Phishing scams in Second Life
There has been an increase in Phishing attempts in the last couple weeks and a lot of people have fallen for them and lost their Second Life Accounts.
Phishing in SL is mainly the act of tricking a user into giving their login and password information through fake yet convincing Second Life login webpages.
Here is how it works.
- Someone posts a link and sometimes text to entice you to click it, sometimes this can be a friend or someone you know (because they've already had their accounts hacked).
- You click the link and it takes you to what looks like a Second Life Login screen.
- You log in using your SL Username and PW.
- You've just been Phished and given someone your SL Login information. They can now log into your SL account, take your money, destroy your SL Property, delete your inventory.. etc etc etc.
How to avoid being Phished
If you have clicked a link, and it takes you to a login page of some kind, no matter how much it looks real... DO NOT LOG INTO IT YET!
FIRST, look at the URL very carefully. The Linden Lab Login URL is
https://id.secondlife.com/ .
If it does NOT start with https://id.secondlife.com/, then it is not a real Second Life login web page. Do not log into it, and DO file an abuse report on the person who sent the link. From the Help menu, Report Abuse.
If you are unsure, go to http://secondlife.com and click on the "LOGIN" at the top right. That will take you to the legit login page which starts with https://id.secondlife.com. Log into that page, then follow the link.. if the link still takes you to a log in widget.. it's totally a scam.
If you've already been Phished
Immediately
- Go to http://secondlife.com
- Click the LOGIN link at the top right and enter your login information.
- On the right is a link called "Account" click it!
- Then click "Change Password" and change your password right away.
Please, protect your accounts. Think 3 times before entering your login information. Always check the URL.
Sincerely,
Jessica Lyon and the Phoenix/Firestorm Team
That's why I use Bookmark to log in.
ReplyDeleteAstounding that these old tricks still work: I’ve learned years ago that I must never open any password-demanding links, no matter what site it is or who has sent it. Plus it’s a an old but still very good idea not to open any links at all which you are not sure about to avoid any drive-by malware stuff.
ReplyDeleteThe phishers are particularly rampant in group chat. Another trick they use is; create a new account, join as many autojoin groups as they can, spam the group with some fantastic made up offer for free linden or items followed by a hyperlink. As soon as they do a mass post, they log out and delete that account, move on to another. Many times they are part of a bigger network that has hacked thousands of computers and can mask the IP, so they are harder to catch. If it looks too good to be true, err on the side of caution.
ReplyDeleteOne More thing; If you have Paypal attached to your account, change that password too
ReplyDeleteSome credit cards offer temporary credit card numbers for online purchases. They can only be used with one company, and you set a limit ad an expiration date. If your credit card offers that service, you should use that instead of your usual card number.
ReplyDeleteThe biggest tip of all, which should be included in the OP, is to NEVER click those links. If anything asks you to go somewhere and log in, then you go to secondlife.com and contact them that way if you are unsure.
ReplyDeleteClicking the link could expose you to a drive-by download.
DONT CLICK THE LINK, EVER.
ReplyDeleteWithout getting too techy in explanation, the #1 vulnerability on the Net these days is vulnerabilities to cross site scripting attacks. There could be code on that page that can place a cookie on your comp to retrieve info from you, or read other cookies (SL login, Facebook, etc. I've seen it done with DailyMotion, see dc414.org March meeting notes) and login as you WITHOUT ever getting your username OR password.
If you click, you're probably screwed.
How to stop it? Firefox with NOSCRIPT plugin installed. Logout when leaving a site. Clear cookies EVERY TIME you close a browser. Sites that dont log you out are probably vulnerable, seeing as their IT guys are dumb, dont care, or the site was made with a pagebuilder program, and vulnerable as a kitten in a tornado.
I am surprised that this still works, I remember getting emails telling me that B of A was hacked and that they needed me to log into my account to help fix there problem, the funny thing about it is that I never had a b of a account so I when to here web page and did something like user name John_Doe password 123456 something really stupid like that. the site looked official but the address was was not. so I reported them. that was about 10 years ago or so and most of us were smart enough to know it was a scam back then, I am curious how many people actually fell for it this time. 10 years ago it was the elderly who fell for it
ReplyDeleteI was hacked in sl. And I DO KNOW not to re-enter my password, etc. So, despite what the others have commented here, you don't have to be "dumb" or "gullable". It's always been true, across the board when dealing with thieves "the more careful we get, the smarter they get" Most likely I was hacked thru a link to the MP. I use to use "save password" or "auto sign in" and I ofc now I don't. I was able to avoid a lot of damage because my friend txted my RL phone as soon as he got a suspicious im from "me" inworld. I immediately changed my pw to all my accounts, ALL, cleared cookies, etc etc. Be Wise. Suki
ReplyDeleteLast week I encountered a scam at a place called ONDUTY - you sit down on one of their medical chairs and when you attempt to stand up - your account is charged $300L. Because you have clicked stand up. They must have been using a fake stand up button or something. I found out they they were also trying to hijack my account by telling me if I sat somewhere else, I would get my money back - when one of the people typed in 8money8 - I realized they were trying to either get more money from me or hack my account to use in their schemes. I TPed out of there and changed my pw really quick. Of course I never got my money back, but ill take it as a lesson learned. I cant believe there are bums on SL who live to do this.
