Please clear your blacklist!

[mindful]

I sure people running out of the blacklists anyways, Also for those that think impossible for them to hack or steal your information they do it all the time, even on the tokens just the tokens not worth there time most the time. Had friends get hacked from keylogger deep imbedded programs that some the normal virus scan can not find sucks,. They need have the cellphone text message system in place , that if someone log into your character on different isp or you can choose everytime you log in , get text ,message with a code. Since the odd of them cloning your phone is .1%. Banks and microsoft now went that way. Then if lose the phone have to answer 5 your security q's. with little extra info added. Since there so much Phishing going on , with this game since take a act of god find there contact info , the phishers love it.

[Ryios]

Had friends get hacked from keylogger deep imbedded programs that some the normal virus scan can not find sucks

See, if you have a keylogger on your PC, you did something wrong to get it there.

Windows isn't magical, a hacker can't just run something on your PC. You have to let it run, or tell it to run. Once in a blue moon there is a browser security invulnerability that will allow a Javaapplet to run un-attended or something likie that, but 99.99% of the time, someone get's something on their PC because They trusted something and ran it.... I don't care what it is, if it's not made by Google, Microsoft, Sun, Oracle, or Apple, do not trust it. Research it before you run it.

On that note, I've been on x64 windows since 2003, and without anti virus since 2003. I've never been hacked in any game. I've never had a virus or spam or ad ware.

It's really a simple matter, keep crap off your PC and don't install crap you don't know what it is and don't trust.

If it's some dudes Warrior Number Cruncher app... Don't trust it. If it's some script to configure the game perfectly for you, don't trust it. If it's anything don't trust it. Trust nothing and no one.

[Rivienne]

See, if you have a keylogger on your PC, you did something wrong to get it there.

Windows isn't magical, a hacker can't just run something on your PC. You have to let it run, or tell it to run.

This is a bit of a myth and a straight up misunderstanding of how computer exploits and security work. There are many many exploits to let someone run something on your system without your giving explicit permission. From scripting, to buffer overflows, to web browser leaks. Even in the very recent past there have been many simple exploits where adobe flash allowed for malicious code to bypass browsers. There are web exploits found all the time, and it is perfectly possible you can get hacked by a zero-day exploit just by clicking the very first result from an innocuous google search, and not know about it for weeks or months.

There is a reason that there are always new security patches to every operating system on a regular basis, and they are rarely released immediately after the exploit is discovered. In fact usually they are patches to previously known exploits, meaning people may already have been compromised due to the exploit, before any system updates, or virus definition updates occur to block it.

Hacked accounts are not a cut and dry "it is always your fault", or even usually that simple. Most security is a never ending fight to anticipate the existence of exploits you haven't actually discovered yourself yet.

This is not to say "nobody who got hacked is at fault". But it is to say that to assume they are always at fault is simply incorrect. If you are connected to the internet you are at risk. It doesn't matter how many layers of protection you have setup, how up to date your antivirus, how locked down your firewall. All it takes is one exploit.

So please, be considerate. Realize not everyone is at fault, and that maybe if they aren't prepared, it is because they don't know as much as you. Don't berate others who don't have the same knowledge as you, instead educate them. It will go a long way to improving the forums, and the game in general.

I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.
<...>
all my email comes through my iphone and I never click links in my email.

In my own experience with family and friends, your phone itself is the most likely culprit. Any account you use on your phone has an even higher likelihood of being hacked then on your pc, because phone exploits are really profitable. So many people have personal information, phone numbers, contacts, passwords, bank account information, all on the phone, so it is almost always worth the effort to find a way to bypass the security. I have known many people who had their facebook hacked from their iphone, because they walked through a public area (eg airport) with wifi enabled. Wifi + facebook exploit, now they have your password for everything.

So my suggestions: never use open wifi; never use the same password for any account (especially the ones you access from your phone); and use the iphone security token. (Make absolutely sure you keep the emergency recovery key and in more than one location though.)

Also: don't let the attitudes or assumptions of others drag you down to their level.

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

Nope. Actually this also is a misunderstanding of this black market industry (yes industry). You assume it is one person doing the hacking for a specific purpose. But in fact, people who hack information, often hack it for the purpose of selling it.

