promotion. You click on the link in the email, go to what may seem like the FIFA Ultimate Team login page, and enter your login name and password. Two days later you discover all the gold players you’ve worked so hard for have disappeared.

Sound familiar? Hopefully not, as the person above was just phished. As most phishing websites look identical to the real thing, most Users don’t even realize they’ve been phished until it’s too late.

The official EA SPORTS FIFA Log-in page.

Versus

A phishing site's attempt at recreating the page.

Notice the differences?

  1. Page tab lacks the Origin Logo
  2. URL has a ".moonfruit.com" extension and the spelling of EA SPORTS wrong.
  3. Moonfruit link
  4. We would never ask for your security answer. Also, password field does not hide your password
  5. Links at the bottom of the page are not linkable.

HOW CAN I TELL THE DIFFERENCE BETWEEN A PHISHING SITE AND THE AUTHENTIC EA ONE?

The official EA SPORTS website uses the following web address: http://www.easports.com/.
You may also be contacted directly by EA or EA SPORTS via email containing one of more of the following official EA and EA SPORTS web links on EA SPORTS FIFA, FIFA Ultimate Team, EA SPORTS Football Club, or EA :

  1. ea.com
    www.eaports.com/fifa
    www.futpromos.com
    www.easportsfootball.com
    www.easportsfootballclub.com

Any other similar looking URL are not official and you should avoid.

Head-to-head comparison. Note that the phishing site (bottom), while it seems identical to an older version of the official EASPORTS.com/FIFA site, the URL is different.

BEWARE OF REDIRECTS

Redirecting is a technique where a scammer embeds something in a web link that takes you to the real site to begin with, but then moves you to a fake page that looks identical. There are many examples of this, but one simple thing to look out for in your address bar would be: http://www.easports.com/redirect?url=http://fakesite.com

Note the “redirect?” part of the web address. This means you go to a different site than official EA one.

SCARE TACTICS

Another common tactic involves scaring you into thinking your account has already been compromised when it actually hasn’t. You may receive a message saying something like: “Your account has been temporarily suspended due to suspicious activity. Please login here to see more information.” This is another attempt to get you to give up your username and password. As always, the result is directing you to a fake site and not http://www.easports.com/fifa.

EA will NEVER send you emails claiming that there is a problem with your account. EA will NEVER contact you via ANY means asking for this information.

ON THE FORUMS

If you ever receive a private message in the forums asking for your login information, it is fake. Scammers will even use names that sound legitimate, such as “EA Admin” or “FIFA Developer”. Again, EA will never ask you for your login information.

If you do receive a message like this report it to one of the forum moderators. Those responsible for sending messages of this kind will suffer swift justice – justice that could affect more than just their forum privileges, up to and including a full console ban.

ON YOUR CONSOLE

If you ever receive a private message through your console’s online messaging system asking for your login information, it is fake. EA will never contact you through your console’s messaging system for any reason. Do not give out your details and report the details of this message using the built-in report tool.

The FIFA Ultimate Team WEB APP

Scammers are using Shared Squad links to try to phish information. Remember: you don’t need to log into to your EA account to view a Shared Squad. Anyone can view a Shared Squads, and like every other official link, they always start with http://www.easports.com/.

If you’re trying to view a Shared Squad and are then redirected to a sign-in page, it’s a scam. Do not go ahead any further.

ADDITIONAL SECURITY

Extra to the steps listed above, here are some more precautions you can take to protect your information.

PREVIEW LINKS

Before you click on a web link, preview where it is taking you by hovering over it with your mouse cursor. Some browsers, display the URL at the bottom of the browser window.

HOME COMPUTER – PASSWORDS AND BOOKMARKS

Set your browser to remember your password for EA sites. This way, it will auto-fill the login form every time you visit the site. If you unknowingly go to a phishing site, you account information will not show up, so you will know it’s a fake. Be sure to only do this on your home computer.

PUBLIC COMPUTERS

If you log in from a public computer, such as at a school or a coffee shop, double-check that your login information isn’t being saved by the browser. Be sure to clear the browser cache after you log out as well.

PASSWORD INTEGRITY

While not directly related to phishing, updating and maintaining your passwords is an important part of online security.

Use the following suggestions to help develop a password that is harder to guess:

Although EA IDs only need four (4) characters, you should use at least eight (8). Using a combination of letters, numbers, and special characters is a good way to further secure your account.

Use different passwords for your EA account, console login, and email

Change your passwords often

Do not use any information in your password that could easily be obtained (like your Gamertag/PSN name or FUT Squad)

Delete any emails that contain password information after writing it down in a safe place

FUT SECURITY QUESTION

In order to prevent unwanted Users from accessing your account, you will need ;to create a Security Answer on the FUT Web App. Additionally, you must enter this answer the next time you log in via your console.

Make sure to remember the answer! It will occasionally be asked on the FUT Web App and EASFC Mobile app so that your coins and players stay safe. If you ever happen to change your console, you must enter your answer again.

WHAT TO DO IF YOU’VE BEEN PHISHED

If you believe you’ve entered your login info into a phishing site by accident, change your password right away as you may still have time to save it.

Then contact EA’s customer service team immediately at http://support.ea.com, providing as much detail and evidence as you can. In particular, our team will need exact details of what items you have lost, plus a date and a time of when you lost them.

EMAIL

If you receive a phishing email message, don’t panic. Your account has not been compromised. The only information they have is your e-mail address, which are easy to find. Scammers duplicate the images and text from an official EA email, in the same way they copy websites. If you receive a suspicious looking email, check who the sender is, as well as where the links in the email are taking you. Some things to look out for with phishing emails:

Names are easy to obtain—phishers will almost always use these in emails.

Other web links or elements in the email will actually take you to the real site, but the “click here” or “login” link will always be to a fake site.

When clicking on web links in emails, be sure it is directing you to the same place that they advertise.

The only time EA will contact you through email about your account is if you have forgotten your password and you make a request to have it changed.

Browser tools and plugins will not stop all phishing sites. Unsafe website lists help to keep track of phishing sites. These tools can also help you avoid sites that attempt to install malicious software without you knowing.

Many major browsers have built-in phishing filters. Enable these features as a safe measure. You can also check a website’s security by using this Google diagnostic: http://www.google.com/safebrowsing/diagnostic?site=easports.com

WEB OF TRUST 
HTTP://WWW.MYWOT.COM/EN/DOWNLOAD

This plugin is available for all operating systems and installed on Firefox, Chrome, Internet Explorer, Safari, and Opera. It uses a stoplight-style rating system to warn against unsafe sites. It will install an icon beside your browsers’ address bar, as well as links and search engine results.

This plugin is very useful and successfully blocked a known EA phishing site.

LOCATIONBAR2 (FIREFOX ONLY) 
HTTPS://ADDONS.MOZILLA.ORG/EN-US/FIREFOX/ADDON/LOCATIONBAR%C2%B2/

Similar to the address bar on Chrome, the Locationbar2 plugin puts emphasis on the domain name to help avoid phishing sites.

REPORT PHISHING SITES TO EA

We are continually taking action against phishing sites as soon as discover them. We are also taking strong, prompt action against any users attempting to scam others using these sites or any other scams.

Please let us know about phishing sites by visiting http://support.ea.com. Login on the right and click Contact Us.

For more info on FIFA Ultimate Team account safety or further help with any EA SPORTS game, please be sure to visit the new EA Help website.