Page 1 of 3 123 LastLast
Results 1 to 10 of 22

  Click here to go to the first staff post in this thread.   Thread: Prevention of account phishing

  1. #1

    Prevention of account phishing

    The damage has been done, phishers are ruining the game for us. Taking active players left and right, we have nothing left but to ask for help urgently. Supercell, you need to do something urgently about your account recovery system and I mean urgently. This is probably the most important messge your ever going to receive from a player. And hopefully Darian or Eino sees this and makes a change.
    Too many accounts are being phished and stolen all the time and I mean active players as well. In the last week/month:

    A th9 player named [redacted by Forum Moderator] (level 290/free to play/#[redacted]/@[redacted]on Instagram) was phished and upgraded from th9 to th11 within 2 hours.

    2 days ago, a guy named [redacted] (founder of the redacted] was phished. His th8/lvl 350 was upgraded from th8 to th11 yesterday. He also held the world record for most donations in a single season at th8: 1.37 million in December 2019! That’s insane for a th8.

    An amazing friend of mine named [redacted] had his th10 phished and lost his clan about 1 month ago. Lucky for him, he got his clan back.

    The infamous [redacted] got phished. Nothing happened.

    And most importantly my good mate [[redacted] Last 24 hours, I have been trying to recover his th7 that had been attempted to be phished and stolen but instead It got locked. It’s lvl 323 and he can’t recover it because he needs the first receipt on the account. But over the last year, he has spent over $25000 on 100+ accounts making it impossible for him to recover his th7.

    Even I have been phished and banned: back in December 2019, my th10/lvl 227 was phished as I was attempting to donate 1 million troops in a single season in the most famous donation clan(record holding clan for most donos in a single season: 21.7 million in November 2020! [Redacted]
    Sadly my th10 was upgraded to th13 and then banned for some reason.
    I wanna suggest an incredible idea that will stop everyone’s account being phished:
    ———————————————————
    A security question to each account
    ———————————————————
    If you think about it, only the real owner would know the answer to the security question which would likely make him like the real owner of the account. Players should either make up there own questions or either you could give us a question and we put an answer to it.
    Examples:
    What is your real name?
    What year/month where you born?
    When is your birthday?
    And many more.

    This would make the game are 100% better to play. Many Og clashers have retired/quit cause of this due to there:
    1: high pb accounts stolen/upgraded
    2: High XP lvl accounts stolen and upgraded (shooter and crafty)
    3: There high war star account stolen and upgraded (1500+ war stars)
    4: There old obstacle accounts stolen and upgraded/banned (2012 stone/tree-2014/15 tree)

    Supercell, you really need to fix your recovery system ASAP. Adding a security question to every active persons account from the day the update comes out (if you can do that which would save your game entirely) will change everything. I guess this is it from me. Hopefully you read this all and add my idea into the game. It’ll change a lot and save a wonderful amount of people’s accounts being phished. Please supercell, save us.
    Last edited by Cowslips; January 24th, 2021 at 04:48 PM. Reason: Removing personal information to safeguard those mentioned

  2. #2
    Forum Hero Phoenix1027's Avatar
    Join Date
    Apr 2016
    Location
    The Land
    Posts
    7,888
    An account is as secure as the player that plays it. Your idea does nothing to help the security of an account. A phisher will just ask players for the answer to their security question, and players will be dumb enough to give it out. You can't fix player stupidity and that is the underlying cause of account scams.
    | BK 75 | AQ 75 | GW 50 | RC 25 |

  3. #3
    Quote Originally Posted by Phoenix1027 View Post
    An account is as secure as the player that plays it. Your idea does nothing to help the security of an account. A phisher will just ask players for the answer to their security question, and players will be dumb enough to give it out. You can't fix player stupidity and that is the underlying cause of account scams.
    It’s not like that: a guy can simply ask someone to make an account for them, they get access to the account and then the receiver of the account can “instalink” all of the players accounts. This shop we to crafty. [Redacted] was just phished normally
    Last edited by Bakunin; January 24th, 2021 at 04:52 PM.

  4. #4
    Forum Legend Piper139's Avatar
    Join Date
    Dec 2014
    Posts
    9,154
    Here is a long thread discussing sc id security.
    https://forum.supercell.com/showthre...secure-is-SCID

    In addition, activity like making an account for someone and transferring it to them violates the terms of service and obviously makes you vulnerable to phishing.
    sig by dharmaraj in sig shop
    Clan: MN ICE #8UCRP8CL
    IGN: Piper139 #2PQQR9Q22

  5. #5
    Quote Originally Posted by MarsClasher View Post
    It’s not like that: a guy can simply ask someone to make an account for them, they get access to the account and then the receiver of the account can “instalink” all of the players accounts. This shop we to crafty. Shooter was just phished normally
    Why would you make account for someone else randomly? Isn't this simply a way to show how prone you are to be phished? Nothing can safeguard the account if players are willing to share each and every detail to others with their posts on social media or trying senseless stuff as in connecting to else's SCID, sharing account for war attack/donation, creating account for others, trying to recover else's account, etc.

