Support NeoGAF

[nampad]

What do you mean by duping support into handing over passwords? I thought the support can't see my password. Sony or EA support?

 

[Tal Shiar Agent]

Well with Amazon's new PSN digital store I'll just buy DLC and my Plus subscriptions there or just get a wallet voucher.

Also PayPal over the webstore is really nice too.

 

[LakeEarth]

I deleted my CC details on my 360, and have never added my CC to my PS3 or my 3DS. No chances. It can be annoying buying cards, but on the brightside it avoids spur of the moment purchases when my wallet is empty.

 

[Aaron]

What do you mean by duping support into handing over passwords? I thought the support can't see my password. Sony or EA support?

While they can't see it, they very likely have the ability to change it.

 

[nampad]

While they can't see it, they very likely have the ability to change it.

Wouldn't they just send you an email request?
I have read horror stories about people losing access to their accounts because they don't have access to their old ass email account anymore and haven't bothered updating the contact information in their profile with the support not willing to help.
Would be strange for them to change something important like that just over the phone.

Had to call the Sony support myself a couple of times some weeks ago and not every call agent asked for the birthday and address for my identification but then I didn't had to do something that important.

 

[danielcw]

You can purchase any card from the auction house using in game coins,

Any card in the auction house comes from another player, who somehow earned the card.
right?

 

[Palette Swap]

TBH, in 2014, a 2-step method option should be mandatory. That might not solve everything but at the very least, it could add some peace of mind.

EA are kind of shit too, in that they provide the means for these hijacks to be profitable.

BTW, as an aside, how do amazon digital purchases work?
I know for physical purchases they can only reuse CC info for existing addresses but how does it work for digital? ie if someone got hold of my amazon account, could they go on a digital shopping spree and resell the codes or is there a check I am missing?

 

[unknownstranger]

TBH, in 2014, a 2-step method option should be mandatory. That might not solve everything but at the very least, it could add some peace of mind.

EA are kind of shit too, in that they provide the means for these hijacks to be profitable.

BTW, as an aside, how do amazon digital purchases work?
I know for physical purchases they can only reuse CC info for existing addresses but how does it work for digital? ie if someone got hold of my amazon account, could they go on a digital shopping spree and resell the codes or is there a check I am missing?

From what I've heard people say they don't require your PSN for you to buy stuff, which means it's just a code that probably could be sold/given away similar to how it's done on PC. Most people here put way more trust for Amazon to not get hacked than console makers/publishers, but there's always a small chance for anything to get hacked.

 

[NOx_Covenant]

What do you mean by duping support into handing over passwords? I thought the support can't see my password. Sony or EA support?

Seems like it. I've never heard of Support doing this either.

More likely Scenario: These FIFA people are phishing your Yahoo/Gmail/Twitter passwords. And then using them to log into PSN. Most people have the same password for everything they use.

 

[Zomba13]

Removed my cc info and changed pass, thanks OP.

Same. Last time there were hacks my account was hacked, registered to a bunch of other PS3s and a load of money taken from my acount and spent on games. Sony would do nothing about it so I had to file a charge back and lose my Zomba13 account. Just logged in to change my pass and my details were saved so removed them too.

 

[NOx_Covenant]

Seems like it. I've never heard of Support doing this either.

More likely Scenario: These FIFA people are phishing your Yahoo/Gmail/Twitter passwords. And then using them to log into PSN. Most people have the same password for everything they use.

For example, this happened to me 3 days ago.

Got spammed with Russian tweets. I don't know what's up with Twitter, but it just seems very vulnerable to this stuff (where I never had my Gmail password taken). I've deactivated my account and changed my passwords.

 

[PartTimeWarrior]

Had to deal with this on my 360, it was the worst

 

[Curufinwe]

I just deleted my CC info, changed my password and added a PIN.

Can't be too careful.

 

[Tunesmith]

Gonna try and shed some light and maybe remove a little bit of FUD going on here.

What?
The scheme works like this: hijackers take control of an account (the specifics are not yet clear, but I would speculate that they dupe Support into handing over passwords), loads up the account with credit (using any credit or attached credit cards) and then spends them all on FIFA Ultimate Team packs. They then proceed to "open" them and transfer the players to their own account (via the in-game transfer tools), to resell on the grey market.