Usernames and passwords are very lucrative, if not as much as money. People like the gil sellers don't do the hacking themselves usually, they buy the information from someone else who is selling it not just to them, but to those who are likely to use it for other purposes such as hacking your e-mail to send spam, or trying to get into your bank account, etc. I.e. the hacking of a game account is just one way the hacked information is likely to be used. If you get hacked, you should be clamping down on everything, because chances are very slim it was "just a gil seller" and that they only hacked this game.

[Demlix]

There are web exploits found all the time, and it is perfectly possible you can get hacked by a zero-day exploit just by clicking the very first result from an innocuous google search, and not know about it for weeks or months.

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

[RyuujinZERO]

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

You'd be surprised.

I havn't seen it for FF14 yet, but I get fake e-mails purporting to be arenanet trying to get me to hand over my GW2 log in information on a weekly basis

[MStowastiqVahlshdeh]

See, if you have a keylogger on your PC, you did something wrong to get it there.

Windows isn't magical, a hacker can't just run something on your PC. You have to let it run, or tell it to run.

This is a bit of a myth and a straight up misunderstanding of how computer exploits and security work. There are many many exploits to let someone run something on your system without your giving explicit permission. From scripting, to buffer overflows, to web browser leaks. Even in the very recent past there have been many simple exploits where adobe flash allowed for malicious code to bypass browsers. There are web exploits found all the time, and it is perfectly possible you can get hacked by a zero-day exploit just by clicking the very first result from an innocuous google search, and not know about it for weeks or months.

There is a reason that there are always new security patches to every operating system on a regular basis, and they are rarely released immediately after the exploit is discovered. In fact usually they are patches to previously known exploits, meaning people may already have been compromised due to the exploit, before any system updates, or virus definition updates occur to block it.

Hacked accounts are not a cut and dry "it is always your fault", or even usually that simple. Most security is a never ending fight to anticipate the existence of exploits you haven't actually discovered yourself yet.

This is not to say "nobody who got hacked is at fault". But it is to say that to assume they are always at fault is simply incorrect. If you are connected to the internet you are at risk. It doesn't matter how many layers of protection you have setup, how up to date your antivirus, how locked down your firewall. All it takes is one exploit.

So please, be considerate. Realize not everyone is at fault, and that maybe if they aren't prepared, it is because they don't know as much as you. Don't berate others who don't have the same knowledge as you, instead educate them. It will go a long way to improving the forums, and the game in general.

I will admit that I was using the same password for my email, facebook etc because having multiple passwords can be a huge pain. I since changed that.
<...>
all my email comes through my iphone and I never click links in my email.

In my own experience with family and friends, your phone itself is the most likely culprit. Any account you use on your phone has an even higher likelihood of being hacked then on your pc, because phone exploits are really profitable. So many people have personal information, phone numbers, contacts, passwords, bank account information, all on the phone, so it is almost always worth the effort to find a way to bypass the security. I have known many people who had their facebook hacked from their iphone, because they walked through a public area (eg airport) with wifi enabled. Wifi + facebook exploit, now they have your password for everything.

So my suggestions: never use open wifi; never use the same password for any account (especially the ones you access from your phone); and use the iphone security token. (Make absolutely sure you keep the emergency recovery key and in more than one location though.)

Also: don't let the attitudes or assumptions of others drag you down to their level.

Most of these exploits want bank account info, or email accounts to hijack and spread mass emails. What are the chances that these are looking for an SE account so they can login to FFXIV ARR and sell Gil? Probably only going to pick one up going to a sketchy Gil buying site, or some other sketchy FFXIV ARR third party site.

Nope. Actually this also is a misunderstanding of this black market industry (yes industry). You assume it is one person doing the hacking for a specific purpose. But in fact, people who hack information, often hack it for the purpose of selling it.

Usernames and passwords are very lucrative, if not as much as money. People like the gil sellers don't do the hacking themselves usually, they buy the information from someone else who is selling it not just to them, but to those who are likely to use it for other purposes such as hacking your e-mail to send spam, or trying to get into your bank account, etc. I.e. the hacking of a game account is just one way the hacked information is likely to be used. If you get hacked, you should be clamping down on everything, because chances are very slim it was "just a gil seller" and that they only hacked this game.

Rivienne you are a breath of fresh air on these forums. Thanks for being so kind and patient and providing constructive information. Included your original post because helpful.