Phishing is a technique used by scammers to try to get your account information and passwords.

How does phishing work?

Phishing scams typically work by trying to trick you into thinking you are entering information into a legitimate website, when really you’re providing info to a scammer.

These scammers will try to use the login or other account information to access your account and payment information, if you have it stored on there. Avoid giving your info to phishers and scammers by only logging in on official EA sites.

They'll pretend to be EA

Phishers and scammers will try to get you to give out your account information, namely your password. We will never ask you for your password.

• If you get an email that appears to come from us and it asks for your account information, it’s a scam. We will never email asking you for your password.
• If you get a private message on our forums asking for your account information, it’s not us. Scammers may use names that sound legitimate, like “EA Admin” or “FIFA Developer.” If you get a message like this, report it to a forum moderator.
• If you get a private message through your console’s online messaging system claiming it’s us, it’s fake. We will never contact you through your console’s messaging system for any reason, so do not give out your details. Report the details of this message via Xbox Live and PlayStation™Network.
• If you use Facebook, Twitter, and other social media, make sure that you are only talking to our verified accounts. Facebook, Twitter, and Instagram all use blue check marks next to the page names to show that they are the real, verified accounts. When you hover over the check marks, they will tell you the account is legitimate. If you don't see a blue verified check mark next to a page, then it isn't us.

They’ll send fake emails about your account being hacked

Scammers will try to scare you into thinking your account has been compromised when it actually hasn’t.

You may get a message saying something like “Your account has been temporarily suspended due to suspicious activity. Please log in here to see more information.” This is another attempt to get you to give up your username and password, and logging in there will bring you to a site that isn’t http://www.ea.com.

As a reminder, we’ll never send you a message asking for your login information.

They’ll offer free stuff, cheap stuff, cheats, and hacks

You can come across scams and phishers when you click, visit, or try to make purchases from third-party sites. These sites will try to get you to visit them by advertising great deals on games, in-game currency, gamer accounts, ways to disable digital rights management (DRM), or hacks to modify game content.

• We do not sell in-game currency that you can earn by playing our games (like FIFA Coins), so the sale and purchase of those as well as EA accounts themselves are against our User Agreement. It's not worth the risk to your personal security or your account, and players who use these sites can also end up banned altogether.
• Only buy games from trusted retailers, otherwise we won’t be able to help you when something goes wrong.
• We do not need your login information to grant you in-game content such as packs, players, or coins. If we are giving out any in-game content, it will be automatically added to your account. We will not ask for your account info to give you prizes or presents.

Sometimes emails and websites look like they’re officially EA, but they’re actually from a third-party, nonsecure company.

EA sends emails from addresses that include “ea.com.” Be cautious of any email addresses that don't use “ea.com” as the domain name.

Even if they include "ea" somewhere in the email address, make sure it is from an official subdomain.

All ea.com subdomains will lead with the subcategory, then ea.com.

• Correct: www.help.ea.com
• Incorrect: www.ea.help.com

If you see the domain or subdomain written in any other way, this is not an official EA website.

Is e.ea.com an official email address?

Yes, e.ea.com is an official EA email address. Because it leads with the subcategory, then ends with ea.com, we can tell it’s a legitimate address.

Phishing emails

If you receive a phishing email or message, don’t panic. Your account may not have been compromised. All the phisher may have is your email address, which can be relatively easy to find.

Scammers can duplicate the images and text from an official EA email. If you receive a suspicious-looking email, check who the sender is and where the links in the email are taking you.

• Names, like email addresses, are easy to get — phishers will almost always use names in emails to seem trustworthy.
• Other links or elements in the email might actually take you to the real EA site, but a log in link will direct you to a fake site.
• When clicking on links in emails, make sure the link is directing you to the same place that was advertised. If you want to avoid clicking the link, you can always copy and paste the hyperlink into a URL to view it.

Misleading hyperlinks and phishing sites

The official EA website uses the URL http://www.ea.com. Be aware of any links that don't use “ea.com” as the domain name. Even if they include "ea" somewhere in the URL, make sure it is from an official subdomain, just like with email addresses.

The text of a hyperlink may contain a URL that is not the URL it actually links to.

Notice how in the image below, when you hover your mouse over this link, the URL in the text box in the bottom left does not match the original one we’ve hovered over.

Depending on your browser, you can check links like this in the bottom of your browser or in a small text box that hovers over the link.

Make sure that any link you click leads to the place it claims it will take you.

Redirection to a fake page

Redirecting is a technique where a scammer embeds something in a link that takes you to the real site initially, but then moves you to a fake page that looks identical.

There are many examples of this, but one simple thing to look out for in any URL is the word “redirect.” For example: http://www.ea.com/redirect?url=http://fakesite.com

See how it says “redirect” in the middle of the URL. This means that this link will take you away from the official EA site. We will never redirect you from http://www.ea.com to another site.