In recent weeks, I have noticed an increase in posts on Reddit complaining about account loss and people falling for phishing scams. While phishing scams are not new, in the last few months scammers have began posting links to phishing sites in-game instead of on Twitch.
Using their current method of phishing, the tell does not arrive from an RMT bot, it comes from an actual player character, hence it is more likely that people will visit it (it may even come from your in-game friends' characters if their accounts were compromised). Further, they are able to force you to logout
and gain control of your character even if you are logged on, and 2-factor authentication using the security token does not protect against it
Usually, people who fell for the scam report that their account was suspended for no reason without any warning. Unlike almost all suspensions for breach of TOS, no email from SE will arrive explaining the reason for suspension.
Here is how the scam works:
1) Using a player account that has been compromised, the scammers send out a tell that looks like this:
The link leads to a fake mockup of the Square Enix website that looks exactly like the real one. However, the domain of the URL will look different. It will end in ".com.xyz" for example, making the actual domain .xyz (I have also seen other domains including .pw).
I think the wording of this scam is quite cunning. It takes advantage of long-term gamers' tendency to resist major gameplay changes, as well as modern outrage culture.
2) The phishing website prompts the user to enter their username, password and one-time password. Because the one-time password is valid for a significant period of time (I think it's about 2 minutes), this gives the scammers a short period during which they can log on.
3) The scammers use a DDoS attack on the victim. This disconnects the victim from the game and prevents them from logging back on. From the victim's perspective, they will mysteriously lose internet connection for up to half an hour. During this time, the scammers will log in, using the stolen password and OTP, take all the gil from the character and any FC chests it has access to, and use the character to send out more phishing tells to other people. Generally, this ends up with the compromised character being suspended for RMT activity.
If you fell for the scam, you have to contact Square Enix support to get your account back, as well as fill out a request for game data recovery. You can see more info about this here
I have to say, judging by the frequency of posts on Reddit, this scam must be hugely successful. However, the scam is still defeated as long as you follow the practice of not entering your username, password and one-time password anywhere but the FFXIV launcher and official SE websites
. Make sure to carefully examine the URL of any links you want to visit, and if you are not sure, use the links in the official FFXIV launcher instead.