Player tried to scam me with false link.

[VelKallor]

The hacker cannot independently get through the 2FA without contacting you.

No. They cant. Which was my entire point.

[Renalt]

No harm in a reminder these things are still going on. They are still going on cause it IS still working. Some people just don't know. I'd be careful with the naming of such individuals cause that goes under "naming and shaming"....even if it's deserved. I'd fix the photo or edit it out completely.

[drtasteyummy]

Greetings from the lands of Eorzea! My name is Prince Adebowale Ezenwa, a royal blood from the prosperous Kingdom of Nigeria, and here in Eorzea, a humble Paladin, fighting valiantly against the forces of darkness.

As a result of a prophetic vision, the mighty Hydaelyn herself directed me to seek you, a renowned and revered player. Your heroic deeds and valorous exploits precede you, and thus, I find myself writing this message with an offer that is both amusingly peculiar and astonishingly fortunate.

As fate would have it, in my possession lies an epic fortune, a staggering wealth of 800 Million Gil, inherited from my late father, King Olufemi Ezenwa, who himself was an avid adventurer in the grand world of Eorzea. Regrettably, due to our Kingdom's stringent regulations, I am unable to manage such a colossal ingame treasure trove.

Knowing your exceptional prowess and unflinching integrity, I've elected to entrust this gargantuan responsibility upon you. I seek your assistance in navigating this predicament, whereupon you will act as the guardian of this fortune until I can safely reclaim it.

In recognition of your invaluable assistance, upon successful transfer, I promise to bestow you with a lion's share of the treasure an inconceivable 300 Million Gil. Your task, if you choose to accept, will require your gaming account details to complete the transaction.

Please respond promptly to commence this playful venture. Together, let us add another epic tale to the chronicles of Eorzea, one that would surely provoke a chuckle or two.

May the light of the Crystal guide our path.

Best regards,
Prince Adebowale Ezenwa, Paladin of Eorzea

[Iscah]

No. They cant. Which was my entire point.

But you're missing the actual point. They can get your 2FA code by tricking you into giving it to them.

They don't need to be physically holding your 2FA code generator device if they can convince you to tell them the code.

The three things they need to steal your account are your username, your password and your 2FA code (not device), and if you "log in" to their fake website then you've just given them all three things in a neat package, no hacking into your computer required.

[Mikey_R]

No. They cant. Which was my entire point.

Topic is about phishing, not hacking. Two different things to get the same result.

OTP will save from hacking, but not from phishing.

[MaxCarnage]

No. They cant. Which was my entire point.

My dude, you are in your own world having conversations no one else is having and acting like you have superior intellect because of it.

This thread is about entering your details of your own volition because you got tricked. And OTPs aren't going to stop you from getting phished because you told the phishers your OTP.

I have no idea why you're going on about "Well, I'd never willingly enter my details anywhere so a OTP will stop me from getting hacked".

This isn't about you and what you would and wouldn't do.

You're your own breed, man.

[ICountFrom0]

Ill make this blunt and to the point.

I dont get phished, I have the brains to know not to look at questionable links, I dont click on them.

This isn't about you?
This is about the person who did get tricked.
This is about how OTP is not perfect, because people do get tricked.

It's okay that it's not about you, you don't have to make everything about you. You can relax now.

[Zeastria]

They don’t need to know about that scam specifically: it only requires a bit of common sense and very basic digital literacy. That type of online scam appealing to human greed is pretty much as old as the internet (there were also similar phone scams and letters too well before…it’s just a modern version of the 19th century “Spanish prisoner” and the more recent “Nigerian prince” scam).

One would think that in this day and age people would be able to put two and two together: a complete stranger who approaches you (of all players) with a ridiculous offer and sends you a link out of the blue to an obviously fake address ending by “.com-gr.eu” should be enough red flags to tell you that it is a scam.

Only thing to do with this is to report the scammer without replying.

If you want to log into the SE website (or any other website), do not use links provided by third parties unless you know that they are genuine and 100% safe. Learn to verify an address and double check hyperlinks before clicking on them. Applies to game chat, emails, social media, text messages, etc…

An solution would be to add a warning about it ingame when you log in -> like a reminder.
The fact that it still exist after so many years - proves that ppl still get scammed by it.

[Toutatis]

An solution would be to add a warning about it ingame when you log in -> like a reminder.

There is one. Right on the launcher. There’s only so much that can be done to save people from themselves.

You can also click on the warning in the launcher: everything is explained at length, including the methods used in game.

[Canadane]

Keep in mind that they use hijacked accounts to spread the spam. This is probably because it looks realer than a level 1 new adventurer spamming tells.
Meaning the person you're putting on blast is likely an innocent (yet foolish) player who fell for the link, got their account stolen, gil taken, and used as a spambot until they could recover the account.
They are likely still playing the game and having their name up like this makes them look bad.

SE doesn't like this and has been known to get people in trouble for posting names of players in this way. Even garbage name farm bots clipping through walls are protected as "innocent until proven guilty".
So while it's good you're spreading the word of the phishing scam, you should consider censoring the players name.