SCAM! - WARNING Posted On Behalf Of A Distressed Long Term Resident!

[Aarla]

My friend who's been in SL for 7yrs and is a manager of a club which has been running for 9years,  and I think is pretty loaded when it comes to common sense....has asked me to post this for her about a scam trawling the grid she's been hit by.  Why this one hasn't been shouted out about - we don't know - but its not good and she's really stressed right now.

My friend wanted me to post this for her:

__________________________________________________________

"PLEASE DON'T CLICK ON LINKS IN SL - even if you know the person - and they are online and such... just don't do it!!!!

I just did a very dumb thing, Aarla - and I need your help to spread the word, if you can.  Can you post this in the forums plllleeaseee?  Thanks!!!

I've been in 7yrs and never done this before.  Wasn't paying attention, and just didn't think anything of it!  Can you let EVERYONE know please!  I'm usually more savvy than this!  Grrrr!

I was in the club, [she's been Manager there for 6 years]  when I receive a IM from a friend who was in the club with me, who I was actually in conversation with, that had stopped like 2 minutes before while we dealt with other IM's - or so I thought . 

She sent me a link to Marketplace.  She has a store there, and often sends me one line links and no words - only the link said Marketplace, but had a letter or 2 swapped about - and I just read it as normal, and superfast, as I wasn't paying attention - and as it's normal to be sent links from her, and I know her very well in both lives, I clicked it.  It's her afterall.  Took me to a page that looked like marketplace, but it said there was an error.  So I closed it and clicked again - nothing.  Still didn't register that the link had a couple letters different.  I IM-ed back - but got no response as she'd gone offline - again - not unusual. 

I then instantly get a text message on my RL cell phone from my bank - asking if I'd made a transaction.  Weird!  So I rang the RL bank.  Indian out of hours man, didn't know what I was saying, but eventually told me my bank account wasn't cell phone registered, but yes he could do it if I wanted. Siiiigghhsss - I refused -  Siigghss again!   

Turn back to see my SL was logged out - I have bad connection so no biggie - I log in - nope...  I log in again..... nope again.... 3rd time lucky - still nope!...said my password was wrong, or maybe Caps Lock was on.... but as I have bad connection and this is a common message for me, I check connection through my standard Email Inbox like I always do, as its the first to show when its offline.

And that's when I see that there are several SL emails.  "Your account details have been changed" - "Your email has been changed" - "Your password has been changed" - and there were several separate emails saying about Linden Dollar exchange transactions of HUGE RL value amounts.   *REMEMBER - I DID NOT ENTER MY PASSWORD INTO THE LINK I CLICKED AT ANY TIME!!!!*

I immediately try and find a phone number for LL for the UK Second Life Customer Service - 08000 48 4646 - it took several anxious attempts of being disconnected from the call to finally get through.  They said they will look into it, and as they were super busy, it can take up to 4 days, but yes several transactions have gone through, and they will stop those and investigate, and "see if they can re-activate my account, which will take a few days" - ARGH!!!!!    However, they recommend I also call my bank to sort out the other stuff.  My payment details were on their file, so the scammers have obviously lifted those!  GREAT!  THANKS FOR THE SO-CALLED SECURITY LL!!!!!!  *shakes fist*

 I call my bank again, and in that time, my RL bank account has been drained of a lot of cash, taking over my entire overdraft limit, my overdraft bonus, and my overdraft insurance!  I am not happy!   I tell them it's fraud, that I'm at home in my Pjs, and they say it will take 4-5 WEEKS to investigate and refund.  If I need cash now, I am going to have to go to my bank in person with 3 forms of ID!  THANKS AGAIN LL!!!!!  HOW IS THIS POSSIBLE FROM 'SECURE SERVERS'!!!!!!  :(

While I was offline - making all these calls - ALL groups I was a member of, and ALL my friends on my list, have also been sent the same IM I was - but from me!  All with a slight variation of the link - but all to a Marketplace URL.. with a random letter or 2 changed.  ALL people who have clicked it - have had money taken, etc - but Paypal registered accounts, were very super quickly picked up and stopped.

