HELP! I GOT HACKED! GAMEMASTER HELP?

[Mirassou]

ShadowPrincessD, I am so sorry this happened to you

I don't really have much to add to the advice of others, but really I feel so awful for you and so angry at those who prey upon others.
I will say that I use the authenticator on my phone, not sure if they can hack into that as well, but it is another security wall.
I hope that SE can restore your losses - not sure if they do that, but I hope it happens for you.

[Canadane]

i did get hacked BTW look at the edit i just did on the post

No, you took the phishing bait. I'm sorry I know you don't wanna place the blame on yourself but we've probably all gotten these tells multiple times by now. The website TLD is not identical to anything SE uses.
Knowledge is power here, and understanding what happened is only going to help you and others not also fall for this.

I'm sorry for what happened I feel for you, but understanding exactly what happened to you is important. Your edit makes...little sense. Your IP cannot be hacked per se. Getting your personal information and getting threats is almost unheard of from RMT they kust want to empty your gil and use your character to spam the same RMT message you got in the first place. But if they did have your account access they could also in turn log into your account management and see your personal information. This is likely how they sent you a message, if any.
If you had used a security token on your account, it wouldn't have helped your initial character loss. You would have still had someone log into your character. But it may have stopped them from logging into your SE account management as the OTP would have changed and your personal information wouldn't have been accessible.

Again, it sucks to have happen, but be wary of suspicious links. You can stop it from happening again.

[Klaleara]

No, you took the phishing bait. I'm sorry I know you don't wanna place the blame on yourself but we've probably all gotten these tells multiple times by now. The website TLD is not identical to anything SE uses.
Knowledge is power here, and understanding what happened is only going to help you and others not also fall for this.

I'm sorry for what happened I feel for you, but understanding exactly what happened to you is important. Your edit makes...little sense. Your IP cannot be hacked per se. Getting your personal information and getting threats is almost unheard of from RMT they kust want to empty your gil and use your character to spam the same RMT message you got in the first place. But if they did have your account access they could also in turn log into your account management and see your personal information. This is likely how they sent you a message, if any.
If you had used a security token on your account, it wouldn't have helped your initial character loss. You would have still had someone log into your character. But it may have stopped them from logging into your SE account management as the OTP would have changed and your personal information wouldn't have been accessible.

Again, it sucks to have happen, but be wary of suspicious links. You can stop it from happening again.

If they hit the scammers website from their computer, the scammers could have gotten their IP. Just, nothing they could really do with their IP lol.

Secondly, pretty sure a security token on the account would have helped the initial character loss, as it's required to use the token to login to the game and get access to the character. A note, there are already plenty of ways to get around two-factor authentication, decent hackers get by it with fair ease. However, anyone with those skills aren't going to give 2 f's about someones final fantasy character.

[Valkyrie_Lenneth]

If they hit the scammers website from their computer, the scammers could have gotten their IP. Just, nothing they could really do with their IP lol.

Secondly, pretty sure a security token on the account would have helped the initial character loss, as it's required to use the token to login to the game and get access to the character. A note, there are already plenty of ways to get around two-factor authentication, decent hackers get by it with fair ease. However, anyone with those skills aren't going to give 2 f's about someones final fantasy character.

Nah, they capture the code with the fake login site then immediately enter it into the client. That's how they login.


2fa won't help you if you give them the code lol.

[Avatre]

Nah, they capture the code with the fake login site then immediately enter it into the client. That's how they login.


2fa won't help you if you give them the code lol.

That's also assuming the site that you are "logging" into has the spot to enter 2fa. If they don't, then there would be no way to get into the account. As I haven't even looked at those phishing links, I don't even know if they have a field for that.

[Canadane]

If they hit the scammers website from their computer, the scammers could have gotten their IP. Just, nothing they could really do with their IP lol.

Exactly, that's not "Hacking an IP" that's just seeing it.

That's also assuming the site that you are "logging" into has the spot to enter 2fa. If they don't, then there would be no way to get into the account. As I haven't even looked at those phishing links, I don't even know if they have a field for that.

They do, a friend with the token has been compromised one drunken night he wasn't too smart. He assumed the site just auto-logs in to a client with the credentials without human intervention, which would make sense considering the speed which would be required to use the information.

[Klaleara]

Nah, they capture the code with the fake login site then immediately enter it into the client. That's how they login.


2fa won't help you if you give them the code lol.

Depends on the 2fa you have? Most 2fa's is just a text to your phone, not an actual token. It seems that FF14 uses the token version though, which is meh imo.

[Valkyrie_Lenneth]

Depends on the 2fa you have? Most 2fa's is just a text to your phone, not an actual token. It seems that FF14 uses the token version though, which is meh imo.

No I mean, you have to put in the code it gives you when you log in right?

If you give them the code when you "log in" to the phishing site, then the 2fa is pointless because you gave them the code to get in.

[Canadane]

Yeah it doesn't matter when you literally give them your name, password, and token via a fake login page.
The type of 2fa isn't ever taken into account. It could be 6fa for all they care, if someone was tricked into logging in thinking it's legitimate, they're ponying up all the details.

[EdenArchangel]

One time my mom called me, saying she got a call from Microsoft:
"Microsoft is calling me honey -- they need my credit card to get rid of a virus on my computer."
I was so proud she didn't and called me instead.