Stay vigilant! Baddies are actively being bad. Don't click the link. Use 2-factor. #tweetfleet— CCP Peligro (@CCP_Peligro) August 11, 2016
Awareness 101: Please double check any sites before entering credentials! #eveonline #tweetfleet (2/2) pic.twitter.com/6wROHFR1FA— CCP Bugartist (@CCP_Bugartist) August 11, 2016
Sitting at work yesterday I saw tweets coming from the security team. CCP Peligro came out with the first tweet, followed by CCP Bugartist with screenshots. Someone was trying to pull a phishing scam, luring people to a website where they could capture players' EVE account credentials. I didn't receive the fake bait email, but CCP described the scam in a dev blog:
We have recently been made aware of a phishing scam that is currently targeting EVE Online players.I also want to point out that people should use two-factor authentication to protect their accounts. Not only does 2FA put another roadblock to hacking/phishing attempts, but keeps the hacker from putting his own 2FA on your account. Besides locking players out from their account while the hacker loots it, but is an extra delay in getting the account back.
As can be seen from the image above, emails are being sent to members of the community that contain links that lead to a bogus version of the EVE Online Single Sign On page.
The mails are typically disguised as mails from Customer Support, Team Security or the Community Team, informing the recipient that a PLEX or character transfer has been completed, that a support response has been issued or a competition has been won.
Please be sure that you carefully check the URL of any sign on page asking for your account credentials thoroughly before signing in, and don't hesitate to contact Customer Support or Team Security should you feel that one or more of your EVE Online accounts may have been compromised.