Quote Originally Posted by Berkilak View Post
Their support is so strange... you get 99% copy/paste responses, but once in a blue moon, you get someone that absolutely combs through the logs to help you out. I suppose it comes down to keeping a line cast hoping for that rare bite.
My gut feeling is that it comes down to the support team being overworked about 98% of the time -- so roughly 98% of the time you get someone who's having to blitz through tickets doing the generally-approved-process for stuff -- and then like 2% of the time you have hit them during the rare moment that they're not buried under some avalanche, and so the CS person really gives that ticket some serious personal attention and focus.

Unfortunately, my other gut feeling is that restorations track "prior to account compromise, the account had X resources" and give the CS folks just that number to work with, because I gather that many times, the compromised accounts may be used as mules (pick up gil from some other account, transfer it to someone who bought gil via RMT or whatever to try to obscure the transaction sources a bit more), and they don't want to mix in gil that passed through the compromised account with the account's own actual gil (which was probably otherwise added to the RMT folks' gil-to-sell money vault).

But worse, what I've seen happen with FCs hit by this -- both via tales from an affected friend, and threads here and on reddit -- is that it isn't the compromised account that takes the gil. The automated system that acts on phishing information appears to do something akin to:
  1. Person gets phished, enters enough information for the automated system to log in as them.
  2. Automated system checks if they are a member of an FC. If they are -- and are an officer -- zip them to the nearest company chest in a starting city.
  3. Deposit all gil from the compromised account into the FC chest.
  4. Invite another compromised account (Account #2) that's already waiting by an FC chest to the FC, and give them officer permissions.
  5. Account #2 withdraws all gil from the FC chest, and then immediately leaves the FC.

All of which seems to be an automated process designed to obtain as much gil from the victim and their FC as quickly as possible, while also keeping the actual gil transactions from being gathered into any sort of automated log. After all, the compromised account just put the gil into the FC chest; it's someone else, wholly unrelated to that affected account, who took all the gil out.

It sucks, too, because it's depressingly easy for even a smart, savvy player to have a moment of The Dumb when tired. Someone pastes a link that, when you skim it visually, looks like the appropriate forum link at first glance, and then you just think "ugh, the forums logged me out again" when presented with a login screen. There are tells, of course; the phishing pages evidently put the OTP prompt on the same page as the login/password, because they can't do the 'login and then check if you need to provide an OTP' that the real forums can. And if you use a password manager and just hit 'enter password' on webpages rather than typing it manually, it will obviously refuse to fill the password (because it's on some random phishing page for which you have no login, not the actual forums).

(So, side note: I strongly recommend using password managers and letting them fill in passwords, because they do string comparison on domains and won't be fooled by visually-similar website addresses.)

That said, if your scenario is different than the one described above and the person whose account was compromised was also the one who withdrew the gil from the FC chest, I'd say that you might have a better chance at it -- since those transactions would be, presumably, preserved in the logs associated with the incident. In that case, I might keep trying on ticket submission.

(Can you tell that I used to work in the games industry, and had to think about how to track this sort of stuff, what the people doing it were likely to do, and how to counter it? I would like to reformat that part of my brain to reclaim the space...)