Recently, it has been revealed that several EA Sports accounts were compromised by hackers via phishing techniques. The threat-actors exploited EA’s live chat, targeting high-profile players for account takeover. The attackers utilised social engineering methods, exploiting errors within the customer experience team and using this to bypass two-factor authentication.
As a result, EA has released their strategy on how to prevent similar issues going forward and better secure player accounts. The steps are outlined below:
All EA Advisors and individuals who assist with service of EA Accounts are receiving individualised re-training and additional team training, with a specific emphasis on account security practices and the phishing techniques used in this particular instance.
We are implementing additional steps to the account ownership verification process, such as mandatory managerial approval for all email change requests.
Our customer experience software will be updated to better identify suspicious activity, flag at-risk accounts, and further limit the potential for human error in the account update process.
The post Several EA accounts compromised by phishing mails appeared first on IT Security Guru.
Support the originator by clicking the read the rest link below.
