Success getting Gil restored that was removed by a compromised account?

[Berkilak]

But occasionally reddit or similar can pressure them into exceptions.

To this point specifically, I think I'd need to commission a portrait of a dramatization of the theft (with a few additional scantily-clad femroes thrown in) if I wanted to get any sort of attention on reddit...

[MicahZerrshia]

There's a difference between "Someone with proper authorization withdrew the money and I want to retroactively cancel it" (Your examples) and "Someone literally hacked an account to get access."

Not that it'll make a difference to SE. But the two situations aren't the same.

I wasn't saying they were. SE doesn't know if an account was hacked, it would be ridiculously easy to fake and make SE your very own gold press. Also if that money is no longer on the hacked account and instead went to buying items and what not off the mb or a house or something of that sort, what is SE supposed to do? Go back and nullify all those transactions and restore it all? That would be a nightmare and effect a whole lot of likely innocent players. It's not as simple as typing in a couple commands. There is a lot to consider here which is why SE has these sort of policies.

Just stop giving ppl access to your bank.

And for the love of all that's good, it's 2021, most of us grew up with or learned computers and basic internet interactions at a young age, so why on earth would you ever clink a link sent to you by some random player? That's like opening a link that is emailed to you from your bank saying there is something going on with your account or they are having a raffle or anything of the sort. Never click links, especially from strangers, is internet 101.

[Berkilak]

And for the love of all that's good, it's 2021, most of us grew up with or learned computers and basic internet interactions at a young age, so why on earth would you ever clink a link sent to you by some random player? That's like opening a link that is emailed to you from your bank saying there is something going on with your account or they are having a raffle or anything of the sort. Never click links, especially from strangers, is internet 101.

The rest of us were just as flabbergasted. Dude is smart. Educated. Didn't expect that lapse in judgement.

And if the compromised account bought a bunch of stuff, that's immaterial. They verified that the account was compromised. They aren't being "scammed." Delete those items on the rollback, but give the person back the gil as well. No one is getting hacked and being given gil. Moreover, we both know that gil didn't go toward MB purchases - it went to a dummy account for a gold-selling service. Let's not let some hypothetical, far-flung, and ultimately unrealistic situation get in the way of giving your players actual support.

As for locking up the bank... it's done now. Doesn't help in retrospect, though. It would be absolutely asinine to have to completely shut out a group of a dozen or so IRL friends and family... but apparently that's a hard truth the players had to realize when SE left them cold after experiences like this. But it shouldn't be this way.

[MicahZerrshia]

They verified that the account was compromised. They aren't being "scammed." Delete those items on the rollback, but give the person back the gil as well. No one is getting hacked and being given gil. Moreover, we both know that gil didn't go toward MB purchases - it went to a dummy account for a gold-selling service. Let's not let some hypothetical, far-flung, and ultimately unrealistic situation get in the way of giving your players actual support..

In this case, most likely yes. But that is not always the case and in game money, just like real world money, can be laundered. And they already have enough on their hands dealing with hackers and rmt, all they need to throw into the mix is adding a gil laundering ring.

I am not trying to start an argument here, but we really need to take a moment to understand why they have policies like this in the first place. It's not so cut and dry as we verified your account was hacked, here is your money! Thank for using SE customer service.

[Berkilak]

In this case, most likely yes. But that is not always the case and in game money, just like real world money, can be laundered. And they already have enough on their hands dealing with hackers and rmt, all they need to throw into the mix is adding a gil laundering ring.

I am not trying to start an argument here, but we really need to take a moment to understand why they have policies like this in the first place. It's not so cut and dry as we verified your account was hacked, here is your money! Thank for using SE customer service.

Let's not forget this this is a video game. This kind of policy makes sense in reality. But in a fictional setting wherein your players are simply trying to enjoy your game? And the worst case scenario is that you give a couple devious players a little more fictional currency? This is much too draconian.

If they can take a look at the login logs, see that weird IP address from halfway around the world... there's your evidence. If they're accessing at a strange time or doing weird things (like emptying their FC chest and giving away all their items, for instance), anyone with half a brain can draw the correct conclusion. If a few people get convoluted with VPNs and the like and they get a few extra gil... so what? The harm these kinds of policies do to to the otherwise boundless amount of goodwill FFXIV has isn't worth it.

[Packetdancer]

Their support is so strange... you get 99% copy/paste responses, but once in a blue moon, you get someone that absolutely combs through the logs to help you out. I suppose it comes down to keeping a line cast hoping for that rare bite.

My gut feeling is that it comes down to the support team being overworked about 98% of the time -- so roughly 98% of the time you get someone who's having to blitz through tickets doing the generally-approved-process for stuff -- and then like 2% of the time you have hit them during the rare moment that they're not buried under some avalanche, and so the CS person really gives that ticket some serious personal attention and focus.

