So as a lot of you probably already know, dozens of rare bases have been getting phished and then ruined lately, although this problem has existed for years.
Note that some of this bases are engineered bases, 2012 stone bases, rare special obstacle bases, low th pushers, high donators and other unusual bases.
All of these accounts have been put a lot of work, time and effort into them, hundreds of hours, all to be ruined and lost bc a random idiot thought it'd be funny to phish the account and destroy the progress.
Of course, the only reason why this is happening is because supercell's account recovery system is the absolute worst it could possibly and remotely ever be. Don't get me wrong, all of the phishers (which I've talked a fair bit with myself) are toxic scum as$holes that only do this for fun, not caring at all about the true owners of the accounts. But if you give someone the possibility to steal accounts it will end up happening, ultimately its the system's fault because there are always gonna be idiots somewhere. Supercell has been ignoring and evading this problem for years now, for several reasons:
-
Trying to fix this problem would mean recoginsing that there is one in the first place, which is something that they refuse to do.
-
The agents that work in the recovery system support are from an external company, and redesigning everything would mean hiring/forming/firing new people, which would cost a lot of money aswell as require a lot of work.
-
They aren't getting enough shit for it. They have an easy and bad designed solution for a problem they clearly don't care about, so as long as other people don't care they wont bother in fixing it.
The problem is massive right now, a mildly experienced phisher could phish any account in the game after a few tries right now just by knowing their tag. Some people have even created phishing bots that can automatically do it. They also use vpns to change locations so that they get the best agents all around the world (yes they know pretty much all of them and which ones are the best to phish accounts, its rumoured that some of them even secretly help the phishers and make it even easier than what it already is for them). Seeing how bad the issue is right now and how supercell has done nothing after all this years I want to propose some solutions to the problem here:
1: accounts that are already linked to supercell id should simply not be able to be recovered, its that easy. If you are the true owner of it go and recover the email linked to the account and that way you will get it back. If for some reason you have lost the email for good I am so sorry but the account will be lost forever. But lets be honest, most of the time someone claims that they have lost the email for good in sc support its just a phisher trying to steal someone's account.
2: Never ask questions about information of the account that can easily be known by anyone. Ive seen questions like the date the account was created, past clans that it has been in, previous names, last time someone logged in, etc. Most of these things are easy to know by looking at the base's tag, obstacles, clan history or name history that some online tools automatically provide. Instead, only questions like past in-game purchases, specific location, API code or even friend list should be asked by support. These things are much harder to know (although definitely not impossible) if you arent the true owner of the base, which will make it a bit harder for phishers.
-
Enable 2 factor authentication for accounts. 2FA has proven to be relatively safe (although definitely not flawless) in various other places so it would add some extra safety to coc.
-
Someone should not be able to recover an account that has been recovered in the past. A lot of the time these type of people like to steal accounts to each other so this would be an easy way to stop this from happening. This would already be solved with the first point but I wanted to point it out.
-
Allow us to disable account recovery from our base, if we want to don't let anyone recover our account, including ourselves of course, why shouldn't we be able to do it? It will keep our bases safe from any phishing
Sc I hope this post makes you finally take action, bc this isnt the first one from me or from several other members of the community and it will certainly not be the last one, but hopefully it will make a diference. You have to stop ignoring this problem, forget about th15, forget about bh10 what we want is to have our accounts safe. Coc has proven to be a game that persists over the years due to its active playerbase, but what will happen if phishing bots are perfected and mass phishing starts to be a thing? Thousands of players have already quit bc of this problem and way more will do if nothing is done.
Thank you for your atention kind reader.
(Unknown, scorp, yeah im primarily talking about you both, your phishing days will soon be over)
[link] [comments]
0 comments:
Post a Comment