Player tried to scam me with false link.

[Valkyrie_Lenneth]

Get the OTP software. Password alone wont do it as they can be brute forced, the OTP is unbreakable as it changes every few seconds.

As for falling for scammers, I had one scammer call me the other day calling me about "Telstra issues with my broadband"...Australia uses a national broadband network, and aside from a few isolated places, Telstra hasnt been an ISP for almost six years. People still get scammed.

The old adage applies:

If it seems too good to be true, it usually is.

OTP does nothing if you give them the code on the login page lol

[VelKallor]

OTP does nothing if you give them the code on the login page lol

The OTP code changes every few seconds. Theyd have to have your mobile IN THEIR HANDS..so what are you on about?

[Valkyrie_Lenneth]

The OTP code changes every few seconds. Theyd have to have your mobile IN THEIR HANDS..so what are you on about?

They have a bot that automatically takes the info from the fields and logs in with it. And OTP lasts for at least a min and a half, and also doesn't expire as soon as the code vanishes lol.

[Ranaku]

The sad thing is most of the accounts who message you are players who got their account compromised by falling for the scam and usually they clear out FC chests etc. to sell via RMT.

[VelKallor]

They have a bot that automatically takes the info from the fields and logs in with it. And OTP lasts for at least a min and a half, and also doesn't expire as soon as the code vanishes lol.

I have never heard of a single player having an acct taken over with an active OTP. Have you?

[Valkyrie_Lenneth]

I have never heard of a single player having an acct taken over with an active OTP. Have you?

Yes, there have been several posts over the years of people saying they had one and it still happened. Some where the OTP was even removed after they got in.


OTPs are great for account security. They do not prevent phishing attacks.

[VelKallor]

Yes, there have been several posts over the years of people saying they had one and it still happened.

Show me.

Some where the OTP was even removed after they got in.

You got that backwards. They got the OTP removed and THEN they hacked the acct. Why remove the OTP?

Because they cant break the OTP encryption.

https://forum.square-enix.com/ffxiv/...account-hacked

This user logged into a PHISHING website, which is how he got hacked.

Yeah, the gil scam has you log into a copy of the forum. It's embedded with a keylogger that copies your information and the hackers access your account from there. He didn't log into the forums, he saw a link for free gil leading to the fake forum website and went from there. There's no other way to get access to that fake forum site aside from going to a link sent to you in tells.

So, no.

[Valkyrie_Lenneth]

Show me.



You got that backwards. They got the OTP removed and THEN they hacked the acct. Why remove the OTP?

Because they cant break the OTP encryption.

You can't remove the OTP without access to the account... lol...


Yes, they got phished. What I'm saying is the OTP doesn't save you from phishing. You seem to not understand that and are arguing with me about that.




https://www.reddit.com/r/ffxiv/comme..._being_hacked/


https://www.reddit.com/r/ffxiv/comme...romisedhacked/


https://www.reddit.com/r/ffxiv/comme...t=share_button

[SaberMaxwell]

Phishing and other social engineering tactics are capable of bypassing 2fa by the nature of the victim willingly granting all authentication necessary.

This is also basic logic. If 2fa was all it took to prevent hacking then hacking would no longer be an issue.

Yes, the first thing a hacker will do is remove or replace the 2fa (and of course, the password) so that the victim will not be able to access their own account again and the hacker will can more easily sell the account down the line. That doesn't mean they needed to remove the 2fa to do the hack.

[SaberMaxwell]

Which isn't to say "don't get 2fa," more that "2fa isn't a magical end to hacking attempts on one's account." A layered defense is always the best defense; use a password manager, a one time password, a vpn, and make sure to update your password at least once per month.