Advice wanted: Unauthorized account access.

[NotAPrincess112]

I need some advice from the community here, as I have never run in to this situation before, and would like to know how you think guys think I should proceed.

 

A friend of mine had an issue with a group of people. One of them was able to gain unauthorized access to her account, and bring people to her land that she did not want there. The only proof that the person on her account wasn't here was that I heard the person speak on voice, and it was not her voice.

She was able to get back to her account, and change all her info, so the person no longer has access, so the concern I have is this.

I would like some advice on how to proceed with possibly reporting this activity, without risking that my friend's account is in some way shut down, as she did nothing wrong, and was simply the victim. The account is no longer compromised, but I have heard in the past that in cases of accounts being compromised, Linden Labs is only able to bar access to the affected account. If this is not the case, please let me know. As far as the people that were brought on to the land through this unauthorized access, I assume that there is no recourse against them, besides simply to ban them from being able to access the land in the future.

 

Thanks for any input or advice, I really appreciate it.

[Perrie Juran]

What exactly is it you are wanting or expecting to accomplish by reporting it?

And to be clear, your friend would need to be the one to report it.

 

[NotAPrincess112]

I was hoping that there would be some repercussion to the person who logged in to her account without consent.

[Perrie Juran]

---

NotAPrincess112 wrote:

I was hoping that there would be some repercussion to the person who logged in to her account without consent.

---

I would put the odds of that happening at less than zero.

[NotAPrincess112]

So, anyone can basically take accounts and nothing can happen to them?

 

It's an active user that logged out of their account to log in to her account, and then logged back in to their account.

[Innula Zenovka]

To my mind, LL face the problem of knowing who this person was who logged in on your friend's account.     Even if they trace the IP address that was used, that wouldn't be sufficient to identify the person.   And if your friend isn't prepared to lodge a complaint, I really don't see LL doing much on the basis of an account from a third party.

How did this person come to take over your friend's account and how was she able to recover the account?    I've got a feeling there's a bit more to this than meets the eye.

[Pamela Galli]

---

Innula Zenovka wrote:

How did this person come to take over your friend's account and how was she able to recover the account?    I've got a feeling there's a bit more to this than meets the eye.

---

As usual with these stories from a friend.

[NotAPrincess112]

The issue is not if my friend will or will not lodge a complaint, the reason I am asking is because we don't want to start any kind of complaint if it will result in her account being deactivated in some way as well.

 

We don't NEED to do anything, but feel like there is no telling who this person may or may not be attempting to hijack the accounts of as well.

 

I'm not entirely clear on how the account was compromised, but I believe the account was recovered simply because no password was changed, so she simply logged on and changed her password.

[Innula Zenovka]

Thanks for the explanation.   

If LL follow their standard proceedure as outlined at Linden Lab Official: Account Security, your friend will find her account is locked, at least for a few days, while LL investigate the matter.   I don't think there's any way round that.

As I said, I don't really see what LL can do.   Your friend complains that someone gained unauthorised access to her account.   LL are obviously going to need to know who this was before they take any action against them.    Even if your friend thinks knows who it was (how?) I can't see them doing much simply on your friend's say-so.   I'm not questioning your friend's veracity, but LL don't know your friend and don't know whether her identification of the culprit is correct or not.

[NotAPrincess112]

To clarify how we know who it was, the person gave themself away by speaking on voice from my friend's account. It is someone we know, so have heard the voice before, that's how we know who it is.

If it's going to result in her account being locked, it would seem that it would just add more stress the an already stressful situation.

[Innula Zenovka]

Thanks for the further clarification.    With the best will in the world, I really can't see LL doing much on the basis of your identifying the culprit because you tsay you recognise the voice.   I'm sure you're correct in the identification, but look at it from LL's point of view.

Also, I don't see there's any round the fact your friend would find her account locked for a few days.    LL have their internal procedures for investigating these things, presumably primarily designed with fraud and theft in mind, and they'll stick to them. 

[NotAPrincess112]

I wonder if the fact that my friend has payment info on file would speed up any such investigative process?

[Amethyst Jetaime]

---

NotAPrincess112 wrote:

I wonder if the fact that my friend has payment info on file would speed up any such investigative process?

---

No.  If the person used her PIOF then it may make it take longer.

 

[KarenMichelle Lane]

Just to be clear on this.

If your friend was able to self-recover her account great. Problem solved, Lesson learned, don't use easy passwords and never use your Second Life Account credentials anywhere except on the official SecondLife website and Viewer.

If someone reports to Linden Lab that their user account has been compromised, Linden Lab's sole focus is to get that account back in the hands of the rightful owner, period! That involves:

1) Freezing access to the account;

2) Using LL's Account recovery procedures which are not designed to be fast, they are designed to be thorough.

and if money was taken...