  6. #6
    Quote Originally Posted by MarsClasher View Post
    It’s not like that: a guy can simply ask someone to make an account for them, they get access to the account and then the receiver of the account can “instalink” all of the players accounts. This shop we to crafty. Shooter was just phished normally
    Why should SC go to so much trouble to help players that broke the terms of service? Most accounts are stolen due to account sharing, attempting to get an account from someone else (or free gems), or sharing account information accidentally. I only feel bad for the last one. Some of the players you refer to may have been involved in something shady, maybe a bot program, maybe account sharing...it’s possible.

    The security questions you reference would make it easier to scam the accounts in some ways. Social media data mining (not to mention just plain clan chat) divulges a lot of that. I’d rather see a code sent to my phone number in order to play my account on a new device.
    Last edited by 2222; January 24th, 2021 at 03:55 PM.

    Contact SC here. Click here for how trophies are calculated. Click here to see how war map placement of max halls is determined. An idea to improve legends here. I wish max players had a separate loot bank as described here. Caution, I often discuss for the sake of discussion and enjoy having my opinion challenged (or approved of) even when I care little about the actual issue. My balance wish: get rid of tornado trap, make it a decoration.

  7. #7
    Forum Superstar
    Join Date
    Dec 2017
    Posts
    3,228
    Quote Originally Posted by MarsClasher View Post
    It’s not like that: a guy can simply ask someone to make an account for them, they get access to the account and then the receiver of the account can “instalink” all of the players accounts. This shop we to crafty. Shooter was just phished normally
    Your OP scatters unnecessary details like confetti & you seem not to grasp how scammers can put together enough information to compromise accounts!

    If you want to discuss a new security system, do so on its own merits. Saying this happened to X & that happened to Y is not relevant without context.

  8.   Click here to go to the next staff post in this thread.   #8
    Cowslips's Avatar
    Join Date
    May 2015
    Location
    At home (still...)
    Posts
    4,072
    Quote Originally Posted by Kaledonian View Post
    Your OP scatters unnecessary details like confetti & you seem not to grasp how scammers can put together enough information to compromise accounts!..,
    Precisely! Publishing such information on a public forum is inviting trouble. Anyone in the world can read this forum and take information from it; you do not even have to register as a forum member to access it.

    OP, please take more care of your own and others' information. No matter what additional security systems might be put in place, they are unlikely to prevent loss of accounts due to lack of security on the player's part.
    Last edited by Cowslips; January 24th, 2021 at 04:56 PM.

    Hay Day level 201 (main farm) - I have seven others!




  9. #9
    Forum Hero Phoenix1027's Avatar
    Join Date
    Apr 2016
    Location
    The Land
    Posts
    7,888
    Quote Originally Posted by MarsClasher View Post
    It’s not like that: a guy can simply ask someone to make an account for them, they get access to the account and then the receiver of the account can “instalink” all of the players accounts. This shop we to crafty. [Redacted] was just phished normally
    And under your proposal someone could ask a player in clan chat how old they are or what their birthday is. On its own it sounds like an innocent question until that player finds that their account was stolen because they gave out the answer to a security question. Same goes for asking someone their real name. And it wouldn't even be limited to clan chat, this could happen on discord, the forums, reddit, etc. Players publish their player tags all the time on the internet for recruiting purposes. In other posts they might have mentioned how old they are or what their real name is. A phisher just needs to do a Google search to piece together all that information and they can easily phish the account.

    And how ironic that in your first post (before it was redacted by the moderators) you named a bunch of players and their player tags. You had given out publicly, for the entire internet to see, the first piece of the puzzle an account phisher needs. And you said those players were record holders, so I guarantee it's not hard to search for those players on the internet and find personal information about them that could be used to phish their accounts. I bet you didn't even realize that you directly contributed to the problem you want to fix in your very first post.

    Your idea makes it easier, not harder, for someone to steal an account.
    Last edited by Phoenix1027; January 24th, 2021 at 05:22 PM.
    | BK 75 | AQ 75 | GW 50 | RC 25 |

  10. #10
    Well, how did they get phished? Cuz if the were account trading or trying to “buy free/discounted gems” I have zero sympathy.

    Also, SuperCell sends verification codes to your email that you need to enter when you log into a new device so even with your SuperCell ID info you need an extra code to log into a new device.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •