xyz domains registered with Namesilo continuously phishing users

[Doki]

In the past week I have reported many in-game tells as "RMT activity" though this does not accurately describe the issue. All of the tells have the same pattern:

A most likely compromised account mass spam tells everyone in the area a tell with a phishing message like "Square Enix should not allow X to happen at this sensitive time, please vote against it before they ruin the game" and then gives a link that mimics the offical forums, but with a slightly different domain of .xyz at the end. I don't want to be TOO specific on the address for obvious reasons.

Anyone that actually goes to the spoof site gets a page that mimics the Square Enix account page. The goal of course is to trick someone into entering their account information.

I have done what I can to combat the problem, but I am sure Square Enix can likely do more since they (I would hope) have actual lawyers that could send something more substantial to the domain registrar.

In all cases thus far, they have registered these spoof sites through Namesilo. When I have gotten a phishing tell, I report them via their abuse email address with the fake site link, a link to the offical forums it is spoofing, and an ingame screenshot of the message trying to trick people into visiting the link. So far it looks like they ARE going and looking, and then shutting that site down, but they aren't stopping another one from being registered right away, or doing any real due diligence on investigating similar infractions.

Feel free to delete this post if it is too far outside the rules, or there is somewhere better it should be directed, I just hate to see longtime players falling for this social engineering 101 BS and have nothing done about it.

[Valkyrie_Lenneth]

In the past week I have reported many in-game tells as "RMT activity" though this does not accurately describe the issue. All of the tells have the same pattern:

A most likely compromised account mass spam tells everyone in the area a tell with a phishing message like "Square Enix should not allow X to happen at this sensitive time, please vote against it before they ruin the game" and then gives a link that mimics the offical forums, but with a slightly different domain of .xyz at the end. I don't want to be TOO specific on the address for obvious reasons.

Anyone that actually goes to the spoof site gets a page that mimics the Square Enix account page. The goal of course is to trick someone into entering their account information.

I have done what I can to combat the problem, but I am sure Square Enix can likely do more since they (I would hope) have actual lawyers that could send something more substantial to the domain registrar.

In all cases thus far, they have registered these spoof sites through Namesilo. When I have gotten a phishing tell, I report them via their abuse email address with the fake site link, a link to the offical forums it is spoofing, and an ingame screenshot of the message trying to trick people into visiting the link. So far it looks like they ARE going and looking, and then shutting that site down, but they aren't stopping another one from being registered right away, or doing any real due diligence on investigating similar infractions.

Feel free to delete this post if it is too far outside the rules, or there is somewhere better it should be directed, I just hate to see longtime players falling for this social engineering 101 BS and have nothing done about it.

They can't really do anything, as the domains get shut down fairly quickly and are all out of either Russia or China. Good luck with that.

[Mhaeric]

This has also been happening for a few months now. These tells started with contests for gil as their phishing hook mostly, but as soon as the patch 5.3 covid-19 delay was announced they switched to these fake polls that are usually about a covid related delay to the expansion. Presumably, because people are more likely to respond to the appeal to emotion than they are to contests of free gil. It doesn't sound as scammy I guess.

What SE could do is put up an announcement on the launcher like they did with the twitch phishing attempts that mimicked prominent twitch streamers. That warning is still pinned to the main launcher headlines and I think the same about in-game phishing tells would be a good idea on their part. I'm actually surprised they haven't done it yet since it's an easy way to let people know about it as well as let people know that they know about it. Every time I log in I take a quick glance at the news feed to see if something is there yet.

[Awha]

Might just be a dick, but if people fall for that stuff . . . well sorry but how can one be expected to help someone who falls for stuff like that?

[Valkyrie_Lenneth]

Might just be a dick, but if people fall for that stuff . . . well sorry but how can one be expected to help someone who falls for stuff like that?

I fell for a scam in my first mmo a long time ago (like, 15 years lol) . Learned my lesson then.

[Awha]

I fell for a scam in my first mmo a long time ago (like, 15 years lol) . Learned my lesson then.

At least you learned from, truth be told I nearly fell for one but was a kid and was too scared to go through my dads wallet.

[Valkyrie_Lenneth]

At least you learned from, truth be told I nearly fell for one but was a kid and was too scared to go through my dads wallet.

Oh mine wasn't monetary. lost a item in the game from it. Still tho, you tend to learn those the hard way.

[Doki]

Welp it looks like the actual link you report the domain as a phishing site for namesilo is:
https://new.namesilo.com/phishing_report.php
Annoyingly they want you to attach screenshots of the phishing site to the ticket. I just use a VM to do that so I know it isn't going to effect anything, but it's a bit asine to have it as a requirement for the ticket.

[Quintessa]

Please pay attention to the full URL folks, don't just jump the gun when you see "https://square-enix..". Phishing via opportunity through familiarity is nasty, but recognize this familiarity and question it!

[MelodyCrystel]

Might just be a dick, but if people fall for that stuff . . . well sorry but how can one be expected to help someone who falls for stuff like that?

So in other words, we all should pat the scammers on the shoulder for tricking naive people, or what? O.o
->A crime stays a crime no matter if it happened in your neighbourhood, another country or the internet. -.- To indirectly tell victims "Sorry, you're too stupid, so nobody should try to solve the problem." is the first step to gaining a "Let criminality rule as long as I'm not affected."-philosophy.

I for one can't take Paypal-mails seriously anymore thanks to these annoying scammers sending fakes every 3 or 4 months--- having such a business going on in FFXIV puts my frustration-level unnecessarily high.
->Though I had only once a tell with such fake-link (EU-server less appealing to scammers, I believe) I see way too many RMT-shouts including commercials for a Mogstation-giftcode-site were several dollars can be saved even on new items--- definitely not a welfare-project, if you ask me.