Jump to content
Sign in to follow this  
Perrie Juran

Phishing Scheme: Dont Click The Link

Recommended Posts

phishing scheme.JPG

 

An offer for a free gift popped up tonight in one of my store group chats with the message, "new free gift on the Market Place for group members."

I almost got burned by it.

Note the URL carefully and the lack of the secure sign in lock at the start of the URL.

If you got this and tried to log into it then you need to go change your password NOW!

 

Share this post


Link to post
Share on other sites

NEVER EVER EVER EVER EVER EVER EVER EVER EVER use a link given to you, even from second life. If someone asks you to go in and check you details, then use you own bookmark...THIS IS COMMON SENSE AND ANYONE THAT IS STUPID ENOUGH TO CLICK ON A LINK IN THIS DAY AND AGE DESERVES TO LOOSE THEIR **bleep**. IDIOTS

Share this post


Link to post
Share on other sites

Pay attention to Perrie's warning.  It's easy to get caught up is some of these schemes.  Even Internet savvy people get fooled (like Perrie almost did earlier this evening).  I did a couple screen shots of his shots and circled the area you need to pay attention to whenever you are on the Internet and some site wants personal information (even if it's a site you are comfortable with such the example Perrie posted).  It's hard to see because of the image size (plus a couple JPEG saves) but look in the address bar of your browser.  If the site wants personal information, like the SL forum log in screen, take a glance at the header for the address.  If it does not say "https://***" when it should then get the heck away from the site.  Perrie saw it but if he was just a little more careless he would have been a victum. 

Get in the habit of glancing at the header everytime you visit a site......even the "well known" sites.

Perrie

Great post Perrie.........thank you.  :)

Share this post


Link to post
Share on other sites

legite.JPG

 


Peggy Paperdoll wrote:

Pay attention to Perrie's warning.  It's easy to get caught up is some of these schemes.  Even Internet savvy people get fooled (like Perrie almost did earlier this evening).  I did a couple screen shots of his shots and circled the area you need to pay attention to whenever you are on the Internet and some site wants personal information (even if it's a site you are comfortable with such the example Perrie posted).  It's hard to see because of the image size (plus a couple JPEG saves) but look in the address bar of your browser.  If the site wants personal information, like the SL forum log in screen, take a glance at the header for the address.  If it does not say
"
when it should then get the heck away from the site.  Perrie saw it but if he was just a little more careless he would have been a victum. 

Get in the habit of glancing at the header everytime you visit a site......even the "well known" sites.

Great post Perrie.........thank you. 
:)

I did another snip, hopefully this is clear enough.

You can see the security lock and the "https"  that a legitimate page would have.  Also note carefully how the domain name is listed.

Share this post


Link to post
Share on other sites

Yea good Job . I have been seeing a lot of those popping up in several groups. They been phishing hard the last few days.

I've always made it a rule to never log in to any website from and external link posted from anyone.

Share this post


Link to post
Share on other sites

Thanks, I got advised about a similar phishing tactic just recently.

Also it appears griefers are using in world objects to offer free gifts to people and when they click sigin in and provide username and password it could put their account at risk.

Also it might be best that all users manually type their password in the box, do not have it set to save on their pc I believe this is the way my account was compromised although I do remember one link that was sent to me on my friend list and I did sign in before checking the link all it takes is one little mistake though and goodbye account.

Share this post


Link to post
Share on other sites


GothGirl Demonia wrote:

Thanks, I got advised about a similar phishing tactic just recently.

Also it appears griefers are using in world objects to offer free gifts to people and when they click sigin in and provide username and password it could put their account at risk.

Also it might be best that all users manually type their password in the box, do not have it set to save on their pc I believe this is the way my account was compromised although I do remember one link that was sent to me on my friend list and I did sign in before checking the link all it takes is one little mistake though and goodbye account.

The Second Life Web Site does NOT offer a save password option.  It does offer "remember me," which would be your sign in Name.  I've never used but the comments in the Forum have seemed to indicated that it doesn't work well.

The Viewers DO have a save password option. 

I guess there are some people who do use 'save password' judging from comments I have read.  I consider this the height of foolishness.

When you consider all that has been written about safe computing, why any Service Provider would provide the ability to "save password" is at least to my thinking, 100% asinine.

