• EA Games' Website Hacked and Leveraged for an Apple ID Phishing Scam

    The servers of video game publishers Electronic Arts have apparently been compromised. A new phishing page has been set up with the intent of stealing Apple ID usernames, passwords and credit card information. Two websites using the EA.com domain used to host calendars have been hacked and are being used to host a phishing site that appears identical to Apple’s own website. The new phishing attempt was exposed on Wednesday by security research firm Netcraft.

    On the page, users are being asked to sign in with their Apple ID and accompanying password, though the page itself is hosted on EA’s website. After a person enters their information, a second page asking for a full name, credit card number, expiration date, verification code, date of birth, phone number, mother’s maiden name and other information. Once a user was tricked into submitting their details, they are redirected to the actual Apple ID website in an attempt to play the rest off as legitimate.

    Netcraft was able to verify that the compromised server is hosted within EA’s own network and that the hacker who implemented the attack has installed and executed PHP scripts on EA’s server. Apple ID login credentials are a common target for hackers, as the information is used to access a variety of content offered by Apple from the App Store and iTunes.

    As of last year, it was estimated that Apple has an account base of more than 500 million users that have active credit cards tied to their Apple ID. This makes Apple’s user base one of the largest and fastest growing groups among technology companies, second only to Facebook. Social engineering techniques such as phishing scams that appear to present a legitimate website tend to be one of the most successful ways for hackers to steal users’ personal and financial information. Websites such as the one illegally hosted on EA’s servers attempt to dupe unsuspecting users into handing over usernames, passwords, credit card information and more.

    Presenting login forms under the “trusted” name of a brand such as Apple is another common practice in online phishing attempts. Users should always check that the URL of the current page they are visiting is associated with the service they believe they are logging into. Furthermore, today’s web browsers such as Apple’s Safari will also offer visual indications that the current website is legitimate certified and secure as well.

    Source: Netcraft
    This article was originally published in forum thread: EA Games' Website Hacked and Leveraged for an Apple ID Phishing Scam started by Akshay Masand View original post
    Comments 2 Comments
    1. mlee19841's Avatar
      mlee19841 -
      Wow. Play station network all over again.
    1. CZroe's Avatar
      CZroe -
      Quote Originally Posted by mlee19841 View Post
      Wow. Play station network all over again.
      Not really. As far as we know these guys only got the info stupid people submitted. The hackers stole stored account details from Sony.
  • Connect With Us

  • Twitter Box

  • Facebook