By "dupe Support into handing over passwords" you're talking about SEN Support? Because changing an Origin account's password would have zero impact on getting access to your SEN account and be able to misuse a PS4 or Xbox One copy of FIFA with your account (even if you share the same email across both). I do believe its much more likely that passwords were phished from emails/twitter/facebook and those sorts of things. PC would be a different story obviously as there's no middle-man there. Not saying duping SEN or EA support staff doesn't happen, but I don't think it's anywhere near the primary avenue of attack. Also, on PC fraudsters focus their attention more on generating one-time-use Origin accounts on their own using stolen credit cards and such. Takes too much time to social engineer access to people's accounts when you can generate them on your own digitally.

Where did all this credit come from?
An interesting element in this year's jackings is that there's reports of people getting charged hundreds of dollars and then never spending them. I'm not sure why.

This sounds like one of the many recent antifraud measures in place to stop these actions from happening and it occurred mid-action so to speak. After purchase, but before spend. Obviously the ones that happen before purchase you probably never hear about, unless you bank tells you that EA/Sony said your card is compromised (which they do).

What can EA do?
The question is "what will EA do?" and judging by the similarity of this event from last year's shenanigans, it appears that the answer seems to be "jack shit".

I know that the FIFA studio team is focusing an enormous amount of effort and time on curbing FIFA fraudulent activity, can't really speak on specifics but it's very very high up there on their daily priorities these days, alongside with other business units within EA working on curbing fraud on a 24/7 basis.

You have to realize that until very recently (think CEO regime change), EA was very siloed internally with game studios and EA business units operating very much on their own and with very little communication between them (may sound shocking since EA is that gigantic hegemony but it's true).


Some basic things you could do to improve your security, outside of having unique/strong passwords for SEN or Origin, also enable Origin 2-step authentication.

 

[Carbonox]

It's obviously a terrible thing if you fall victim to it but I do find it slightly comical that it's all over Ultimate Team monies for FIFA. :lol

I always delete my card details the moment I use it to buy something (If I want something I'll add them, buy, delete) cos I feel that is the safest method if I have to use a card.

 

[Rootbeer]

Thanks... all payment info removed as a precaution. This is some bullshit. Way to inspire confidence in me, Sony. Now if I want to buy something off PSN I have to buy a digital card off amazon first, adding more steps to the process and making me less likely to be spend on impulse buys.

 

[Afrikan]

can't Sony give us the option to not allow these kinds of purchases on our accounts? I never use this Ultimate team Bullshit.

no simple line of code? "This DLC is not authorized to be purchased by user's request?"

kind of like how if you purchased something already, PSN won't let you "buy" it again.

there seems like there could be simple fixes...and the only ones who would get fucked by these simple fixes are the hackers first, and EA with (in their delusional minds) potential lost DLC Sales.

 

[NOx_Covenant]

Thanks... all payment info removed as a precaution. This is some bullshit. Way to inspire confidence in me, Sony. Now if I want to buy something off PSN I have to buy a digital card off amazon first, adding more steps to the process and making me less likely to be spend on impulse buys.

I think part of the reason WHY people impulse buy is because it's so automatic.

I wouldn't be surprised if Sony did some market research and discovered that the increased purchases from a 1-click checkout outweighs the instances of potential fraud they could "easily" reimburse.

 

[wsoxfan1214]

So why isn't EA doing anything about this?

Because this is EA. This is the company that releases the embarrassment that is NBA Live 14 and markets it as "next gen". This is the company that releases Madden with virtually no changes each year. This is the company that releases a broken product with no changes and refuses to acknowledge shitty elements such as momentum engines and glitch goals in their NHL games. This is the company that allows DICE to release a broken product under their label on the PS4 and PC and neither is fixed yet.

This is an embarrassment of a company that gives no fucks about the consumer and only about making money, even if on broken, unfinished products. They probably don't give a shit. They're probably just happy that they're getting money from the packs being bought from people who don't get refunds after their accounts are compromised.

 

[bigboss370]

Yeah Sony reset my password yesterday. My account/info seems to be fine, should I still take off my credit card?

 

[Oregano]

I deleted my CC details on my 360, and have never added my CC to my PS3 or my 3DS. No chances. It can be annoying buying cards, but on the brightside it avoids spur of the moment purchases when my wallet is empty.

The 3DS only has the option to store your CC on the actual device and it can be PIN protected(and will delete the details after a few attempts). Honestly for better or worse Nintendo is laranoid about user security and this would be next to impossible on a Nintendo system.