ReplyDeleteIn Mozilla Firefox, always click on the icon in front of the URL that is displayed. This will reveal the real identity of a page. (A https: URL can actually be faked now with the help of HTML5).
ReplyDeleteLooks like someone is trying to use your identity for phishing:
ReplyDeleteThe object 'Phoenix Viewer' has sent you a message from Second Life:
Happy Easter Everyone! Get 1000L just for answering a quick survey --> http://fileml.com/1N6R96
= Phoenix Viewer is owned by FirestormRelease Resident
= http://slurl.com/secondlife/Reddit/140/221/3026
i never ever had a problem in Sl ever. change my password, i never click on anything. never auto accept unless i know what groups im getting shit from, i never auto accept period, and i never tp to a place unannounced, dont sit on things i dont know, and dont click on sites ever in chats or links.it might take a while longer to sift through things but hey. like i said i never had issues. and i always double back my alts. so my mains have so do my alts have what i need. so anyone who downs alts..this is why.
ReplyDeleteIdea:
ReplyDeleteMake an alt and leave a shirt that says "F*** you account stealer"
then type it in the fake sl.:P
There is now a JIRA regarding one of the loop holes that the scammers are using to send messages.
ReplyDeletehttps://jira.secondlife.com/browse/VWR-28743?
Along time ago on another gaming site called Pogo.com we had Phishing scams running in there as well. Just have to be really sure what you are clicking on folks. Sad its made it to our awesome land...its ok Mean People SUCK and the nice ones take OVER! HA! Have a WONDERFUL FRIDAY my SL Bretheren!
ReplyDeleteI got it too,as soon as i logged in as a 'Second Life' oficial message in the firestorm viwers, and it did not came from any object it was a 'oficial' message, of course i didnt click it, but i got a print: http://farm9.staticflickr.com/8154/7102852087_38be1958a9_b.jpg
ReplyDeletety so much for telling us about the SL Phised.my friend said some random person know his real name somehow n where he lives.... n that person is from sl...I havent been on sl for awhile but he ask me if I know that person I thought something was kinda strange and now ill tell him about wats going on in sl.I'll tell him change his password hopefully the sl stalker will go away. TY!
ReplyDeleteHello, this is totally off subject, was wondering whom do I contact about featuring our sim on your opening page?> I believe we have a good sim and would like other people in secondlife to view it, If there is a particular person can you please contact Ruff Pearl in secondlife to see how can I go about getting our sim featured
ReplyDeletetyvm
Ruff Pearl
Upon logging into SL my viewer totally shuts down on its own before allowing me to enter the world. Anyone else having this issue?
ReplyDeleteSL in general has been crabby for the last week, tons of people can't login and there's NOTHING on the grid status page. So Joslyn, I hope you don't have rent to pay, or pets slowly starving to death, because SL might be broken for a while... *goes back to playing Sims 2*
ReplyDeleteThank you for the advice. Yes you don't have to be dumb or whatever, you could have had a bad day, hard times or be real tired. Don't be so harsh on others, no-one is perfect. I think I entered my details one tired night but I'm lucky that nothing has happened yet. thank you very much for filling us in on the whole story :)
ReplyDeleteWow... not much going in in the Phoenix/Firestom website/blog :(
ReplyDeleteYou should seriously note that MTL is real and ligit. Don't be destroying Online Survey companies because of this scare.
ReplyDeleteThey even require you to have a password different from your account password(though the same account name so they can pay you.)
rt now i am having a problem logging in firestorm viewer. is sl down or did i just get hacked? none of my viewers are working either for sl or inworldz
ReplyDeleteHow about an update to the blog? Just a, "Yes, we're still alive." would be appreciated.
ReplyDeleteThe silence is deafening. I almost miss the whining.
ReplyDeleteThanks for the heads up, I've warned my students to watch out for this too. :)
ReplyDelete