Grrrr!  I feel so dumb!!!!!....but the several of my friends - all long term residents - who are also offline friends via RL, or my FB, and email have said, because I sent it - they didn't think twice and just clicked.....purely because, all have said - it came from me.   

So  PLEASE - DO NOT CLICK ON ANY LINKS, WHATSOEVER, EVEN FROM THOSE YOU KNOW!!!! "

________________________________________

Thankfully I found out about this from her, before clicking the link she/the scammer had sent me, or I have to admit - I would have clicked to!

 

 

 

[Theresa Tennyson]

---

Aarla wrote:

I then instantly get a text message on my RL cell phone from my bank - asking if I'd made a transaction.  Weird!  So I rang the RL bank.  Indian out of hours man, didn't know what I was saying, but eventually told me my bank account wasn't cell phone registered, but yes he could do it if I wanted. Siiiigghhsss - I refused -  Siigghss again!   

 

---

If the account wasn't cell-phone registered, how did your friend get a text message from the bank?

---

Aarla wrote:

And that's when I see that there are several SL emails.  "Your account details have been changed" - "Your email has been changed" - "Your password has been changed" - and there were several separate emails saying about Linden Dollar exchange transactions of HUGE RL value amounts.   *REMEMBER - I DID NOT ENTER MY PASSWORD INTO THE LINK I CLICKED AT ANY TIME!!!!*

 

---

If your friend's account E-mail was changed, how did they get subsequent E-mails about Linden dollar exchanges?

I think there's a very good reason this one hasn't been shouted out...

 

[Dillon Levenque]

Sorry, your story doesn't ring true.

If your friend really did get phished and scammed that's a shame, but I have a really really really hard time believing the results you describe came from the actions to which she admitted. I don't believe that just clicking on a link can accomplish all those nasty things. Of course, if she accepted some kind of download or (heaven forbid) put in her SL account name and password, then sure. No telling what might happen.

I am not accusing you of anything other than being wrong. I just don't believe your cautionary tale is a true one. Some inconsistencies have already been pointed out.

[Aarla]

No idea - maybe it was just co-incidence about the RL bank fraud - but if it was - it's kinda funny how it happened at the same time.  She forwarded me the emails to me, (edited to remove amounts and her email address , for obvious reasons - although she has said that I could post the full email it had been changed to if anyone wanted it - but it would be against T&Cs) -  cos I quizzed it too:

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

no-reply@secondlife.com     22:34 (3 hours ago)

to me

 Dear Jinnywitha,

Thank you for using the LindeX Exchange to buy Linden Dollars.

Your account has been charged US$XXXXXXXX
You purchased L$XXXXXXXX

Thanks again - we look forward to seeing you in Second Life!

Linden Lab and the Second Life Team

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

no-reply@secondlife.com    22:34 (3 hours ago)

to me

 

Dear Jinnywitha,

Thank you for using the LindeX Exchange to buy Linden Dollars.

Your account has been charged US$XXXXXXXX
You purchased L$XXXXXXXX

Thanks again - we look forward to seeing you in Second Life!

Linden Lab and the Second Life Team

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 no-reply@secondlife.com    22:34 (3 hours ago)

to me

 

Jinnywitha,

An attempt to purchase Linden Dollars for your account via the LindeX page on secondlife.com has failed.

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++

 no-reply@secondlife.com    22:34 (3 hours ago)

to me

 

Jinnywitha,

An attempt to purchase Linden Dollars for your account via the LindeX page on secondlife.com has failed.

 

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

no-reply@secondlife.com     22:34 (3 hours ago)

to me

 

Jinnywitha,

An attempt to purchase Linden Dollars for your account via the LindeX page on secondlife.com has failed.

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++

 Second Life no-reply@secondlife.com via lindenlab.com   22:36 (3 hours ago)

to me

 

Jinnywitha Cleanslate,

This email acknowledges that your email address XXXXX @googlemail.com  has been changed to XXXX@hotmail.it .

