Quote:
Originally Posted by VelKallor
OTP does nothing if you give them the code on the login page lol
Player tried to scam me with false link.
Printable View
-
06-29-2023, 12:02 PMValkyrie_Lenneth
-
06-29-2023, 12:28 PMVelKallorThe OTP code changes every few seconds. Theyd have to have your mobile IN THEIR HANDS..so what are you on about?Quote:
OTP does nothing if you give them the code on the login page lol
-
06-29-2023, 12:35 PMValkyrie_LennethQuote:
Originally Posted by VelKallor
They have a bot that automatically takes the info from the fields and logs in with it. And OTP lasts for at least a min and a half, and also doesn't expire as soon as the code vanishes lol. -
06-29-2023, 12:44 PMRanaku
The sad thing is most of the accounts who message you are players who got their account compromised by falling for the scam and usually they clear out FC chests etc. to sell via RMT.
-
06-29-2023, 12:47 PMVelKallorI have never heard of a single player having an acct taken over with an active OTP. Have you?Quote:
They have a bot that automatically takes the info from the fields and logs in with it. And OTP lasts for at least a min and a half, and also doesn't expire as soon as the code vanishes lol.
-
06-29-2023, 01:00 PMValkyrie_LennethQuote:
Originally Posted by VelKallor
Yes, there have been several posts over the years of people saying they had one and it still happened. Some where the OTP was even removed after they got in.
OTPs are great for account security. They do not prevent phishing attacks. -
06-29-2023, 01:05 PMVelKallorShow me.Quote:
Yes, there have been several posts over the years of people saying they had one and it still happened.
You got that backwards. They got the OTP removed and THEN they hacked the acct. Why remove the OTP?Quote:
Some where the OTP was even removed after they got in.
Because they cant break the OTP encryption.
https://forum.square-enix.com/ffxiv/...account-hacked
This user logged into a PHISHING website, which is how he got hacked.
So, no.Quote:
Yeah, the gil scam has you log into a copy of the forum. It's embedded with a keylogger that copies your information and the hackers access your account from there. He didn't log into the forums, he saw a link for free gil leading to the fake forum website and went from there. There's no other way to get access to that fake forum site aside from going to a link sent to you in tells.
-
06-29-2023, 01:11 PMValkyrie_LennethQuote:
Originally Posted by VelKallor
You can't remove the OTP without access to the account... lol...
Yes, they got phished. What I'm saying is the OTP doesn't save you from phishing. You seem to not understand that and are arguing with me about that.
https://www.reddit.com/r/ffxiv/comme..._being_hacked/
https://www.reddit.com/r/ffxiv/comme...romisedhacked/
https://www.reddit.com/r/ffxiv/comme...t=share_button -
06-29-2023, 01:30 PMSaberMaxwell
Phishing and other social engineering tactics are capable of bypassing 2fa by the nature of the victim willingly granting all authentication necessary.
This is also basic logic. If 2fa was all it took to prevent hacking then hacking would no longer be an issue.
Yes, the first thing a hacker will do is remove or replace the 2fa (and of course, the password) so that the victim will not be able to access their own account again and the hacker will can more easily sell the account down the line. That doesn't mean they needed to remove the 2fa to do the hack. -
06-29-2023, 01:32 PMSaberMaxwell
Which isn't to say "don't get 2fa," more that "2fa isn't a magical end to hacking attempts on one's account." A layered defense is always the best defense; use a password manager, a one time password, a vpn, and make sure to update your password at least once per month.