3) Performing the mandatory Financial Research & Reporting steps as outlined in their Merchant Agreements with PayPal and their own Merchant Bank.

If you are readily available and can respond to the emails sent to you in a timely manner then that recovery will happen quicker. This all happens at LLs discretion since they need to be sure that the person requesting the recovery is in fact the actual account holder. If at the same time you report fraudulent activity that affects your Linden Balance, this will take a bit longer. If your Payment Method was accessed while the account was compromised this will take even longer since LL needs to capture and document that activity to make sure that they follow all the steps required of them by the Merchant Account Agreement they have with their Merchant Bank!

All this activity it being performed to protect Linden Lab. Sorry, you are ancillary to this process. Once the Merchant Loss Recovery steps are performed and any monies returned then a fraudulent Payment Method billing may be paid back to you.

I had a Merchant Tenant who was defrauded when a thief broke her password, accessed her SL account and took $1000's of Euros from her bank account associated with her SL Account. It took 6 weeks for her to be made whole. As I recall she only ended up losing around $50 USD and the remainder was restored to her bank account.

Now people complain about how long all this takes to recover the account and lost Lindens and/or real cash. The account could be recovered in minutes truth be told, but the freezing of the account allows LL to conduct the needed research and documentation to satisfy the Merchant Bank Fraud Recovery requirements. Additionally they follow the path of the money and try to locate all the accounts that are used to transfer the Lindens and eventually the $$ to other accounts. This investigation can cause many other accounts to be frozen while the money is being followed.

Now as to who may have taken your account, Linden lab can trace many things, but IP addresses and PC Identification data of the perpetrators while useful are only valuable under a few circumstances:

1) For use by a law enforcement agency to use if planning on trying to identity the person committing the fraud.

2) For use by Linden Lab to research and make a decision regarding that information.

In the case of 1) Banks do not report small time fraud to legal authorities. It is not cost effective. They take this as a loss based on the tax laws in each of the countries affected. They do their due diligence in regards to the Merchant Agreement they have with the customer [Linden Lab] to minimize the losses with the least out of pocket expense to themselves. If LL is ever able to get your real dollars returned to you then that is a win for you. It took several financial agencies to make that happen. [Your Credit / Debit card issuer; Your bank; Linden Lab's Merchant Account Bank; PayPal, etc.]

In the case of 2) after LL has dealt with your account financial / fraud issues, it may then decide what to do regarding the actual information gathered during the account research when "following the money". This research may end up with some accounts being adjusted to return the Lindens and in some cases accounts will be deleted and IP address/PC's banned for life. This part of the process you are never privy to.

The people responsible for this are rarely identified in the real world. If the internal evidence is reliable, then all LL can do is to eliminate the accounts used in the fraud and apply a ban where applicable.

I hope this sheds some light on a very complex process and why making a hard to guess password is so Important !

P.S. Remember, you are only one occurrence of an account being compromised. I'm sure people regularly make the mistake of using a too simply password and/or falling for phishing scams and losing their login credentials to fraudsters.

[I work as an Accountant/Bookkeeper in RL and have had to assist with this process for several of my business clients when they experienced fraud against their Merchant Bank Credit and Reconciliation Accounts.]

 

Research Notes:

http://en.wikipedia.org/wiki/Phishing

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

https://www.fdic.gov/consumers/consumer/alerts/phishing.html

http://en.wikipedia.org/wiki/Credit_card_fraud

 

 

 

[LlazarusLlong]

Have you considered the possibility that your "friend" is lying to you?

For example, he/she/it may have told someone her account details to enable them to do something or other, and then afterwards he/she/it found out that they had done things with which she would not want to be associated?

Or maybe your "friend" normally uses a voice changer, which he/she/it forgot to use this once when you heard the "strange voice", and now he/she/it has concocted a farrago of nonsense in order to obfuscate the truth, which is that he/she/it is running multiple alts with different voice profiles.

Or maybe he/she/it left the account details on a sticky note on the computer and someone broke into the house and, finding no jewellery or smartphones to steal, contented themselves with playing on SL for a while . . .

[NotAPrincess112]

While I suppose it would be impossible to eliminate these possabilities, I find it highly unlikely that this is the case, mainly because there would be very little point in doing so.

 

I will, however, admit that I have not be entirely honest in this thread. I say this because technically we have not gotten the account back. We do not suspect that any passwords or information were changed, however we can not tell for sure at this point, as my friend has actually been away for several days.

 

I also know exactly how the person was able to gain access to the account, but thought that might skew the advice in some way. I was more or less simply interested in if it were possible for the person accessing the account to get in trouble without any additional harm coming to my friend, or her account.

 

My question has pretty much been answered, so thanks everyone.

