How to stay safe from Second Life phishing scams

phishing

On Friday, March 11, Linden Lab posted “A Reminder About Account Security” under “Featured News” on the Second Life blog. This blog post is about how to stay safe from phishing scams. Wikipedia says that “phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Here’s how a phishing scam works. I get an IM from a trusted friend, or I see a message in group chat, that says something like this:

“Please visit my new store on the Marketplace.”

followed by a URL (a link):

http://marketplacesecondlife.garblegarble.altervista.org/index.html

There are several clues here that I should spot right away.

  • The link starts with “http”, not “https”. If it started with “https” then I could be pretty sure it was a secure link to a website where I could put in credit card information. Plain old “http” isn’t a secure link.
  • I know from seeing it time after time that the Second Life Marketplace URL is marketplace.secondlife.com, right? So if I am seeing a different address in the link, then I know I’m not going to the right website. If I see marketplacesecondlife or something other than what I know to be correct in the address, that should start the alarm bells ringing for me. Why would I want to click on that?
  • What’s that “altervista” in there for? Many of these fake links are created at altervista.org, yet people click on them anyway. My brain is saying “Why would I want to go to altervista.org?” but my finger clicks the link anyway. Bad, bad finger.

LOLCatCannotBrainHaveDumb

But suppose I don’t pay attention to the link address, because I have a splitting headache from too much partying last night, or I have the dumb today and I cannot brain. So I click on the link. It takes me to a web page that looks similar to the Second Life Marketplace start page, and it has username and password entry boxes. So I enter my SL username and password, and click the “Login” button. But I don’t see the familiar Marketplace website with my buddy’s new store. Maybe I am back on the login page, or I get a “Page not found” error. I think to myself “Oh well, the Internet is being weird again,” but what really happened is that I just fell for a phishing scam and gave my Second Life login information to the scammer. And please note here that the scammer didn’t “steal” my information. I gave it to him of my own free will, because I wasn’t paying attention.

The scammer sits down at his computer and sees that I am the latest victim to fall for his scheme. So he logs in to Second Life with the account information that I gave him. He changes my password right away, to make sure I can’t log in while he’s doing his dirty work. He transfers all of my Linden dollars to himself and steals whatever he can get from my inventory. Then he sends the following IM to all of my friends and some or all of my groups:

“Please visit my new store on the Marketplace.”

followed by a URL (a link):

http://marketplacesecondlife.garblegarble.altervista.org/index.html

So now all of my friends get an IM that says Hal has a new store. Most of my friends are too smart to click that link, and they will be sending group notices saying “Hal’s account has been hijacked. Don’t click on any of his fake Marketplace links.” My friends will also start writing Abuse Reports to let Linden Lab know that my account has been hijacked. But the damage has already been done. Let’s say five percent of my 500 active friends and fellow group members are in hangover recovery today, or they have the dumb just like me. So they go ahead and click the scammer’s phishing link and give him their username and password. That means 25 more people get their accounts hijacked, their money and inventory stolen, and their accounts used to send IMs and group messages to all of THEIR friends. If the scammer uses my hijacked account to hijack 25 accounts, and each one of those accounts gives him 25 more to hijack, he has 625 accounts to steal Linden dollars and inventory from.

Linden Lab will suspend my account so the scammer can’t use it to send out any more IMs and group messages. They will also contact whoever is in charge at altervista.org to get the scammer’s website shut down. I will contact Second Life Support and get my account back with a new password. But there will be zero Linden dollars in the account, and some of my inventory will be missing. 25 of my friends will be very angry at me because the scammer stole all of their money too. And 500 of my friends will never quite trust me again, because now they can’t be sure whether they are talking to me or the scammer.

So don’t be like me. Don’t be dumb and click on those phishing links. Trust, but verify.

LOLCatEntryDenied

Here’s another scammer-related issue that isn’t talked about anywhere that I know of. Although I have never had my account hijacked, I have been on the receiving end of this trick. One morning in April of 2013, I received L$50,000 (about US $200) from a resident I didn’t know. A friend received the same amount from the same resident. She didn’t know the person either. I received an IM from the person that same afternoon, telling me that her account had been hijacked. She had looked through her transaction history and found where the hacker gave me the money while her account was under his control. She wanted it back, please. Luckily I had heard about this tactic from someone else, so I asked her to wait, and I wrote an Abuse Report. Two days later, I contacted Second Life Support about it. The response was “I see you have already filled an abuse report which is the correct way to report this issue. I apologize for the delay but a Governance team member will assess the Linden Dollars for you.” That same evening when I checked, I saw that the money had been removed from my account with a note that said “Linden Adjustment.” So if you receive a large sum of Linden dollars for no reason that you know of, don’t spend it! It could be an attempt to get you to spend the money so that Linden Lab will place your account on hold for questionable transactions. Just write an Abuse Report and let Linden Lab sort it out.

If you need to contact Second Life Support, you can do that here. Don’t be a victim of scammers.

LOLCatTryChewingOnTheCable

Advertisements

About Hal Jordan

https://thegreenlanterns.wordpress.com/
Gallery | This entry was posted in Security. Bookmark the permalink.

2 Responses to How to stay safe from Second Life phishing scams

  1. Reblogged this on Medieval & Fantasy Grid Crier. and commented:
    For apparent reasons … here a cool (the best so far) nice written post.
    I saw 4 such spammer actions from 4 different accounts in the groups in the past 12 hours. I hope many many people read this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s