My brother's XBL account got hijacked last year and Fifa stuff bought on it(my bro had an origin account but not fifa) and he never got the account back. Pain in the ass.

 

[Iced_Eagle]

Deleted my CC info from PSN. Thanks for the heads-up.

Also turned on 2-step authentication for my Microsoft account. If anyone has an account with them be sure to do that as well.

 

[AkelisRain]

Well, this explains why sony reset my password. It wasn't it simple pass either.:/
Damon, kindle!

 

[VibratingDonkey]

Unless I've authorized a device through a code sent to a device or email that belongs to me, don't let it access my account. Why isn't two-step standard across everything already?

 

[MThanded]

Bruh FIFA fans need to chill. Shit ain't that serious.

 

[chrominance]

Just hit a friend of mine. $150 spent on FIFA packs. Wiped all my billing info just to be sure, already had my password reset from the email sent out a few days ago. Yikes.

 

[rocketskates]

just hit me. i was checking my email and saw i got three emails all at the same time a couple of hours ago. three transactions, one for $5, one for $25 and one for $50. contacted sony customer support and they filed a refund request and said i should be approved for a request within 5-7 business days and then i would need to contact my bank to make sure the funds arrive back there.

 

[Mupod]

Sadly never saw this thread, and I got hit by it last night. In the middle of trying to change my password and remove my billing information now, but the website seems to be dead or at least doesn't work with this cellular internet. Also, sony support isn't available for around 4 more hours and I have to drive home just to call them. I never tied a CC to my xbox live account, and I usually didn't leave my billing info on my PSN account, but I just got Ni no Kuni the other day and forgot to take it off.

 

[Revolverson]

This happened to me last week. Contacted Sony and they said they're not refunding my money since they're not "liable for any unauthorised activity on our customer's Sony Entertainment Network account".
Yeah, Fuck you too.

But I got the money back from the CC company.

 

[Yagharek]

"liable for any unauthorised activity on our customer's Sony Entertainment Network account".

Sounds like people should stop using their digital store.

 

[mrklaw]

can you use PSN credit for Video Unlimited? I have this on my new TV and I wanted to rent something yesterday, and figured I'd try it out. But it asks me to input a valid credit card (which I didn't want to do, have removed it because of issues like this and just buy PSN cards now)

 

[RE_Player]

Shouldn't EA get in trouble for this? This has happened year after year because they allow digitally purchased FIFA items to be re-sold.

 

[Mupod]

[I should also note that, thus far, I've only seen reports of Americans getting jacked. I would still advise everyone to be on guard, and delete their credit card info from their SEN accounts]

Oh, I guess I should also note that I'm Canadian and got taken for exactly $99.99.

Was able to log into the account management website but I don't even see any billing info on file...I see 12000 FIFA points in the history though. Nothing else between Ni no Kuni and that. I guess I'll have to go home and log into my PS3 to get the billing info off.

 

[GoofsterStud]

Why don't these consoles have an authenticator option like wow or rift?

 

[John Caboose]

Thanks op, I'm going in to change pass (again). I actually removed my cc details as soon as I heard about the new intrusion.

 

[Yagharek]

Why don't these consoles have an authenticator option like wow or rift?

Probably because they get to keep money from fraudulent activity whilst fobbing off responsibility.

 

[Tunesmith]

Why don't these consoles have an authenticator option like wow or rift?

Both EA's Origin and Xbox (your Live ID) does have that functionality, SEN/PSN is the only network in the equation that doesn't.

 

[Mupod]

Oh come on. I got through to support but they said they can't do anything during the maintenance (which isn't supposed to be for 3 more hours).

At least he implied that he would be able to deal with the problem once everything was back up.

 

[Kai Dracon]

Generally speaking, do scammers require your email address to begin tricking support into resetting passwords, or just your visible PSN username?

Because my PSN account is using an email created just for it, that hasn't been seen anywhere else on the internet.

 

[smr00]

I swear this happens every year.

Yeah, i feel like this shit has been going on for like 5 years now.

 

[LiquidMetal14]

I don't get why it's FIFA doing this and no other games.

 

[RaikuHebi]

I don't get why it's FIFA doing this and no other games.

It's the most lucrative micro-transaction business.

 

[Mupod]

Well, finally got through to support and the refund was incredibly fast and painless. Guy said it'll go through in a few days at most.

The weird thing is that when PSN came back up I checked everything and none of my accounts had any billing info stored. Still changed my passwords, made sure a PIN was on etc.