Threat Intel

Account Takeovers of High-Profile Accounts of ‘FIFA Ultimate Team’ Players

By

John Filitz

12 January 2022

labs2022-06-account-takeovers-high-profile-accounts-fifa-ultimate-team-players

Bulletin

ATO/BEC

What’s the news?

 

Electronic Arts (EA) announced that cybercriminals “exploited human error” among EA’s customer support staff, using socially engineered phishing emails to compromise less than 50 top trader accounts. A series of takeovers of high-profile accounts of FIFA Ultimate Team players led to accounts being cleared of points and thousands of dollars in game currency.

 

 

What’s the threat and why is it effective?

 

“Hackers prey on human vulnerabilities and, in this case, have capitalized on the fact that customer service teams are under considerable pressure to deliver a good customer experience and help people with their queries as quickly as possible.

 

In the case of this attack, bad actors preyed on human nature and applied brute force until they found a customer support person who would give in to their requests. What this attack highlights is that, even with awareness of a risk and processes in place to address this kind of risk, it’s a very difficult problem to solve on a large scale. Organizations with large customer-facing support functions have a much bigger burden, are interacting with customers on multiple communications channels, and often need to implement more layers of preventive controls to address the risk of process deviations.

 

This appears to be a targeted attack where attackers have gained a vast amount of information about the account holder to ensure they can answer multiple questions, so the back actor is able to pose as the account holder when required to do so. As these are ‘high profile’ top 50 user accounts which can earn from playing online as well they become more valuable.

 

 

What can be done to mitigate the threat?

 

This is a good opportunity for  EA to review their policies on such high profile attacks to understand the user and ask them out of the box questions about their activity that would be much harder to find out.

 

Best practices here include requiring additional confirmation to validate changes to users’ contact details via an email to the original email address and also ensuring that users are notified whenever account changes occur. While those notifications might be ‘annoying’ for some consumers, these types of features ultimately help users catch this kind of compromise and take action on their end when things don’t look right. As a result, the customer has an opportunity to catch what support teams can not.

John.png

John Filitz

Sr. Technical Cybersecurity Content Writer

Responsible for Technical Cybersecurity Content Writing at Tessian. Proficient enterprise IT subject matter areas are varied and include cybersecurity, cloud adoption, industry vertical technology trends, disruptive emerging technologies, and navigating the hybrid workplace. Previous work assignments have included leading enterprise IT innovation, research and advisory services for Fortune 1000 clients across industry verticals: Finance, retail, healthcare, manufacturing, telecommunications and IT, to name a few.

subscribe-newsletter.exe

Hear from the Security Team

Subscribe for Email Updates.

We will be rolling out new articles and guides on a regular basis. Sign up to get the latest delivered to you. Get new articles and guides, a curated list of events and job openings, and more.