Siglinde Skysworn

Sargatanas (Aether)

Vous n'avez aucune connexion avec ce personnage.

Demandes d'abonnements

L'accord du joueur est nécessaire pour suivre ce personnage.
Envoyer une demande ?

  • 6

Phishing Scam Bypasses 2-factor Authentication

In recent weeks, I have noticed an increase in posts on Reddit complaining about account loss and people falling for phishing scams. While phishing scams are not new, in the last few months scammers have began posting links to phishing sites in-game instead of on Twitch.

Using their current method of phishing, the tell does not arrive from an RMT bot, it comes from an actual player character, hence it is more likely that people will visit it (it may even come from your in-game friends' characters if their accounts were compromised). Further, they are able to force you to logout and gain control of your character even if you are logged on, and 2-factor authentication using the security token does not protect against it.

Usually, people who fell for the scam report that their account was suspended for no reason without any warning. Unlike almost all suspensions for breach of TOS, no email from SE will arrive explaining the reason for suspension.

Here is how the scam works:

1) Using a player account that has been compromised, the scammers send out a tell that looks like this:

The link leads to a fake mockup of the Square Enix website that looks exactly like the real one. However, the domain of the URL will look different. It will end in "" for example, making the actual domain .xyz (I have also seen other domains including .pw).

I think the wording of this scam is quite cunning. It takes advantage of long-term gamers' tendency to resist major gameplay changes, as well as modern outrage culture.

2) The phishing website prompts the user to enter their username, password and one-time password. Because the one-time password is valid for a significant period of time (I think it's about 2 minutes), this gives the scammers a short period during which they can log on.

3) The scammers use a DDoS attack on the victim. This disconnects the victim from the game and prevents them from logging back on. From the victim's perspective, they will mysteriously lose internet connection for up to half an hour. During this time, the scammers will log in, using the stolen password and OTP, take all the gil from the character and any FC chests it has access to, and use the character to send out more phishing tells to other people. Generally, this ends up with the compromised character being suspended for RMT activity.

If you fell for the scam, you have to contact Square Enix support to get your account back, as well as fill out a request for game data recovery. You can see more info about this here.

I have to say, judging by the frequency of posts on Reddit, this scam must be hugely successful. However, the scam is still defeated as long as you follow the practice of not entering your username, password and one-time password anywhere but the FFXIV launcher and official SE websites. Make sure to carefully examine the URL of any links you want to visit, and if you are not sure, use the links in the official FFXIV launcher instead.

Stay safe!
Commentaires (6)

Esper Eidolon

Diabolos (Crystal)

I am very glad you went into full detail for this. I know the scam but not sure how to explain until now ❤️❤️ Gawd those bots need to be decimated yus yus

Lalli Physalis

Sargatanas (Aether)

I did fall for that scam, but in a weird way xD a friend sent the link + message to me asking if I'd seen it going around, with no context. I just clicked it and logged in, thinking my friend was referring to a forum post. When I realized there wasn't really anything there, I was puzzled, at that's when I looked at the URL and noticed it was odd. I changed my password immediately and asked my friend wtf was going on - and she said she was wondering if it was a scam xD

Yes. Yes it was.

Elaina Jackson

Ultros (Primal)

The first red flag should be the shitty English.

Felsea Stryfe

Lich (Light)

It still blows my mind ppl lack common sense. I don’t think it’s an intelligence thing, but maaaan ppl can jump on the worry train way to easily.

Felsea Stryfe

Lich (Light)

Have u noticed it’s ether “eazy money” or “account problem” the is the general bait for these ppl?

Neyalin Deixa

Leviathan (Primal)

The person that sent this to me is named Amanda Fenn from leviathan
Écrire un commentaire
ForumsStation MogBlog officiel

Mur de la communauté

Activité récente

Il est possible de filtrer les informations afin d'en réduire le nombre affiché.
* Les annonces concernant les classements ne peuvent pas être filtrées par Monde.
* Les annonces de création d'équipe JcJ ne peuvent pas être filtrées par langue.
* Les annonces de création de compagnies libres ne peuvent pas être filtrées par langue.

Monde d'origine / Centre de traitement de données