HELP! I GOT HACKED! GAMEMASTER HELP?

[MsMisato]

Apparently on the phishing site's login page it has you put in your token. They then instantly use that token to log into your account in game, before the token changes. So I dont know if it will help in this situation..

...

I see...

I wouldn't know what the site looked like or what details it asked for, didn't realize they went straight for a redirected login page. This much I do know. You are able to browse both Lodestone and the Forums without logging in. Granted the forums are a mess to navigate and you can't post or reply without logging in. Anything that immediately requests a login for Lodestone and the Forums link wise, I would back away. If anything manually navigate to the forum and not copy paste links. I hope gets a roll back if possible.

Still if you don't have 2 factor still get it. It definitely secures the actual square enix account management section. You can't change your password or remove your token without. You can't change your email unless the person knows your secret question so they cant simply emergency remove it.

I hope OP that they get some things back from SE when they reach out.

Which is why push codes are far superior imo. At least for the majority of users.

I wish we had push code authentication here as well. at work we can use either the token which is on a 20-second timer or push authentication. SE actually needs to shorten their timer on the authentication token.

[Klaleara]

I wish we had push code authentication here as well. at work we can use either the token which is on a 20-second timer or push authentication. SE actually needs to shorten their timer on the authentication token.

Unsure if shortening the timer would help. The only way this would work is if it was automatic. So basically the moment you put in your credentials, a program is throwing it into SE's site. I'd say within less than a couple seconds.

And don't forget that the person has to type in the code, so you can't shorten it too much. Far too many people type slowly to change it much.

[AduroT]

To be honest, get 2-factor authentication. They can't log into your account unless they have your token. worst case is your account gets locked due to many attempts and you have to follow the instructions SE sends you.

It would not have helped in this case. If you enter that two factor code from the token into the phisher’s website, they now have the code, and can use it to get your account.

[Johaandr]

this is actually scary. makes me want to become a villain and hunt down those hackers and punch them so hard.

[KageTokage]

I honestly wonder if the one behind this scam is doing it strictly to be malicious and has no real interest in the belongings of the compromised accounts because in theory, there shouldn't be any way they could be stealing the gil/items without making it painfully obvious as to what the primary "bank" account they're funneling all of the resources to is.

The fact that they personally contacted the owner of a stolen account to taunt/antagonize them is particularly unusual.

[Canada_bangs]

I'm glad I'm on PS4... we can't click links in chat. I also know better then to trust random links from people I do not know. I'm way too old to fall for that. The net is a scary place tho. Hopefully you can get things fixed OP :c

[BlitzAceRush]

I'm glad I'm on PS4... we can't click links in chat. I also know better then to trust random links from people I do not know. I'm way too old to fall for that. The net is a scary place tho. Hopefully you can get things fixed OP :c

We can't click links either, unless there's an option I'm unaware of, we have to copy paste them in.

[Saefinn]

It cannot be emphasised enough, when somebody sends you a link and it requires posting ANY personal information, check the URL. Phishing scammers will try to make stuff look as legit as possible, but the one thing that cannot 100% make look legit? The URL. But they can get damn close.

Whilst i realise too late for the OP, I hope it serves as an example for people to learn caution.

I have had the URL too, and at first glance it looks legit, then it took me to a legit looking login page, I double checked the URL and reported the account that sent me the URL.

[KageTokage]

It seems like some people are getting their accounts back after they were compromised, though I still feel like they should be doing something to raise awareness of the scam.