Besieged By Hackers Daily, EA Tries To Stymie FIFA Phishing Scams

Besieged By Hackers Daily, EA Tries To Stymie FIFA Phishing Scams
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Kotaku Australia homepage to visit whenever you need a news fix.

Giant video game publisher EA and its most popular video games are rich targets for hackers and scammers, but the company is determined to fight back and protect its users, EA’s number two executive tells Kotaku.

Gamers should also try hard to protect themselves, chief operating officer Peter Moore advised, especially in light of rampant scams tied to the Xbox 360 version of last year’s FIFA game from EA.

Since late last year, numerous Xbox 360 players of 2011’s FIFA soccer game have reported that their accounts have been hacked by hooligans who would run up their credit card bills, buying Micrsoft Points on FIFA Ultimate Team cards (used for assembling the best possible team) and then selling the goods for profit.

Similar problems did not occur with the PS3 or PC versions of the game.

“It is not a FIFA hack,” EA’s chief operating officer Peter Moore told me during an interview in New York earlier this month. Microsoft reps have said the same thing. “It is some phishing experiment that uses FIFA as the end game because it’s an attractive game.” The distinction he’s making is between an exploit being found in the game’s software and a phishing scam, which usually involves tricking people into revealing personal information.

Neither Microsoft nor EA has detailed just what loopholes the scammers are using. (EA has published a guide to preventing FIFA phishers from getting player info.)

Moore said that EA has “worked with Microsoft” and with “some consumers” to try to fix things.

An EA spokesperson who sat with us during the interview added that, “in the last couple of weeks both on our side and Microsoft’s side both have put in more security controls in place around some of the transaction mechanisms. We’re not going to reveal what we’ve done, because it just becomes a target. We’ve put some additional measures in place and we think those are going to have a significant impact.”

Moore doesn’t think EA and FIFA were targeted by the scam because of problems on EA’s end but due to the popularity of the game. “There’s a currency in there,” he said. “People are clever today. They want… FIFA gold packs or the currency in there, because it’s global.” It’s something they can transact with.

EA is a popular cyber-target. Moore said the company is “attacked every day.” The game publisher has a full security bureau to deal with it. “If I showed you our hack attacks every day…” he started, before trailing off.

The EA rep nearby made sure to add that “most of them don’t get anywhere. They get shut down.”

Moore said that the best defence is… well, it’s one thing this very site recommended when Kotaku‘s parent company was hacked a little over a year ago. “People also need to change their passwords more regularly,” he said. “I’m as guilty as that.”

The FIFA phishing has been a blot for EA, even if they might be blameless here. It could be even worse, if those hack attacks make it through. For now, things are ok. “We have a lot of credit card data and we’ve been lucky so far that our security layers and our people that are dedicated to fending off the attacks are very good,” Moore said, looking for some wood to knock on before settling for a chair cushion, “but there for the grace of god go us.”


  • So its just a coincidence that most, if not all instances of hacking in this nature has resulted in FIFA12 ultimate team points being bought? No COD map packs (which I would’ve thought would be a popular one too). Only FIFA.

    • It IS oddly specific to FIFA but as they said in the article, the real draw of the thing for the hackers is not pissing off innocent people, its trading ingame items for real money which is something that you can’t do with a COD map pack

    • It’s only FIFA because FIFA is the only game that lets you spend someone’s points without recovering their gamertag. With all other games you need to have recovered the victims gamertag.

  • The comment about this only happening to people that play FIFA is wrong, anyone that has an EA account with a gamertag attached is vulnerable. Especially those that were in the SW:TOR beta. It happened to me a few months ago and I’m 99% sure I was phished while signing up for the SW:TOR beta. I received a message of a friend who is a FIFA addict asking me if I wanted to play FIFA with him, considering I’d never played FIFA and I wasn’t anywhere near my xbox I was surprised that he’d asked me. I then realized I’d be hacked/phished (In my opinion it’s a combination of both) and someone had been using my account. I quickly went to my xbox and was surprised to find that my account hadn’t been recovered on any other console but I was missing microsoft points. How did someone spend my points without even having my gamertag on said console? Well by using my EA account and a loop hole in FIFA that allows people to purchase in game content without having that gamertag on the console. I was lucky I didn’t have a credit/debit card linked to my account. This is when it gets really bad, I rang Microsoft and they said my account would need to be investigated and it would take up to and possibly over a month to get my points back, during this time I would loose all access to my account. There’s no way loosing 750 MS points could justify me loosing access my account for a month so I said no. Recently I saw Kotaku’s article which contained Alex Garden, I decided to take his offer and send him a lengthy email explaining my situation and how it was useless to block access to my gamertag considering that no one had access to my gamertag and I didn’t have enough points for anyone to make another purchase through FIFA. He replied within 24 hours and was pretty good about the situation, he said he would have someone contact me ASAP. Within another 24 hours I had another email from customer support telling me they would start an investigation (I started panicking thinking they would block access to my account which I had clearly stated that I didn’t want them to do). I woke up the next day to find an email stating that the investigation was completed and a code to redeem for my lost points and also a free month of gold. All in all I was quite happy withe the way it was handled after I had emailed Alex Garden, before that I was furious though. My main issue is that they seem to be applying band aids to a wound which clearly needs stitches, they’re tackling the effect while doing nothing to the source. *Finishes Rant*

    • During my rant I seem to have missed completing my sentences *drinks more coffee*. “Recently I saw Kotaku’s article which contained Alex Garden” <– WTF? That should have been "Recently I saw Kotaku’s article which contained Alex Garden's post about his dedication to security on xbox live". Please forgive me…

  • “People also need to change their passwords more regularly,” You could change them every 30 seconds, wouldn’t make a damn bit of difference to the hacker if he’s got a keylogger on you. Windows users should checkout a nice freeware called key scrambler which encrypts your keystrokes.

Show more comments

Log in to comment on this story!