Siglinde Skysworn

Sargatanas (Aether)

You have no connection with this character.

Follower Requests

Before this character can be followed, you must first submit a follower request.
Do you wish to proceed?

  • 10

Account Hijacking On The Rise

Recently, I have been running across posts of people getting their accounts suspended for no apparent reason. Usually, the cases involved the following:

* Had not logged in for a while (could be from days to months)
* Account was suspended upon logging in / was in Mordion Gaol on logging in
* No email from SE explaining reason for the suspension
* Victim could not recall doing anything in violation of TOS

Most of these cases are likely accounts compromised by RMT Gil sellers, because in every one I saw, the owner's account was not secured using two-factor authentication using the SE security token. In some cases, the player had actually input their SE Account username and password into a third-party site of phishing website, and lose control that way.

The RMT traders are very aggressive in their phishing efforts now, and there is often a channel on Twitch with a clickbait stream name such as "700m gil giveaway!" "MTQ retiring from streaming!" etc. Usually, they get you to click on a link to some website that asks for your log-in details, and when you enter them, they can then login using your password. Alternately, if you use the same account name and password for your SE account on other websites, then if those websites become compromised, so could your account.

In order to protect yourself, I suggest securing your account with the Security token.

You can get either a software token that is an app on your phone:
* Apple App Store (USA)
* Google Play Store

Or you can get a physical token which is a keychain-like device:
* Square Enix Store

Follow the instructions included to activate your account to start using the software token. If you are using the software token, follow these instructions. You will receive an email from Square Enix titled "Square Enix Account - Software Token Registration Complete", and inside will be a "Serial number for the registered Software Token". This serial number must be kept secure (I suggest writing it down), because it is needed to remove the software token from your account if you sell or lose your phone.

The way these tokens work is that both the token and the Square Enix server know the same secret number. Passing this secret number and the current time through a mathematical equation will generate a 6-digit code, which is good for only about 1 minute. One of these codes must be input into the "One-time password" field on the login screen every single time you log in.

Because logging into your account requires both your password and a physical object you own (phone or security token), your account is more secure. For example, you visit a scamming website, and enter your username, password and one-time password. However, unless the scammer logs in within 1 minute, the one-time password will expire and you still have control of the account. They won't be able to log in again after that, since they don't have the phone that can generate a new code based on the current time. They can't remove the software token from your account, because they don't have the Serial number for the token.

Using the security token has other benefits. For example, it stops SE's very aggressive account security system, which prevents you from logging in at all if it detects you are trying to log in from a different location or a different device.

* * *

"But Siggy," you say, "I'm pretty smart, I'd never fall for some silly phishing scam."

OK then, let me ask you this: a pencil and an eraser cost $1.10 altogether, but the pencil is $1 more expensive. How much does the eraser cost?

If you answered $0.10, it's wrong! The correct answer is $0.05. Don't feel bad, even students from top universities such as Havard got it wrong. This is a famous psychological experiment, used to illustrate how high IQ does not avoid the mental shortcuts our brains use when thinking.

Scammers exploit cognitive biases such as these, and nobody is immune, because they are human nature. That's why even very intelligent and highly educated people can still fall for scams. Take action today, and protect your account!
Comments (10)

Pan'da Express

Sargatanas (Aether)

I hope they hack my account and accidently leave some of that gil on my character.

Esper Eidolon

Diabolos (Crystal)

I have had tokens set up on my mmos ever since i had all my stuffs stolen in WoW many years ago.

It’s been the best armor to have yus yus.

Annabel Ashcroft

Faerie (Aether)

I use a hardware token. I know it is good to use but God it is SUCH a pain in the ass!
The reason is it is REQUIRED to log onto Lodestone AND mogstation too! Mogstation I can possibly see, but LODESTONE? So if I am on vacation and stupid lodestone decided to reset my login, I am screwed since I won't have the token on me.

Well have it on the PHONE stupid Blonde Ditz! , Yeah, and if the phone breaks or dies, or gets lost, good luck messing with all that token recovery! ;p

Esper Eidolon

Diabolos (Crystal)

Token recovery is pretty simple, just have to have access to your email

Annabel Ashcroft

Faerie (Aether)

And WTF? 5 instead of 10? That is some intellectual CRAP! LOL
Yes, you got to read the question right to understand it, but COME ON, people are LAZY about that stuff! ;p And anyway, Math: BLEH!

But seriously, common sense and wisdom people, Nothing and NO ONE should be asking you for your logon info for ANYTHING, unless you are at the OFFICIAL site where it is actually used!!!!!

Vigilance, observation, and check every damn thing TWICE to make sure it is the RIGHT site!

Esper Eidolon

Diabolos (Crystal)

A quick note that should be stated.

Free Company web sites can not and will not ask for your log in information for final fantasy xiv.
(If ever they did this could lead to massive bans.)

Also no fan oriented websites can nor will enforce you to log in.

If you receive an email asking for you to verify anything make sure you do not follow links sent to email. You can easily check everything through square enix alone. This also goes for Apple products and other things.

Seychelle Boutique

Hyperion (Primal)

Accounts getting hacked and sending out tell's of "go to this Youtube" is happening too. The youtube will have a link you click there.

Strawberry Jelly

Aegis (Elemental)

I agree with using serurity token.

As far as I know, some FC ask for memberers using secureity token.
Because, Not only protecting own accounts and hacking trouble, but getting teleport registered
one location for free in Eorzea.
I always play FF14 Japanses ver, so if security token system is different, excuse me.

By the way, your logical question is so intriguing.

Pencil put X. Eraser put Y.    
X is 1 higher than Y
So, Y+(Y+1)=1.10

Serena Sable

Spriggan (Chaos)

Or realize that dailies give you about 100k gil a day..
700k /week
2.8m /month -/+ 300k
33mil /year

But people wanna be impatient/lazy

Kahori Harukawa

Coeurl (Crystal)

$14.99 for a SE Token...mmmm, that IS an investment. I'll wait for Friday.
Post a Comment
ForumsMog StationOfficial Blog

Community Wall

Recent Activity

Filter which items are to be displayed below.
* Notifications for standings updates are shared across all Worlds.
* Notifications for PvP team formations are shared for all languages.
* Notifications for free company formations are shared for all languages.

Sort by
Data Center / Home World
Primary language

Cookie Policy

This website uses cookies. If you do not wish us to set cookies on your device, please do not use the website. Please read the Square Enix cookies policy for more information. Your use of the website is also subject to the terms in the Square Enix website terms of use and privacy policy and by using the website you are accepting those terms. The Square Enix terms of use, privacy policy and cookies policy can also be found through links at the bottom of the page.