Nintendo is warning customers to watch out for messages spoofing its no-reply@accounts.nintendo.com email address, advising fans to refrain from interacting with the message.
“We have confirmed cases of suspicious emails (spoofing emails) being sent using our email address (such as no-reply@accounts.nintendo.com) to provide information about companies and services that are unrelated to our company,” the Japanese gaming giant warns.
Nintendo says, “these emails are sent by third parties using spoofed sender email addresses, and are not legitimate emails sent from our company.”
The advisory includes no actual examples, such as screenshots, of the ongoing phishing campaign. Nor does it describe the actual malice behind the tainted links included with the emails.
It only stresses that “the links (URLs) contained in these suspicious emails may be fraudulent sites, so if you receive one, please delete the email without opening any links in it.”
Customers who receive multiple such emails are told to contact their email service provider, suggesting that some people might be targeted individually, perhaps based on their gaming activity, data leaked in breaches, purchases, or overall social activity in the Nintendo ecosystem.
“If you accidentally open the linked site, please close the browser immediately,” a Google-translated version of the warning continues. “Also, if you enter your Nintendo Account email address and password on the linked site, there is a risk that unauthorized users may log into your Nintendo Account, so please change your password on the Nintendo Account website immediately. We also recommend setting up a passkey and two-factor authentication.”
Nintendo refers customers to its account support platform for instructions on how to prevent unauthorized logins. An FAQ is included with the warning, further clarifying the underpinnings of this sneaky phishing campaign.
If you’re a Nintendo fan with a Nintendo account on file, Bitdefender recommends you change your password as soon as possible, for good measure. On the off chance you don’t have 2FA enabled, proceed to enable multi factor authentication for your Nintendo account immediately.
It’s advisable to avoid interacting with unsolicited emails, especially when they seem to pressure you into providing personal information, card numbers, and especially username and password.
Spoofing takes many forms, sometimes making it impossible for the impersonated entity to combat the attack. Nintendo is doing its bit to raise awareness about the ongoing issue but doesn’t clarify that clicking on the sender’s label will uncover the sender’s true email address – and that even then it may look almost identical to the untrained eye.
When in doubt, contact your alleged sender yourself through official channels – by typing in the URL, email or phone number.
For peace of mind, consider using a dedicated security solution capable of sniffing out phishing attacks.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024