Also PayPal over the webstore is really nice too.
Wouldn't they just send you an email request?While they can't see it, they very likely have the ability to change it.
I have read horror stories about people losing access to their accounts because they don't have access to their old ass email account anymore and haven't bothered updating the contact information in their profile with the support not willing to help.
Would be strange for them to change something important like that just over the phone.
Had to call the Sony support myself a couple of times some weeks ago and not every call agent asked for the birthday and address for my identification but then I didn't had to do something that important.
EA are kind of shit too, in that they provide the means for these hijacks to be profitable.
BTW, as an aside, how do amazon digital purchases work?
I know for physical purchases they can only reuse CC info for existing addresses but how does it work for digital? ie if someone got hold of my amazon account, could they go on a digital shopping spree and resell the codes or is there a check I am missing?
From what I've heard people say they don't require your PSN for you to buy stuff, which means it's just a code that probably could be sold/given away similar to how it's done on PC. Most people here put way more trust for Amazon to not get hacked than console makers/publishers, but there's always a small chance for anything to get hacked.Originally Posted by Palette Swap
TBH, in 2014, a 2-step method option should be mandatory. That might not solve everything but at the very least, it could add some peace of mind.
EA are kind of shit too, in that they provide the means for these hijacks to be profitable.
BTW, as an aside, how do amazon digital purchases work?
I know for physical purchases they can only reuse CC info for existing addresses but how does it work for digital? ie if someone got hold of my amazon account, could they go on a digital shopping spree and resell the codes or is there a check I am missing?
Seems like it. I've never heard of Support doing this either.What do you mean by duping support into handing over passwords? I thought the support can't see my password. Sony or EA support?
More likely Scenario: These FIFA people are phishing your Yahoo/Gmail/Twitter passwords. And then using them to log into PSN. Most people have the same password for everything they use.
Same. Last time there were hacks my account was hacked, registered to a bunch of other PS3s and a load of money taken from my acount and spent on games. Sony would do nothing about it so I had to file a charge back and lose my Zomba13 account. Just logged in to change my pass and my details were saved so removed them too.Removed my cc info and changed pass, thanks OP.
For example, this happened to me 3 days ago.Originally Posted by NOx_Covenant
Seems like it. I've never heard of Support doing this either.
More likely Scenario: These FIFA people are phishing your Yahoo/Gmail/Twitter passwords. And then using them to log into PSN. Most people have the same password for everything they use.
Got spammed with Russian tweets. I don't know what's up with Twitter, but it just seems very vulnerable to this stuff (where I never had my Gmail password taken). I've deactivated my account and changed my passwords.
Can't be too careful.
By "dupe Support into handing over passwords" you're talking about SEN Support? Because changing an Origin account's password would have zero impact on getting access to your SEN account and be able to misuse a PS4 or Xbox One copy of FIFA with your account (even if you share the same email across both). I do believe its much more likely that passwords were phished from emails/twitter/facebook and those sorts of things. PC would be a different story obviously as there's no middle-man there. Not saying duping SEN or EA support staff doesn't happen, but I don't think it's anywhere near the primary avenue of attack. Also, on PC fraudsters focus their attention more on generating one-time-use Origin accounts on their own using stolen credit cards and such. Takes too much time to social engineer access to people's accounts when you can generate them on your own digitally.Originally Posted by Delusibeta
What?
The scheme works like this: hijackers take control of an account (the specifics are not yet clear, but I would speculate that they dupe Support into handing over passwords), loads up the account with credit (using any credit or attached credit cards) and then spends them all on FIFA Ultimate Team packs. They then proceed to "open" them and transfer the players to their own account (via the in-game transfer tools), to resell on the grey market.
This sounds like one of the many recent antifraud measures in place to stop these actions from happening and it occurred mid-action so to speak. After purchase, but before spend. Obviously the ones that happen before purchase you probably never hear about, unless you bank tells you that EA/Sony said your card is compromised (which they do).Originally Posted by Delusibeta
Where did all this credit come from?
An interesting element in this year's jackings is that there's reports of people getting charged hundreds of dollars and then never spending them. I'm not sure why.
I know that the FIFA studio team is focusing an enormous amount of effort and time on curbing FIFA fraudulent activity, can't really speak on specifics but it's very very high up there on their daily priorities these days, alongside with other business units within EA working on curbing fraud on a 24/7 basis.Originally Posted by Delusibeta
What can EA do?
The question is "what will EA do?" and judging by the similarity of this event from last year's shenanigans, it appears that the answer seems to be "jack shit".
You have to realize that until very recently (think CEO regime change), EA was very siloed internally with game studios and EA business units operating very much on their own and with very little communication between them (may sound shocking since EA is that gigantic hegemony but it's true).
Some basic things you could do to improve your security, outside of having unique/strong passwords for SEN or Origin, also enable Origin 2-step authentication.
I always delete my card details the moment I use it to buy something (If I want something I'll add them, buy, delete) cos I feel that is the safest method if I have to use a card.
no simple line of code? "This DLC is not authorized to be purchased by user's request?"
kind of like how if you purchased something already, PSN won't let you "buy" it again.
there seems like there could be simple fixes...and the only ones who would get fucked by these simple fixes are the hackers first, and EA with (in their delusional minds) potential lost DLC Sales.
I think part of the reason WHY people impulse buy is because it's so automatic.Thanks... all payment info removed as a precaution. This is some bullshit. Way to inspire confidence in me, Sony. Now if I want to buy something off PSN I have to buy a digital card off amazon first, adding more steps to the process and making me less likely to be spend on impulse buys.
I wouldn't be surprised if Sony did some market research and discovered that the increased purchases from a 1-click checkout outweighs the instances of potential fraud they could "easily" reimburse.
Because this is EA. This is the company that releases the embarrassment that is NBA Live 14 and markets it as "next gen". This is the company that releases Madden with virtually no changes each year. This is the company that releases a broken product with no changes and refuses to acknowledge shitty elements such as momentum engines and glitch goals in their NHL games. This is the company that allows DICE to release a broken product under their label on the PS4 and PC and neither is fixed yet.So why isn't EA doing anything about this?
This is an embarrassment of a company that gives no fucks about the consumer and only about making money, even if on broken, unfinished products. They probably don't give a shit. They're probably just happy that they're getting money from the packs being bought from people who don't get refunds after their accounts are compromised.
The 3DS only has the option to store your CC on the actual device and it can be PIN protected(and will delete the details after a few attempts). Honestly for better or worse Nintendo is laranoid about user security and this would be next to impossible on a Nintendo system.Originally Posted by LakeEarth
I deleted my CC details on my 360, and have never added my CC to my PS3 or my 3DS. No chances. It can be annoying buying cards, but on the brightside it avoids spur of the moment purchases when my wallet is empty.
My brother's XBL account got hijacked last year and Fifa stuff bought on it(my bro had an origin account but not fifa) and he never got the account back. Pain in the ass.
Also turned on 2-step authentication for my Microsoft account. If anyone has an account with them be sure to do that as well.
Damon, kindle!
| Thread Tools | |