Tricky phishing scam

[Pamela Galli]

Got this notice in the Content Creators group -- an avatar with initials MM (and could be anyone really) IMs and says something like someone is selling your stuff on MP, and gives you the link, which takes you to a fake login page.

 

[Jaylin Whitewood]

Ouch, thats really tricky...

[Jesseaitui Petion]

Sadly, "MM" is one of the stolen accounts.  The original owner of said "MM" account must have clicked on one of the phishing links and entered in his username/password.

Everyone needs to be alerted and be careful.  The phishing IM`s prompt people to "Click this link for 50% off sales!"  Or, if you`re a content creator they will IM you with legit looking customer accounts they have stolen saying things along the lines of: "Your hairs are stolen , look here" and paste a phishing link.

Of course, the link is an unofficial SL website that prompts people to log-in.  Once "Logged in" their user name and password have been successfully stolen.  Thief then uses the stolen accounts to make more notices.  Such as in the case of "MM". 

 

Feel horrible for the original owner of that account.  But that isn`t the first or only account that has been stolen (He takes your linden balance, too).  Whoever is behind all of this has been phishing at my sim for awhile now.  LL has been lighting fast with banning the accounts, and for good reason: With $L balances and credit card information on file, this is opening a big big big can of worms.

 

Shoppers and merchants need to be careful.  In my case, the phisher has registered loads of *very* similar user names to mine, hangs out on my sim on multiple accounts, and IM`s customers claiming I (read: him posing as me) am having a sale.  Customer clicks link..and the cycle continues.

 

Here are a few screenshots from phishing attempts at my store "AITUI".  Note the "aitui" usernames he has created in attempt to fool people shopping at my store. 
Obviously, do not submit your user name and password if you should choose to check the links out.

 

 

[Pamela Galli]

I am sending a notice to my group.  Thanks for the info!

[Lynda Klossovsky]

interesting....the internet suffix is .gp, which is guadelope, which is in the carribean.

[Pamela Galli]

bump

[Tiffy Vella]

This is a new low.

Thanks for letting people know. Knowledge is really the best first defence.

 

[Taureanne Trudeau]

Pamela, thanks for posting that group notice!  When I opened SL tonight I had a message from Xstreet SL Centeal Authority, advertising MyDear Skin Store. Since Xstreet quit operating some time ago, it seemed scammy to me, but your group note definitely prompted me to delete it.

[Lavim Feld]

Sadly I have been waiting for this to happen for a while now. 

 

Thanks for the samples, will be adding those to my hosts files on mine and a few dozen other pals machines.  If we can keep bogus urls coming in we can make sure of some level of protection at least for those not keen or adept enough to make sense of the urls and such.

 

As always with these information is the best defence, thanks again for bringing it to the attention of others. 

[JoyHope1488311623]

thats why i dont keep mony or even my credit card info on file. a pain yes to put that in everytime i need money but if my account gets hacked they wont get nothing.

[JoyHope1488311623]

thats why i dont keep money or even my credit card info on file. a pain yes to put that in everytime i need money but if my account gets hacked they wont get nothing.

[Unsightly1488311623]

I sent a notice in my group as well. I'm sorry that is happening to you and this needs to be put to an end. Yikes.

[Seagon Segall]

I just messaged ripway that they have a phishing website on their domain... would that work?

 

Though, it keeps amazing me by how succesful these scams are, guess it's true that some people don't look up, though in this case it would be not looking at all.

 

Sidenote... the .co.gp address is hosted in germany, also sent them an alert message.

[Pamela Galli]

What's so tricky, tho, is that the IM could come from a friend or customer -- without the warning I can see myself just clicking the link.

[Bill Woodland]

this  has been passerd thru our group as well.

Thanks so much for the heads up on this.

Club Bonified Staff and VIP group

 

[seductressluscious Francoi]

if everyone forward to friends today and post on sl facebook the msg will go around linden labs need to post it on log in like they do everything else less important

[kryptic Zarco]

I got a IM about this the other day for my old business saying somone was stealing my wepon creations.... I was like uhm I used to do that 2 years ago I dont care if somone is stealing them..... but I noticed the link after  (if your like me and use chrome or firefox itll auto tell you that the page isnt safe when you copy the link in) so I didnt click it..... this is why I dont touch the SL browser cause it has no filters like that

 

[Miyo Darcy]

I did send out a blogpost to inform every of my readers. Thanks.

[SpiritSparrow Skydancer]

I use frefox to, it's wonderful for that. I dont recall is IE does it. But since that redzone scam I don't click to many links in SL. And that one given at random would have set off flags to me. I hope LL is taking this serious.   AND DO give a MOTD warning same with phoenix and other browsers.

[Pamela Galli]

Don't click any spam links at all, is my advice (like the ones in every thread today). I would not be surprised if that avi got hacked and is being used to send spam.