Please clear your blacklist!

[WHS]

Until SE changes the system or makes it do I don't get bothered in game by RMT I will keep the blist just how it is for now and keep adding to it till it is full. The more names I see deleted in the list then I will clean those up. I have no respect for the harassment that RMT have caused me and my family.

[Rawrrior]

You (and many others) seem to forget phishing and how rife that is.

You can't blame people for being gullible and falling for a phishing scam, then following the dodgy links and entering crucial information. These people are clearly legit players, if a little on the dim witted side - they don't all deserve to be written off as "RMT/Botting scum - you deserve my /blist!"

This. Already got 2 of them.

Both of them forged a SEs email template/ address/ account editing site. Got 2 sent saying to verify my email on my account. Noticed something was wrong when i got an email to verify my spare email that wasn't linked to my account. When i googled, they said that if the URL in the email is http instead of https, then it's a phishing email.

What's scarier is I've seen some posts about people saying they got hacked even with a token linked. Got to be careful what you do with that emergency removal code.

[Jinx]

Ahhh no. If you are dumb enough to get hacked why would I want to associate with you?

[Animation]

the URL in the email is http instead of https, then it's a phishing email.

Wait what? No.. ._.
HTTP = Hypertext Transfer Protocol.
HTTPS = Hypertext Transfer Protocol Secure.
Both are safe, assuming you're on the correct site.

Phishing sites are never that blatant, in most cases they copy the main site of the company/service so that it looks almost identical. Then someone follows a link (say one that looks like it's linking to a post in this forum) the person gets prompted for their login details on a page that looks almost/exactly like the Square Enix sites.

Some people not clued up on the subtle things to look for (like if the url is exactly what it should be and not squareenix.com/se-america.com/square-enix.co etc) can fall into these traps quite easily. Not because they're lured in by a advert for big prizes or unlimited cosmic power, but simply because the page looks official to the unknowing eye.

All they do is rip the page, all ToS link to the correct page but the sign in / up page is a dummy site that basically grabs what you type into the boxes and they grab it from the database.
I've been a website designer for awhile, which is probably why I don't fall for such pathetic hacking attempts.

[Rawrrior]

Wait what? No.. ._.
HTTP = Hypertext Transfer Protocol.
HTTPS = Hypertext Transfer Protocol Secure.
Both are safe, assuming you're on the correct site.


All they do is rip the page, all ToS link to the correct page but the sign in / up page is a dummy site that basically grabs what you type into the boxes and they grab it from the database.
I've been a website designer for awhile, which is probably why I don't fall for such pathetic hacking attempts.

.-. Don't look at me! It's what i read on a SE post somewhere about how they are getting a influx of Phishing emails sent out.

Still regardless weirded me out that i got an email to confirm my account email address when the email wasn't the one associated with my SE account. o.o So i ain't clicking em.

<.< Installed the token first day they allowed us to. I pray my account is always safe x.x

[Xehlwan]

HTTP = Hypertext Transfer Protocol.
HTTPS = Hypertext Transfer Protocol Secure.
Both are safe, assuming you're on the correct site.

Being on the correct site is what that advice is all about. A phishing site will always use http, since they are highly unlikely to have a trusted certification chain. Square Enix, on the other hand, will always use https for anything security related.

In short, if a link relating to your account uses http, rather than https, then the link is guaranteed to be fake. This makes it easy to dismiss phishing mails for FFXIV, even for those who are not versed in IT or webdesign. It doesn't make you impervious to fraud, but it is sound advice.

[Animation]

Being on the correct site is what that advice is all about. A phishing site will always use http, since they are highly unlikely to have a trusted certification chain. Square Enix, on the other hand, will always use https for anything security related.

In short, if a link relating to your account uses http, rather than https, then the link is guaranteed to be fake. This makes it easy to dismiss phishing mails for FFXIV, even for those who are not versed in IT or webdesign. It doesn't make you impervious to fraud, but it is sound advice.

Not all of Square-Enix's pages are HTTPS. Some are HTTP. All account or log-in related things WILL be HTTPS, if they're not, get off the site asap and check manually.

[Xehlwan]

Not all of Square-Enix's pages are HTTPS. Some are HTTP. All account or log-in related things WILL be HTTPS, if they're not, get off the site asap and check manually.

That's what I said: anything security related is https. I think we are on the same page on this issue, though

For all those who call people stupid and look down on others for having their accounts stolen - shame on you.
There are hundreds, if not thousands of methods to steal or hack passwords. Any system that you think is secure today could be cracked tomorrow. Just because you haven't had your account stolen yet, doesn't mean you are too smart to have it happen, only that you are lucky. Every digital system has vulnerabilities, even security tokens.

[Zappo]

Being on the correct site is what that advice is all about. A phishing site will always use http, since they are highly unlikely to have a trusted certification chain.

Not true. Phishing sites can and have used https. The only thing that's verified when buying a "trusted" cert is that the $10 payment was received. The whole "trusted" thing is a scam.

[Xunin]

This community would be so much better if people would stop calling each other stupid, dumb, retard et.c. Not everybody spends enough time at the computer to know exactly what precautions need to be made to not get scammed.