Player tried to scam me with false link.

[Zeastria]

god, this one is years old and should be well known by now. And still people fall for it.

New players don't know about it nor
do they get warned about it.

[VelKallor]

Id agree with all of the above, Saber, the most important being watch for phishing and dont click on links you dont know.

Yes, they got phished.

Had they not done so, they would never have been compromised.

[Valkyrie_Lenneth]

Id agree with all of the above, Saber, the most important being watch for phishing and dont click on links you dont know.


Had they not done so, they would never have been compromised.

Yes. My whole point was you said they should have a OTP and I said OTP doesn't save you from being phished. Glad we agree.

[SaberMaxwell]

Yup. The reason phishing and its kind are so prominent is because cybersecurity techniques and technology have advanced to such a point that social engineering is the much easier and cheaper option for trying to assail simple users and SMBs. It's important to watch out and, even if a message comes from a friend, gauge whether its a safe link to click or not.

Hackers are absolutely not above using compromised accounts of social media (of which XIV is one) to spread their attacks even further. If you have friends on multiple channels, confirm links with them through those channels to be safe.

Impromptu cybersec lecture but definitely one worth keeping in mind for any future viewers.

[TheDecay]

Show me.



You got that backwards. They got the OTP removed and THEN they hacked the acct. Why remove the OTP?

Because they cant break the OTP encryption.

https://forum.square-enix.com/ffxiv/...account-hacked

This user logged into a PHISHING website, which is how he got hacked.



So, no.

You truly can't take an L

[ICountFrom0]

The OTP code changes every few seconds. Theyd have to have your mobile IN THEIR HANDS..so what are you on about?

They use scripts and third party programs to INSTANTLY log in the instant they get the OTP, knocking you out of your account and then changing everything with a bot to pre-set information for them.

[VelKallor]

You truly can't take an L

Says Titanmen.

They use scripts and third party programs to INSTANTLY log in the instant they get the OTP, knocking you out of your account and then changing everything with a bot to pre-set information for them.

Okay.

Ill make this blunt and to the point.

I dont get phished, I have the brains to know not to look at questionable links, I dont click on them.

So:

With an OTP on my acct, what are the chances of some hacker getting in?

ZERO

ZIP

NADA

The end.

[Toutatis]

New players don't know about it nor
do they get warned about it.

They don’t need to know about that scam specifically: it only requires a bit of common sense and very basic digital literacy. That type of online scam appealing to human greed is pretty much as old as the internet (there were also similar phone scams and letters too well before…it’s just a modern version of the 19th century “Spanish prisoner” and the more recent “Nigerian prince” scam).

One would think that in this day and age people would be able to put two and two together: a complete stranger who approaches you (of all players) with a ridiculous offer and sends you a link out of the blue to an obviously fake address ending by “.com-gr.eu” should be enough red flags to tell you that it is a scam.

Only thing to do with this is to report the scammer without replying.

If you want to log into the SE website (or any other website), do not use links provided by third parties unless you know that they are genuine and 100% safe. Learn to verify an address and double check hyperlinks before clicking on them. Applies to game chat, emails, social media, text messages, etc…

[NekoMataMata]

New players don't know about it nor
do they get warned about it.

Okay but this happens across the internet.

[Iscah]

So:

With an OTP on my acct, what are the chances of some hacker getting in?
ZERO
ZIP
NADA
The end.

The hacker cannot independently get through the 2FA without contacting you.

That is why their approach is to contact you and trick you into voluntarily typing your code into their website, along with your login details, which they will immediately use to log in during the short window while the 2FA code is still active.