 

Share this post


Link to post
Share on other sites

Whoa!!! I could easily have been fooled by that one and I consider myself fairly savvy on not clicking embedded links, not providing account details to online programs, email phishing schemes (I keep getting emails for a game I've never purchased nor played, but owned by the same company of a game I have played that says my account is about to be deleted if I don't click some link...) - but this one is tricky.

Many, many thanks for the heads up, Perrie!

 

Share this post


Link to post
Share on other sites

phishing 2.JPG

 

Bumping my own thread.  This is today's offering. 

And I think this topic is important enough to keep alive for a while.

Once again, no secure lock and "https" in the URL.  And this URL doesn't even include the word "second life."

As I stated in my original post,

IF YOU HAVE ENTERED YOUR LOG IN INFORMATION INTO ONE OF THESE FAKES,

THEN YOU NEED TO GO CHANGE YOUR PASSWORD NOW!

 

Share this post


Link to post
Share on other sites

Noticing an increase in comments here in Lithium and some things I am hearing In World I'm bumping my own thread again.

Share this post


Link to post
Share on other sites

Scam.jpg

 

It was going around a lot of groups tonight so bumping my thread again.

This is the page from tonights offerings.

As stated above, if you entered your log in info on one of these pages, you need to go and change your password now.

Share this post


Link to post
Share on other sites

https is not a grant for being genuine. It's just one more hint that the site could be a fake or not. The most important part is actually the domain. Which is in case of SL secondlife.com. The domian of the phishing site is altervista.org. You can also practice spotting phishing sites here: http://www.opendns.com/phishing-quiz/ for example.

Share this post


Link to post
Share on other sites


sven Homewood wrote:

https is not a grant for being genuine. It's just one more hint that the site could be a fake or not. The most important part is actually the domain. Which is in case of SL secondlife.com. The domian of the phishing site is altervista.org. You can also practice spotting phishing sites here:
for example.

yep

as i stated further down:

"You can see the security lock and the "https"  that a legitimate page would have.  Also note carefully how the domain name is listed."

Share this post


Link to post
Share on other sites

free lindens.JPG

Free lindens2.JPG


Something a little different today.  Can't say that this is really "phishing." 

Interestingly enough, they do have a disclaimer on the bottom of their page.

I would be skeptical if they have permission to use the Second Life Logo.

I wonder where I would report that.?

Maybe we need a group, "Residents For A Phish Free Second Life."

Share this post


Link to post
Share on other sites

But, but...what if it's for real? I mean, it appears to be about getting paid to partake in surveys, doesn't it? Maybe this place is where all the really smart (or really well-financed) college kids go to get their 'virtual world' survey questions answered. It could be the solution the Forum has waited for! Pay for palaver. Lindens for learning. Bucks for B... nm.

Our survey SAYS: naah, probably not.

Share this post


Link to post
Share on other sites

Dillon Levenque wrote: "But, but...what if it's for real? "

Trust me, it isn't.

The Key point here is: To get the free Linden$, they don't need your SL-Password.
Only your full avatar name.

What a genuine paying survey site would do, is to set up an agent account inside SL and tie
that to their IT.

One Example: Eldexchange (the exchange I use) has set up such an agent, whenever I transfer
L$ from them into my SL-Account, I get a message stating "N... B... paid you xxxL$".
All they needed was my full avatar name and nothing else. They never got my SL-Password.
The password for my account there is a different one.

Dillon Levenque wrote: "Our survey SAYS: naah, probably not."

And with that, you're right on the money.

 

Share this post


Link to post
Share on other sites


Jadeclaw Denfu wrote:

Dillon Levenque wrote: "
But, but...what if it's for real?
"

Trust me, it isn't.

The Key point here is: To get the free Linden$, they
don't
need your SL-Password.

Only
your full avatar name.

...

One Example: Eldexchang.... They
never
got my SL-Password.

The password for my account there is a
different
one....

 

Jadeclaw is right. Or to say it with other words:

 

Never give your account name AND password to anyone or any link.

 

The links can look very differnt, for eample a freebie you get or a full perm item you bought and it opens a link for download or reward. When it asks you for your SL name AND SL password it is phishing. When it asks you for your SL PASSWORD, it is phishing, because they probably have your account name from action before.

When you have to create a new (!) account to get bonus or third party money exchange ... ensure to use a different password.

 

 

 

Share this post


Link to post
Share on other sites

last post in this thread is 3 yrs old....

 

and don't you think you should be wise enough to cross the street yourself?... also don't click links randomly

this is not LL responsibility.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...