xyz domains registered with Namesilo continuously phishing users

[Doki]

In the past week I have reported many in-game tells as "RMT activity" though this does not accurately describe the issue. All of the tells have the same pattern:

A most likely compromised account mass spam tells everyone in the area a tell with a phishing message like "Square Enix should not allow X to happen at this sensitive time, please vote against it before they ruin the game" and then gives a link that mimics the offical forums, but with a slightly different domain of .xyz at the end. I don't want to be TOO specific on the address for obvious reasons.

Anyone that actually goes to the spoof site gets a page that mimics the Square Enix account page. The goal of course is to trick someone into entering their account information.

I have done what I can to combat the problem, but I am sure Square Enix can likely do more since they (I would hope) have actual lawyers that could send something more substantial to the domain registrar.

In all cases thus far, they have registered these spoof sites through Namesilo. When I have gotten a phishing tell, I report them via their abuse email address with the fake site link, a link to the offical forums it is spoofing, and an ingame screenshot of the message trying to trick people into visiting the link. So far it looks like they ARE going and looking, and then shutting that site down, but they aren't stopping another one from being registered right away, or doing any real due diligence on investigating similar infractions.

Feel free to delete this post if it is too far outside the rules, or there is somewhere better it should be directed, I just hate to see longtime players falling for this social engineering 101 BS and have nothing done about it.

[Valkyrie_Lenneth]

In the past week I have reported many in-game tells as "RMT activity" though this does not accurately describe the issue. All of the tells have the same pattern:

A most likely compromised account mass spam tells everyone in the area a tell with a phishing message like "Square Enix should not allow X to happen at this sensitive time, please vote against it before they ruin the game" and then gives a link that mimics the offical forums, but with a slightly different domain of .xyz at the end. I don't want to be TOO specific on the address for obvious reasons.

Anyone that actually goes to the spoof site gets a page that mimics the Square Enix account page. The goal of course is to trick someone into entering their account information.

I have done what I can to combat the problem, but I am sure Square Enix can likely do more since they (I would hope) have actual lawyers that could send something more substantial to the domain registrar.

In all cases thus far, they have registered these spoof sites through Namesilo. When I have gotten a phishing tell, I report them via their abuse email address with the fake site link, a link to the offical forums it is spoofing, and an ingame screenshot of the message trying to trick people into visiting the link. So far it looks like they ARE going and looking, and then shutting that site down, but they aren't stopping another one from being registered right away, or doing any real due diligence on investigating similar infractions.

Feel free to delete this post if it is too far outside the rules, or there is somewhere better it should be directed, I just hate to see longtime players falling for this social engineering 101 BS and have nothing done about it.

They can't really do anything, as the domains get shut down fairly quickly and are all out of either Russia or China. Good luck with that.

[Mhaeric]

This has also been happening for a few months now. These tells started with contests for gil as their phishing hook mostly, but as soon as the patch 5.3 covid-19 delay was announced they switched to these fake polls that are usually about a covid related delay to the expansion. Presumably, because people are more likely to respond to the appeal to emotion than they are to contests of free gil. It doesn't sound as scammy I guess.

What SE could do is put up an announcement on the launcher like they did with the twitch phishing attempts that mimicked prominent twitch streamers. That warning is still pinned to the main launcher headlines and I think the same about in-game phishing tells would be a good idea on their part. I'm actually surprised they haven't done it yet since it's an easy way to let people know about it as well as let people know that they know about it. Every time I log in I take a quick glance at the news feed to see if something is there yet.

[Awha]

Might just be a dick, but if people fall for that stuff . . . well sorry but how can one be expected to help someone who falls for stuff like that?

[Valkyrie_Lenneth]

Might just be a dick, but if people fall for that stuff . . . well sorry but how can one be expected to help someone who falls for stuff like that?

I fell for a scam in my first mmo a long time ago (like, 15 years lol) . Learned my lesson then.

[Awha]

I fell for a scam in my first mmo a long time ago (like, 15 years lol) . Learned my lesson then.

At least you learned from, truth be told I nearly fell for one but was a kid and was too scared to go through my dads wallet.

[Valkyrie_Lenneth]

At least you learned from, truth be told I nearly fell for one but was a kid and was too scared to go through my dads wallet.

Oh mine wasn't monetary. lost a item in the game from it. Still tho, you tend to learn those the hard way.

[MelodyCrystel]

Might just be a dick, but if people fall for that stuff . . . well sorry but how can one be expected to help someone who falls for stuff like that?

So in other words, we all should pat the scammers on the shoulder for tricking naive people, or what? O.o
->A crime stays a crime no matter if it happened in your neighbourhood, another country or the internet. -.- To indirectly tell victims "Sorry, you're too stupid, so nobody should try to solve the problem." is the first step to gaining a "Let criminality rule as long as I'm not affected."-philosophy.

I for one can't take Paypal-mails seriously anymore thanks to these annoying scammers sending fakes every 3 or 4 months--- having such a business going on in FFXIV puts my frustration-level unnecessarily high.
->Though I had only once a tell with such fake-link (EU-server less appealing to scammers, I believe) I see way too many RMT-shouts including commercials for a Mogstation-giftcode-site were several dollars can be saved even on new items--- definitely not a welfare-project, if you ask me.

[MariaArvana]

Might just be a dick, but if people fall for that stuff . . . well sorry but how can one be expected to help someone who falls for stuff like that?

Because honestly, people by and large don't practice proper internet security like they should be. The page the scammers use looks pretty legit to anyone who's not extremely familiar with the forums or the login-screens for the lodestone and for many people who are just going through the motions or wanting to see what this 'update' is about, they may not take the time to actually dissect the page they're sent to.

Let me tell ya a fun statistic from my workplace last year. IT wanted to run a test to see how many employees would willingly give up their password to an email account that was almost identical to the admin's, except with a few letters/numbers changed in the name. 36% of people in the workplace fell for the IT test's trap. 36%.

And that's with the company doing routine password security meetings/notifications/etc.

There'll always be people falling for these things due to the nature of people, but it takes Square very little effort to stay on top of the latest scams and give big warnings in the launcher about them to potentially inform someone who may have fallen for this scam otherwise. The only way to help these people is through preventative measures and hope they work.

[Avatre]

Let me tell ya a fun statistic from my workplace last year. IT wanted to run a test to see how many employees would willingly give up their password to an email account that was almost identical to the admin's, except with a few letters/numbers changed in the name. 36% of people in the workplace fell for the IT test's trap. 36%.

Reminds me of the one time I got an email, from our "CEO", wanting me to transfer money to our clients in Hong Kong. Now, the thing about the company, they were a North American oilfield trucking company. We had no clients anywhere except in a few locations in the US(Texas, Oklahoma, North Dakota, Ohio, Pennsylvania, and briefly in Wyoming and Florida), and a little bit in Canada. Definitely nothing outside of US And Canada, not even where payments were sent to.