[LlazarusLlong]

Deceit inspires deceit.

If we were the police you would be charged with wasting police time.

If you were a witness you would be charged with perjury.

As it is, you have merely exposed yourself (and your "friend") as naive manipulators, and to be honest, I now have little or no sympathy for the pair of you, and won't be wasting any more time in attempting to unravel what is obviously a bunch of lies, half-truths and paranoid fantasy.

[Syo Emerald]

And thats ladies and gentlemen is, why I always suspect that people, who come here to seek help for cases like this one, are not telling the full story. In my humble opinion you and your friend deserve whatever crap happens from now on.

[Caitlin Tobias]

---

NotAPrincess112 wrote:

 

 

I will, however, admit that I have not be entirely honest in this thread.

 

 

---

Oh really.......how surprising.

[Darrius Gothly]

I've resisted till now but the last few posts have convinced me to weigh in.

First off, just based on my years of experience in IT, years of experience with human beings .. and far too much experience with interpersonal relationships .. I too am highly suspicious that at the very least the story told by the Account Holder to the OP is a bit "modified" from the full truth.

Unauthorized account access happens either because the original account holder let their details slip in some fashion (easy password, post-it note, etc.) or they purposely GAVE the details to someone in the mistaken belief that it would never be used against them. (The latter is my personal vote for the real reason.)

To the OP and their "Friend": If (when?) you ever, at ANY time, give your account details to anyone .. even people you would normally trust .. CHANGE YOUR PASSWORD right after they log off. Always!!! In fact, it's best to change your password BEFORE you give it to the other person; a simple easily shared password is perfect at that time. But then once they've done whatever they were going to do, change it back to your private and never shared with anyone regular password.

The technical requirements to PROVE that it was the person you suspect that took over the account are just astronomical and require being put in place BEFORE the access took place. There is no way to prove exactly who it was after the fact without the use of very sophisticated and very expensive techniques. No one capable of wielding such tools would ever consider applying them to this situation.

Without that level of solid proof, you and your friend haven't a single shred of evidence that will cause Linden Lab to take action against the unauthorized user. The police won't get involved either unless money (of a substantial amount) was taken or some other form of serious crime was perpetrated while the account was being used by the unauthorized person.

As for what Linden Lab might do upon receiving the report of an account breach, the only reasonable and logical first-step is to lock the account down then sort out the real account holder .. slowly, methodically .. and correctly. They will require solid forms of identification before they will do anything.

To the OP: I won't berate you, I won't smack you or even yell at you. But I will hope that this event serves not only as a strong and valuable lesson for you and your friend ... and also that this thread has been read by others and will be of use to more people than JUST yourself.

[Perrie Juran]

---

NotAPrincess112 wrote:

So, anyone can basically take accounts and nothing can happen to them?

 

It's an active user that logged out of their account to log in to her account, and then logged back in to their account.

---

All I did was state "odds." 

Maybe you'll get lucky and Karma will show up.  I've heard rumors that she can be quite a b*tch.

But as usual I figured there was more to this story.  Usually the less that people say the more that there is.

Now to further reply to your additional posts I give you the TOS.

"You are solely responsible for maintaining the confidentiality of your password and for restricting access to your Internet Device. You are solely responsible for any harm resulting from your disclosure, or authorization of the disclosure, of your password or from any person's use of your password to gain access to your Account or Account Name. You will immediately notify us of any unauthorized use of your Account, password or username, or any other breach of security related to the Service. [My Bolding] At no time should you respond to an online request for a password other than in connection with the log-on process to the Service. Your disclosure of your password to any other person is at your own risk.

 

We will not be liable for any loss or damage (of any kind and under any legal theory) to you or any third party arising from your inability or failure for any reason to comply with any of the foregoing obligations."

http://www.lindenlab.com/tos#tos4

We do hope that your friend owes up to the fact that she and she alone is responsible for the security of her account and that the odds of that are greater than zero.  Too many people post here about compromised accounts with out wanting to take that responsibility.

 

[Innula Zenovka]

Thanks for the further clarification.

I think you and your friend should read Linden Lab Official: Sharing or transferring Second Life accounts before lodging any complaint with SL, and both of you consider your respective positions in the light of that.

Briefly, it's not against the rules for A to give B access to her account, but A is responsible for what B does when using it.

Furthermore, A is responsible for the security of her password.   In practice, LL are reasonably liberal in how they enforce this, but certainly if they think A has been reckless or negligent about keeping her password secret, they may hold her responsible for what B does when using the account.

In your friend's position, I would be far more concerned about re-securing my account and locking down my financial details if I had Payment Info On File than I would be about making problems for whoever had messed around with the land settings while using my account.

 

[Derek Torvalar]

Contact support. They get paid to listen to drivel like this.