How to take down phishing scams the legit way

[MevariNavalo]

You've probably already noticed the phishing scammers. They PM you a url to what looks like the FFXIV forum, but it's fake. If you haven't seen that... just be aware it's a thing.

I've been doing this little side project of mine lately where I mess with the phishing scammers. One of my most effective means of messing with them involves using a python script that spams their webpage with fake logins. However, I'm going to teach you a more legit way to mess with them... reporting them directly to their DNS host.

Step one: Do a quick Whois lookup (optional)

What you're looking for who in particular is their registrar. I use this website to do this, usually: https://www.whois.com/whois/
So far, they seem to use exclusively NameSilo as their registar, although they frequently use Web4Africa as their host.

Once you've confirmed that their registar is NameSilo, which they almost certainly will keep using, move on to the next step.

Step two: File a phishing report with NameSilo

While NameSilo has an "abuse" email address, don't bother using it. For any phishing reports they will send you to the following website: https://new.namesilo.com/phishing_report

Fill it out as follows. Feel free to use this email if you don't want to use your own. Note that you want to give them the direct link to whatever happens to be the fake login page. This is usually a subdirectory that ends with /reply.

Your Email:
ffxivantifishingteam@gmail.com

Real Website:
https://forum.square-enix.com/ffxiv/forum.php

Phishing Website:
[Copy/paste the phishing website here, remember to link them directly to the fake login page rather than the fake message board]

Report:
We have found a phishing website pretending to be the forum for the video game "Final Fantasy XIV", owned by Square Enix. They are using this website to steal game accounts.
They frequently change URLs, so the above website will possibly 404 by the time you read this. Please use the attached image for photographic proof.

Step three: Screenshot the fake login page

Save a screenshot of the fake login page on the phishing website, making sure to include your browser's address bar. You can do this with the old printscreen button and microsoft paint, although I personally use the program Lightshot to make taking screenshots easier. Once you've got a good screenshot, attach it to the report and hit send.

That's it! After doing that, the website will usually go down in an hour or two.

Edit: Oh, and most importantly... don't actually try to log in to the damn site. Just visiting it won't hack your computer or anything crazy like that, just don't punch in your damn account information and you'll be fine.

[linayar]

Just visiting it won't hack your computer or anything crazy like that, just don't punch in your damn account information and you'll be fine.

I personally wouldn't even take that chance, but other people can decide for themselves.

[KageTokage]

Maybe I've just been living under a rock or something, but I don't think I've seen a single MMO with phishing efforts as aggressive and persistent as has been occurring in XIV.

I'm most curious as to what they're even getting out of it because you'd think they'd just be able to trace all of the gil they're draining from people's hijacked accounts and purging the "bank" account it's being sent to before it can be used in RMT.

[LianaThorne]

Edit: Oh, and most importantly... don't actually try to log in to the damn site. Just visiting it won't hack your computer or anything crazy like that, just don't punch in your damn account information and you'll be fine.

Yes but some websites can have browsers download stuff in the background/log your IP so it really depends on how smart the person is who made the site. If you haven't gotten any new weirdness with your comp, I don't think they would be using downloads but IP grabs are still a chance.

[MevariNavalo]

My suspicion is that they're draining people's gil to use for RMT stuff. Someone who has actually had their account hacked would have to confirm that for me, though. The alternative is that they're looking for high level characters to turn into farming bots.

Registering all these domain names costs these scammers cash money, so there has to be SOME monetary benefit they're getting from this. Every time I flag their domain name that's money down the drain, so my hope is that if more people do it then it makes their operation unprofitable.

Also, good on you guys for being cautious about their website. Personally, I can say that after months of messing with them, I've seen nothing particularly hacky or virusy on their site, other than, you know... having your account stolen when you plug in your info. They try very hard to look like the legit site, and setting off any spyware or antivirus would probably not help.

A particularly pop-up heavy porn site is likely considerably more dangerous.

[Theodric]

Maybe I've just been living under a rock or something, but I don't think I've seen a single MMO with phishing efforts as aggressive and persistent as has been occurring in XIV.

I'm most curious as to what they're even getting out of it because you'd think they'd just be able to trace all of the gil they're draining from people's hijacked accounts and purging the "bank" account it's being sent to before it can be used in RMT.

I've seen it in other MMO's, though when it comes visible it's usually the point where there's an equally aggressive crackdown.

The problem is that innocent player mistakes - such as swearing at nobody in particular in a duty after messing up - risk being punished severely but obvious cases of abuse and cheating are treated as far lesser crimes by comparison.

There's a number of reasons for that, I speculate. For starters, criminal activity is most successful when there's 'insiders' who can intervene, look the other way and/or frustrate any investigations.

Dirty money is also a likely problem. If it wasn't a profitable venture, MMO's wouldn't have so many scams associated with them.

It's happening aggressively on the NA and EU servers, which are proven to be treated as second class citizens in some regards. (See the lack of courtesy towards EU players and the Black Fat Chocobo promotion never being given to us/acknowledged as a disappointment).

I'd also note that many 'journalists' avoid asking hard hitting questions in relation to cheating, botting and other shady activity. Even if they did, though - they'd probably just get a generic response stating that such things are taken extremely seriously.

This is all just speculation, of course. Though it's hard not to see things in such a manner at this point.