Recently, I have been running across posts of people getting their accounts suspended for no apparent reason. Usually, the cases involved the following:
* Had not logged in for a while (could be from days to months)
* Account was suspended upon logging in / was in Mordion Gaol on logging in
* No email from SE explaining reason for the suspension
* Victim could not recall doing anything in violation of TOS
Most of these cases are likely accounts compromised by RMT Gil sellers, because in every one I saw, the owner's account was not secured using two-factor authentication using the SE security token. In some cases, the player had actually input their SE Account username and password into a third-party site of phishing website, and lose control that way.
The RMT traders are very aggressive in their phishing efforts now, and there is often a channel on Twitch with a clickbait stream name such as "700m gil giveaway!" "MTQ retiring from streaming!" etc. Usually, they get you to click on a link to some website that asks for your log-in details, and when you enter them, they can then login using your password. Alternately, if you use the same account name and password for your SE account on other websites, then if those websites become compromised, so could your account.
In order to protect yourself, I suggest securing your account with the Security token.
You can get either a software token that is an app on your phone:* Apple App Store (USA)* Google Play Store
Or you can get a physical token which is a keychain-like device:* Square Enix Store
Follow the instructions included to activate your account to start using the software token. If you are using the software token, follow these
instructions. You will receive an email from Square Enix titled "Square Enix Account - Software Token Registration Complete", and inside will be a "Serial number for the registered Software Token". This serial number must be kept secure (I suggest writing it down), because it is needed to remove the software token from your account if you sell or lose your phone.
The way these tokens work is that both the token and the Square Enix server know the same secret number. Passing this secret number and the current time through a mathematical equation will generate a 6-digit code, which is good for only about 1 minute. One of these codes must be input into the "One-time password" field on the login screen every single time you log in.
Because logging into your account requires both your password and a physical object you own (phone or security token), your account is more secure. For example, you visit a scamming website, and enter your username, password and one-time password. However, unless the scammer logs in within 1 minute, the one-time password will expire and you still have control of the account. They won't be able to log in again after that, since they don't have the phone that can generate a new code based on the current time. They can't remove the software token from your account, because they don't have the Serial number for the token.
Using the security token has other benefits. For example, it stops SE's very aggressive account security system, which prevents you from logging in at all if it detects you are trying to log in from a different location or a different device.
* * *
"But Siggy," you say, "I'm pretty smart, I'd never fall for some silly phishing scam."
OK then, let me ask you this: a pencil and an eraser cost $1.10 altogether, but the pencil is $1 more expensive. How much does the eraser cost?
If you answered $0.10, it's wrong! The correct answer is $0.05. Don't feel bad, even students from top universities such as Havard got it wrong. This is a famous psychological experiment, used to illustrate how high IQ does not avoid the mental shortcuts our brains use when thinking.
Scammers exploit cognitive biases such as these, and nobody is immune, because they are human nature. That's why even very intelligent and highly educated people can still fall for scams. Take action today, and protect your account!