FIFA 21 scam lets hackers steal your account — what to avoid

FIFA
(Image credit: EA)

FIFA 21 has arrived — and cybercriminals are getting ready to swindle and steal from the massively popular soccer videogame franchise's tens of millions of players worldwide. 

So says Malwarebytes researcher Christopher Boyd, who in a blog post earlier this week detailed the various ways in which FIFA scammers can rip you off and how you can avoid becoming a victim.

The main reason crooks are drawn to FIFA games is the franchise's Ultimate Team mode, a sort of fantasy-football league in which gamers can construct build their own teams of the world's greatest current and former soccer players, then pit those fantasy teams against other teams online. 

Gamers earn "coins" by playing the game, and can use these coins to "buy" the "cards" — think baseball cards — of desirable players, then assemble the cards to build up their fantasy teams.

"So far, so good ... and essentially harmless," Boyd writes. 

Money changes everything

But you can also use FIFA Ultimate Team "points" to buy players' cards, and you buy those points with real money, either in-game or from third-party sellers. You can also use points to buy loot-box-like card packs that may or may not contain one of the very best players. 

On Amazon right now, you can buy Ultimate Team gift cards at prices ranging from $4.99 for 500 points to $99.99 for 12,000 points.

"The monetization of the game is red meat in the water to scammers," Boyd writes. "Anything tied up in real-world cash immediately offers several inroads to fakery."

Because having the best Ultimate Team players obviously increases your chances of winning more matches, there's a strong incentive for FIFA gamers to splash out extra cash on what's already a substantial investment. (Copies of FIFA 21, released Oct. 9, range from $50 to $90 depending on platform and edition.)

"When your team is getting battered every game by players who are clearly, from the way they viciously taunt me over their headsets, only 13 years old," wrote freelance writer Tom Usher in The Guardian earlier this year, "the temptation to splash out on a few gold packs to quickly upgrade your team is immense."

Many of those kids, Boyd pointed out, will be spending their parents' money, sometimes with no limits because parents weary of typing in payment-authorization codes three times a week will simply give their kids the codes.

FIFA 21 scams to look out for, and how to avoid them

Boyd laid out four primary scenarios in which crooks target FIFA players.

Fake generators of FIFA coins, points and other valuable items will pop up on websites, luring you via gaming forums and YouTube videos. 

"All you have to do is fill in a survey, or hand over your login details, or buy gift cards and send them the codes," Boyd wrote. 

Fake customer-support personnel show up in game forums, offering to help -- but which then take you phishing websites designed to steal your FIFA account credentials.

Fake "official" FIFA social-media pages offer to sell you game shortcuts or player-card packs guaranteed to include cards of the best players.

Fake game administrators who also show up in game forums and promise you special rewards or tell you that you've lost points — and that they need your game-account login credentials to "fix" the problem.

"Take some time to figure out security practices that work for you on your selected platform," Boyd concluded. "Every small step you make towards keeping scammers out makes it harder for them to score the winning goal."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.