Phishing Scams ahoy

[ApprenticeSmithy]

Was just talking to some friends while doing the summer event, when suddenly I got sent a tell three times in a row by someone. I know I'm not allowed to say names, so I won't say that, but anyway this person (or bot, who knows) sends me this link saying that "Square enix should be doing this at such a sensitive time. Please go to this (obviously fake and dangerous) thread and vote so they don't ruin the game".

Now I didn't click it, thanks to the many people here who have warned about this (thank you), and I obviously reported them, but I'm still a little shaken. I know I didn't follow the link, but I'm still worried about my account's safety. Is Square Enix doing something about this? Because this seems to be a common tale of late. I just getting worried. Is there anyway I can bump up security?

[OneIlmPunch]

If you didn't copy/paste the link into your browser you should be okay, the only way they can do anything to you is if you navigate to the link, or enter your information. A friend who only went to the fake forum post got taken offline!

[WhiteArchmage]

Don't worry about your account. The tells just look for any random character online in the area. They use Player Search, not any way to target your character in particular, so as long as you don't follow the link and give them your account info you should be fine.

As to what SE is doing about it... we don't know. There are mass bot bans every once in a while, but it accomplishes little when scammers can just make new trial accounts (with credit card fraud) or enough people fall for the scam and they can use THOSE characters to /tell.

To bump up your security you can also activate the one-time password token, either by phone app or getting the physical token. However, if the scammer pays enough attention, they can still use the one-time password when you input it in the fake site, and log in to your account while it's still active.

[ApprenticeSmithy]

Phew, thank you all. I was really worried. Yeah I didn't enter it into the web browser, just did the copy/paste into the report. I think about that one time password

[Canadane]

I should note that the one time password will not save your account if you happened to log into their fake website with it.
Good on your for identifying it and reporting them. Spreading the word about this is the most effective way to combat it.

[Mhaeric]

Is there anyway I can bump up security?

Use the software token on your phone. If you were to somehow fall victim to one of these phishing scams, it won't protect you against them logging in initially since you would provide them the one-time password during the phish, but it will prevent them from logging into your account multiple times or changing your password (you need two instances of the one-time password to do this among other things) thus limiting how much access they can actually get. E.g. someone who doesn't even realize they've been phished would get seemingly randomly disconnected from the server, and just logging back in would be all they would need to do to block access if they have the software token enabled.