Forming a Anti-Phishing Taskforce

[MevariNavalo]

EDIT: I started the Discord server. Join here: https://discord.gg/hmy77T5xhU



Hello, everyone. Today I'd like to make a little proposal. I'd like to form a little taskforce to combat the recent phishing problem. An "Anti-Phishing Guild", if you will. No more spreading "awareness", no more complaining to Square, we'll deal with the problem ourselves.

"Hah," I say you mutter to yourself, "what are you going to do, send a bunch of tickets to Square? Like that'll work!" And you're right... that hasn't been working. Square hasn't been doing a very good job of dealing with the problem. But I know something that DOES work, something you can help with. Let me explain.

One day, like many of you, I was sitting alone in my apartment in the Goblet when I got in in-game DM from someone.

"Square cannot do this update", yadda yadda, you know the drill, followed by a link that looked like a forum link.

Thankfully, I realized it was a phishing scam. Remembering a video I saw on YouTube once, I booted up PyCharm and started to write a quick little python script, one that would spam the website with an endless stream of fake usernames and passwords.

You're probably wondering if this even works. The answer is... I would assume so, considering the reaction it gets! If I happen to do this while they're paying attention, eventually I get a 403 error, which means they've blocked me. To this day my home IP address is blocked by their servers, so I have to be a bit creative to get around that. Sometimes, mere moments after I start messing with them, they go through the trouble of completely changing URLs to the scam. Sometimes, the site even goes down completely for extended periods of time!

Right now, the biggest obstacle to my continued scammer-trolling efforts is the fact that when they change URLs, I have to either wait for the scammers to contact me in-game, or start a lengthy proccess of finding their new URL. This is where you guys come in!

All I need is people to tell me the URL of any phishing scams when they get them. If I had a wide enough network of people relaying this information to me, I theorize I could grind their operation to a complete halt. It'd be as simple as joining a Discord server and reporting a scam when you see one. Me (and anybody else with basic programming knowledge) can handle the rest.

So, how about it, anybody interested?

[Puremallace]

lmfao uhh interesting idea but if they are using a US based web provider wouldn't that cause you legal problems? I say let Square Enix handle this but yeah I like where you are going with this.

[MevariNavalo]

Their web provider is often "WebAfrica" or something like that from South Africa. I've seen them also use one from Germany.

Besides, what legal trouble could happen from this? "Hello, Judge, I was running this scam when this punk started sending me a bunch of fake information!"

If this was a DDoS attack I might be more worried. That's not the approach I'm taking, though. What I'm doing is, from what I can tell, completely legal.

[MevariNavalo]

I had a few interested parties so I went ahead and started things up. Feel free to join in.

https://discord.gg/hmy77T5xhU

[Vahlnir]

I wish you all the luck in the world. Hopefully something good comes of this effort, and hopefully there are no issues for you and yours along the way.

[KageTokage]

These scammers keep switching domains specifically because they get reported and eventually banned once they can confirm they're involved in fraudulent activity.

It doesn't like there's much anyone could realistically do to stop them entirely, though what the TC is doing seems about as good as it gets.

[Greyhawk]

Make sure you sign them up if you can, all the possible porn site, webhack, spam garbage, uninteresting, black hole, spineless, hopeless, sack of monkey $*** sites out there with any addressee on the site.

[MevariNavalo]

Make sure you sign them up if you can, all the possible porn site, webhack, spam garbage, uninteresting, black hole, spineless, hopeless, sack of monkey $*** sites out there with any addressee on the site.

I'm not hacking their accounts and getting their email addresses! Jeez, you guys are making me sound like some sorta whitehat hacker.

Anyway, when they realize I'm messing with them, the change they usually make is changing the thread number at the end of their URL. So they might change from ____/ffxiv/threads/7483924 to ____/ffxiv/threads/7158734 or whatever. Sometimes, like recently today, they might change the URL entirely from something like square-enix.com-____.me to forum.squareenix.com-____.me to try to throw me off.

Also, part of the proccess is also contacting their webhost and reporting to them as soon as they change addresses. This is slower, though. They hardly ever get back to you and it can take days for them to do something.