How to stay safe from phishing.

[Animation]

With all the recent threads about phishing I have decided on writing up a quick guide/article about it and how you can stay safe.
Note: All this is from my own perspective and not Square-Enix's. I'm not sure how they handle this kind of thing or not.

Anyway, most people will find your email (or any email) and mass spam it with things like "Your account has been compromised" - "We'll give you stuff" all that kind of stuff so you fall for it. However there is a lot of core things that they simply cannot do, and it's actually very hard to notice.

When signing in, look for a green box in your browser, I'll post a picture below.


Now if I click the box you'll see this.

Only the official site will have this, as of course it means the site is verified and trustworthy. This is pretty much all you need to look for, but sometimes it's not displayed. IE on the forums (even though it'll take you to that secured page normally).

The other bit we're looking at is HTTP & HTTPS.
HTTP = Hypertext Transfer Protocol.
HTTPS = Hypertext Transfer Protocol Secured.

Along with the green box right next to it, it has HTTPS, if for some odd reason anything to do with Square-Enix's site shows HTTP and not HTTPS (wont be in caps). I suggest you go back and do it manually. As any area that requires you to sign in will be Secures (HTTPS).

Also, never ever click on anything about password resetting from your email, from what I have gathered you'll be given a code only to reset your password, not go to a website.


Note both those links when clicked will display a green box.
*I blocked out the code and my email for my own safety*

After all this if you still feel unsure, set Square-Enix's site as your homepage and do everything manually, and remember If something seems to be too good to be true, then it most likely is.

Lastly, if you do come across a phishing site, be sure to report it to the Cyber FBI or find the webhost and report it to them. As I said earlier, phishing is a crime and people that do it deserve to be put in jail.

I'm sorry if this has been posted before, I thought I'd spend an hour and write up a guide so we all can stay safe. If you're still unsure please post and I'll help you out. If anyone has an issue with this, do let me know. I'm not trying to act like S-E staff or anything.
I'll edit this later as I need to do some dungeons.

[Jayrune]

This is actually the first thread about phishing on these forums i have seen, so you get a like.

[O-Deka-K]

I applaud you for making a post about this.

However, I'd like to add a few points:

• Although your point about the green box is correct, not every browser handles it this way. Older browsers in particular may not have this feature. Of course, update your browser if you can.
• Some browsers (like Firefox) show "https://" in the location bar, but do NOT show "http://" by default. For example, it will just show "www.example.com".
• The security certificate (green box) is something you can only check AFTER you click on a link. More importantly, you should not even click anything that's remotely suspicious.
• Phishing e-mails have become very sneaky. Always check the actual link by mousing over the link. See below for an example. I've made it obvious that the URL is different. Phishers will try to make it look as similar as possible in order to trick you.

Disguised link: https://www.google.com/.

[Nuzuchi]

Want to avoid Phishing?
Open the launcher and click links directing you to specific pages on the site.
Want to go back to that page later? Favorite.

[Trife]

Another point to add.

No company ever will ask for your login info, ever!

If you get an email saying your account (any account) has been compromised. The most they'll do is have you change your password, not ask for your old one. This goes for any email you may receive that asks for your information. The truth is, the admins of a server aren't gonna need your info if they need to access it, they have total control and access to it already.

If you do think the email might be legit, go to the account management site yourself. Don't use the links provided in the email.

[Itachi]

Do not use the same account name/pw combination you use in games on fansites, social media and the like. Many of them got compromised in the past and will be compromised in the future as well!

Use junk-email accounts for fansites.

Do not log in from public places/ at friends who get an average 1 new toolbar a day.

Do not share your account info with your bi-polar girlfriend/boyfriend/alien partner.

Use firefox/chrome WITH adblock.

[Merph]

Set up a one-time password app or physical authenticator. Even with your username and password, someone else can't log into your account without that.

Android: https://play.google.com/store/apps/d...software_token
iOS: https://itunes.apple.com/us/app/squa...617970570?mt=8

[Khalus]

Just get an authenticator, and you'll never be hacked!

Certainly they will try, as I've on occasion gotten emails that said, "such-n-such from china would like to log in, do you authorize?" ummm no lol

I've had an original FFXI authenticator for 8 yrs now I think, back when hacking and gil sellers were huge then, and not once has my account been compromised!