Unfortunately, my other gut feeling is that restorations track "prior to account compromise, the account had X resources" and give the CS folks just that number to work with, because I gather that many times, the compromised accounts may be used as mules (pick up gil from some other account, transfer it to someone who bought gil via RMT or whatever to try to obscure the transaction sources a bit more), and they don't want to mix in gil that passed through the compromised account with the account's own actual gil (which was probably otherwise added to the RMT folks' gil-to-sell money vault).

But worse, what I've seen happen with FCs hit by this -- both via tales from an affected friend, and threads here and on reddit -- is that it isn't the compromised account that takes the gil. The automated system that acts on phishing information appears to do something akin to:

1. Person gets phished, enters enough information for the automated system to log in as them.
2. Automated system checks if they are a member of an FC. If they are -- and are an officer -- zip them to the nearest company chest in a starting city.
3. Deposit all gil from the compromised account into the FC chest.
4. Invite another compromised account (Account #2) that's already waiting by an FC chest to the FC, and give them officer permissions.
5. Account #2 withdraws all gil from the FC chest, and then immediately leaves the FC.

All of which seems to be an automated process designed to obtain as much gil from the victim and their FC as quickly as possible, while also keeping the actual gil transactions from being gathered into any sort of automated log. After all, the compromised account just put the gil into the FC chest; it's someone else, wholly unrelated to that affected account, who took all the gil out.

It sucks, too, because it's depressingly easy for even a smart, savvy player to have a moment of The Dumb when tired. Someone pastes a link that, when you skim it visually, looks like the appropriate forum link at first glance, and then you just think "ugh, the forums logged me out again" when presented with a login screen. There are tells, of course; the phishing pages evidently put the OTP prompt on the same page as the login/password, because they can't do the 'login and then check if you need to provide an OTP' that the real forums can. And if you use a password manager and just hit 'enter password' on webpages rather than typing it manually, it will obviously refuse to fill the password (because it's on some random phishing page for which you have no login, not the actual forums).

(So, side note: I strongly recommend using password managers and letting them fill in passwords, because they do string comparison on domains and won't be fooled by visually-similar website addresses.)

That said, if your scenario is different than the one described above and the person whose account was compromised was also the one who withdrew the gil from the FC chest, I'd say that you might have a better chance at it -- since those transactions would be, presumably, preserved in the logs associated with the incident. In that case, I might keep trying on ticket submission.

(Can you tell that I used to work in the games industry, and had to think about how to track this sort of stuff, what the people doing it were likely to do, and how to counter it? I would like to reformat that part of my brain to reclaim the space...)

[Berkilak]

That said, if your scenario is different than the one described above and the person whose account was compromised was also the one who withdrew the gil from the FC chest, I'd say that you might have a better chance at it -- since those transactions would be, presumably, preserved in the logs associated with the incident. In that case, I might keep trying on ticket submission.

It was indeed the compromised (and subsequently restored) character that removed the gil. The withdrawal is still visible in the in-game chest activity log, and I took a screenshot just to preserve it. Here's hoping!

[Packetdancer]

It was indeed the compromised (and subsequently restored) character that removed the gil. The withdrawal is still visible in the in-game chest activity log, and I took a screenshot just to preserve it. Here's hoping!

I'll admit I'm still not holding my breath that you'll get the gil back, unfortunately. But I'd be marginally more inclined to maybe consider holding said breath than I would be if it were a secondary character who did the withdrawal.

Good luck, regardless!

[lezard21]

(and to get ahead of it, this guy is an IRL friend - he didn't swipe it and keep it).

See the thing is, how can you prove to Square Enix's devs (or for that matter any game's devs) that you and your friend did not fake an account theft, agree to remove the money out of the chest, trade it to another FC friend for safekeeping, request a rollback for the FC money and then retrieve the money from your FC friend essentially doubling what you initially had?

Not saying it's the case here, but it's the reason why games generally don't do rollback for compromised accounts: because people can act in cahoots outside the game. SE is extremely nice in rolling back accounts that were phised when they are not in the obligation of doing so as per the ToS (it was not hacked, hack involves a failure on part of Squarenix's security whereas phised is the player's fault at failing to comply with not sharing their account information rule)

There's a difference between "Someone with proper authorization withdrew the money and I want to retroactively cancel it" (Your examples) and "Someone literally hacked an account to get access."

Not that it'll make a difference to SE. But the two situations aren't the same.

Wait, so are you saying that someone got their account phised and then whoever phised that account hacked the game code to give themselves access to FC bank? Cause that's an entirely different and more grave issue from "someone with bank access got their account phised" that would require SE to investigate their servers' security.

[Berkilak]

Literally any other MMO would have restored the currency by now. This absolute paranoia does not justify refusing to assist your player base when it is flagrantly obvious what happened.

I checked back in on Aion recently and even their support was leagues better that Square’s. That shouldn’t be acceptable to anyone playing this game, especially as FFXIV gains popularity.