Previously, we announced that certain individuals were attempting to direct players to a fake log-in page for the Square Enix Account Management System in an attempt to steal (also known as “phishing”) their Square Enix ID and password. It has now come to our attention that the contents of the fake websites and fake emails are being ever more cleverly disguised.

In order to keep your personal information and game data safe, we urge you to exercise caution to avoid these emails and websites.

[Characteristics of the fake websites]

- The “s” is missing from “https” in the URL of the login page The fake website will display http:// in the URL

- The hyphen symbol is missing from “square-enix”
The fake website will display “squareenix” in the URL

- The letter “I” is replaced with either “l” or “j”
The fake website will display “square-enlx” or “square-enjx”

- The “com” in “square-enix.com” is replaced by various domains

* There is a possibility that these same scammers will continue to change their methods in their attempt to steal personal information. The above characteristics are examples we have confirmed.

[Characteristics of fake emails]

- The email will contain a message stating that a user agreement violation, suspicious activity, or billing issue has been confirmed and will ask the recipient to go to the fake website.
* A legitimate email from Square Enix may contain the same content, as the scammers copy and paste the text from our emails in most cases.

- The fake URL is hyperlinked to the body text
* The email will contain the official URL for the Square Enix Account Management System (https://secure.square-enix.com/account/) in the body text, but it is actually hyperlinked to the fake website.
* This disguise can be especially easy to miss, so please be very careful.

- The senders disguise themselves by using an official email address
* The scammers have been confirmed to use our official email address like the one below.
autoinfo_na@account.square-enix.com

In some cases, the sender will assume the identity of the Square Enix Account Management System or Square Enix MEMBERS representative and use the Japanese names for these services.
(Example: スクウェア・エニックス アカウント管理システム / メンバーズ事務局)

* There is a possibility that these same scammers will continue to change their methods in their attempt to steal personal information. The above characteristics are examples we have confirmed.

[How to detect a fake website]

Before you access the website:
- If you need to click on a link included in an email or website, please confirm that the URL is legitimate.
* The official URL for the Square Enix Account Management System is https://secure.square-enix.com/account/

- Check that the link displayed is not hyperlinked to a fake URL
* Mouse over the link in your internet browser or email program to display the URL contained in the link and confirm that it is legitimate.

If you already accessed the website:
- Confirm that the website is legitimate

* The Square Enix Account Management System website complies with EV SSL certification. If you access a legitimate website, your browser’s address bar will turn green and you will see “SQUARE ENIX CO., LTD.” as the website administrator on the right or left hand side.

* For more information on EV SSL certification, please visit the website below.
https://www.symantec.com/page.jsp?id=how-ssl-works

If you have accidentally entered your Square Enix ID and password into the fake website or simply clicked on the false URL, you should run your anti-malware or anti-virus software and change your password immediately.

Changing your password
http://sqex.to/gr8

Also, we strongly recommend players to use a Square Enix Security Token which will vastly improve account security.

About the Square Enix Security Token
http://www.square-enix.com/eu/account/otp/

Keep your personal information safe! Keep your Square Enix ID and password secure!