WARNING: Phishing Scheme on Crystal, Please Be Aware

[HakuroDK]

Hello friends!

So there is a phishing scheme on the Crystal Data Center presently going on.

What is Phishing?

According to the Oxford dictionary, Phishing is "the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."

In the context of Final Fantasy XIV, this is taking the form of tells to encourage unsuspecting players to reveal their login information.

What is the current Phishing attempt?

There is someone (or a group of someones) who are sending tells to unsuspecting players saying something along the lines of "Square Enix Should Not Remove This Content At Such A Sensitive Time, Please Vote Against It On The FFXIV Forum Post Before They Ruin The Game" followed by a link to the "official forums" which ends in a .su suffix or similar rather than a .com suffix. I have not personally checked this link out, but I am presuming it takes you to a mock-up of the forum login page and, if you put in your SqEx ID and Password in, it will save it to the phisher's database.

I have not only been contacted by complete strangers, but also folks whose names are vaguely familiar, as if they are server regulars.

How can I spot this phishing attempt?

If you get a tell, read the link address. the official forums are "forum.square-enix.com/". If it links you to any location other than this, it is a clear phishing attempt.

What can I do about it?

Most people will probably blacklist the player and move on. However, I ask that you go to the in-game Support Desk, go to Contact Us, and go to "Report Cheating". Report the server you are on, the date and time of the tell, the name of the character who sent you the tell, and both explain that this is a phishing attempt and copy/paste the contents of the tell in the report.

I also ask that you spread this word around to your friends if they are not aware of this going on.


Thank you very much for reading and I hope you can all keep your accounts safe!

[IckeDerTyp]

That's still going on? Thanks for the heads-up!

[Arazehl]

This link leads you to a false page, that looks just like your login account with Square Enix. It is not. If you put your user handle and password in they got you. They will log into your account,wipe you of all your gil and if you're in an FC with access to any of their gil in the community chest they will swipe that too. That is a good reason why to only have the leader of the FC with the only access to the gil.

As far as what you can do? Well, you can report it, maybe get your personal gil back, but if the FC gil is involved you might as well kiss it goodbye. Another thing if you get a tell, from a phisher it is usually from a character that is presently hacked and they use that account to do the dirty deed of sending out tells. I send them a tell back, let them know I know what they are doing and that they are reported. You'll find that they will instantly log out of that poor person's hacked account. This stops the tells being sent to more unsuspecting players. I've even gone a step further and looked that person's character info up and find out what FC they are in so I can contact someone in their FC to let them know that a member of their FC has their account hacked. Then their FC can contact them to let them know hopefully.

How do I know all this? Well this happened awhile back to one of my officers, who lost 62 mil of their own gil and since my officer had access to the FC chest they hit it for all that gil too. They log into an account of their making, invited themselves into the FC, and promote this character to officer rank and strip the gil from the chest. Thankfully the officer did get compensated by SE but the FC gil did not.

If it happens to you, take screenshots if you can and report them. Just beware of any link coming to you in tells by strangers.

[LianaThorne]

It's in Aether as well. Just putting that out there.

Be safe everyone, don't be dumb and go to random links sent to you by strangers.

[Jeeqbit]

This has been going on for a year or so on all data centers. It's not new and it's not just on Crystal.

[joshdavis271]

I get Phishing tells in Hyperion as well, stay safe my fellow warriors of light and do not fall for such schemes.

[Goji1639]

Just a note that most of these phishing bots are operating on hijacked accounts, generally without the accounts owner realizing. So, reporting them is kind of sending the GMs on a wild goose chase, and may only result in getting a legit player who got duped banned.

It's likely best to just ignore/blacklist, and maybe send out little PSA messages like this to raise awareness in the community.

[Seera1024]

Just a note that most of these phishing bots are operating on hijacked accounts, generally without the accounts owner realizing. So, reporting them is kind of sending the GMs on a wild goose chase, and may only result in getting a legit player who got duped banned.

It's likely best to just ignore/blacklist, and maybe send out little PSA messages like this to raise awareness in the community.

This leaves the scammer free to catch players unaware.

Report the player. Get that hacked account locked to prevent as many players as possible from falling for the scam.

These hackers wouldn't be doing this if players weren't falling for the scam. Best to reduce the number of accounts that fall for this by reporting the ones that have fallen for it.

The affected real owners of the accounts can then go and reach out to support to gain access to their accounts.

[KageTokage]

The GMs are smart enough to not permaban the accounts because of how common this has become.

I do feel like they should be doing more to make people of aware of the issue, like a message about it in the notes that pop up when you first log-in.

Granted, anything that requires reading isn't going to reach everyone, but something is better then nothing.

[Goji1639]

This leaves the scammer free to catch players unaware.

Report the player. Get that hacked account locked to prevent as many players as possible from falling for the scam.

These hackers wouldn't be doing this if players weren't falling for the scam. Best to reduce the number of accounts that fall for this by reporting the ones that have fallen for it.

The affected real owners of the accounts can then go and reach out to support to gain access to their accounts.

Guess it depends on how amenable this game's support is. In some games running scam bots is a permanent closure, so it's a bit of a courtesy to give the accounts actual owner a chance to sort this out themselves; change password, delete spambot alts, etc. If you see the same bot running for a long time it makes more sense to report it imo.

Either way, yea, don't fall for it.