One of my trusted FC members got Hacked and now all our FC gil is gone

[AngelCheese77]

The phishing websites actually demand your OTP as well, so a security token isn't necessarily going to protect someone gullible enough to go there in the first place.

The issue is, the real SE website doesn't ask for your token until the second page (the one after your Login and Password). Here is what the real page looks like below. As you can see, no token box. The phishing site asks for your token on the SAME page.

[KageTokage]

The phishing "log-in" page honestly looks fake as all heck if you take even a moment to scrutinize it as it lacks/differs from the officlal log-in in several ways though the main ones are:

1. Like you mentioned, the OTP request always comes AFTER you enter your account name and password.

2. The website is not listed as secure.

3. The web address format is completely different from the official log-in pages; with the page you're being redirected to normally listed after all that Mogstation-related jazz. The phishing website just lists the address of the post it's supposedly linking to and nothing else.


It's honestly kind of sad that they're having so much success with how many red flags the phishing website should be raising, though I think it stems mostly from people being gullible and trusting complete strangers.

[HakaseNyan]

Wonder what was so important for them to give up all of their login information. It's a shame people have to fall for this stuff to learn about protecting their information better.

[Jojoya]

This, better settings to control our bank will be really appreciated.

They're working on it.
https://na.finalfantasyxiv.com/lodes...b1046155e63703

Hopefully they add what WoW did, an option to have a 2FA requirement for characters to be assigned certain ranks with more sensitive access to the guild settings and bank.

Still, in the meantime the best thing is for players to be smart in the first place. Don't fall for the scam shouts and tells. Be cautious of what ranks and permissions you give FC members. Even someone cautious and trustworthy can end up getting compromised if they're sharing their device with other users who aren't so cautious (happened to one of our FC members that allows her daughter to use her computer).

[Quintessa]

Wonder what was so important for them to give up all of their login information. It's a shame people have to fall for this stuff to learn about protecting their information better.

Probably some kind of scareware that made them panic and put everything in because "something bad will happen if you don't do this now!". I recently got something like that in my email about "suspicious activity" from my MS account login... man I must have googled my butt off and even went to the actual MS site to make sure that was the REAL DEAL before going any further. Turn's out it was just picking up my phone, which is always with me, at all times.

The thing about trust is, for some people, it runs very deep, hasn't ever been broken, or badly broken, so they are gullible. It only takes 1 time though, and I'm sorry for the OP's friend that this 1 time had to come like this.

[ForteNightshade]

Why in the world didn't they have a security token activated? That literally makes no sense, its free and you get a free teleport for having one.

For one, they are not free. You either need a phone or purchase the token devise from SE directly. Furthermore, I've heard many a horror story about difficulty it can be to transfer the app should you buy a new phone. Which is the main reason I've never used it.

[Yshtola]

Imagine playing video games in 2020, but not having a smart phone or 20$ to buy a physical token that will last 6 years.

[Awha]

Imagine playing video games in 2020, but not having a smart phone or 20$ to buy a physical token that will last 6 years.

Imagine playing an MMO in 2020 and still falling for these basic cons. Granted not having a token is also silly.

[DrWho2010]

For one, they are not free. You either need a phone or purchase the token devise from SE directly. Furthermore, I've heard many a horror story about difficulty it can be to transfer the app should you buy a new phone. Which is the main reason I've never used it.

if you buy a new phone all you do is remove the software token from your account first, activate your new phone, re-apply the software token on the new phone and put the OTP back on your account, boom done. ezpz

[Odstarva]

And even if something happened (as it has to me) and, say, your phone breaks and you get a new one, you can always contact live support and they can temporarily disable the token for you to assign your new phone.
Generally they ask for proof of identity - something like your ID or driver's license - to ensure you're the person making the request.

The point is, I'm really sorry you and your FC are going through this but please for your own sake use the security token. It's free, gives you perks, protects your account.