If you did not authorize this change, please contact support at https://support.secondlife.com

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

 

And there were quite a few failed attempt at transaction emails she forwarded to me.

[Aarla]

Her text message never came from the bank - as confirmed by the bank.  Her cell wasn't registered there.   Her bank details and cell phone were in her LL account details.

[Theresa Tennyson]

---

Aarla wrote:

Her text message never came from the bank - as confirmed by the bank.  Her cell wasn't registered there.   Her bank details and cell phone were in her LL account details.

---

So what you're saying is the scammers went to the trouble of sending her a text saying that a scam was going on, not only alerting her to the fraud but also leaving a trackable number in her phone records?

[Aarla]

Her phone is set 20mins fast cos she just uses it that way - she sent me these pictures of screen shots of her phone, when I questioned her - and I censored the amount it said, for own benefit:

 She does bank with Barclays, and uses a debit card,  LL would have known that as they had her details on file.

[Madeline Blackbart]

---

Theresa Tennyson wrote:

---

Aarla wrote:

Her text message never came from the bank - as confirmed by the bank.  Her cell wasn't registered there.   Her bank details and cell phone were in her LL account details.

---

So what you're saying is the scammers went to the trouble of sending her a text saying that a scam was going on, not only alerting her to the fraud but also leaving a trackable number in her phone records?

---

What i'd like to know is how they got a cell number. A home phone number is entirely possible in fact verizon uses this feature to tell you what your voicemail number is. But since your internet doesn't go through your cellphone (at least not the internet SL uses) I don't think they can get the cellphone number.

[Czari Zenovka]

This particular thread appears to be a continuation of this one.

[Aarla]

Can't remember, but didn't we have to put that stuff in, and our passport number in when we all had to age verify, and all that nonsense when the teen grid and adult grid merged?   Just a thought.

As for the phone - the landline is her parents - the internet is her brothers - and the cell is hers.  So she would have put in her cell.

[Aarla]

Not a continutation - I just posted her emailed message to me, on that thread too, so others can see it, if they didn't see it here.

But yea - she posted that earlier...... and then just got scammed herself.... and that part is just a coincidence.  She's generally unlucky in life anyway.  She said she actually posted it cos the sim owner sent her that other message, and as she was having a really bad day rl (she suffers from depression, and has other issues), she just wanted to make sure, before telling the rest of her group.  No harm in that, regardless of how long you're on the grid IMO.

[Alicia Sautereau]

Commen sense says: we are missing a part
Details suggest that we are missing the part that some one logged into a phishing site to have their account comprimised

This is not a scam, this is being careless and why it`s such a big problem

Little tip:
If a website i visited and "subscribed" to ask me to login with my username not pre-filled and i didn`t type the adress in manually, then there is something wrong

Gigantic tip: Be paranoid, online, every one is out to get you, if you aren`t, your most likely screwed worse then the paranoid freaks that seperate their assets in "containers" to limit possible damages
Best tip: remember your long winded passwords, password recovery makes you feel stupid at times :matte-motes-bashful-cute-2:

 

Every one falls for it once in their life with a random degree of damage, **bleep** happens, good luck with claiming it as fraud at the bank to have it refunded.

[Aarla]

Ok - so while I was trying to calm Jinny - I've been logged out of SL - but look what I just found in my Inbox! - an IM from SL.... From Jinny - timestamped - I have screen captured it and I post it here - the warning band is from the Email - and obviously that wouldn't have been there in SL.. but if you don't believe what happened - try the link maybe?  

To be fair - it's obvious a scam link when you look at it..... but she said her link was a bit different, but who knows - she IS having a mega rubbish day, and was very down before this even happened, and she did say was talking to the person who sent it to her a few minutes beforehand, and that she wasn't paying attention in general...sooooo....I'm just guessing she thought she read marketplace and secondlife and didn't read any further than that before clicking.... just a hunch.

Either way - message is still the same - DON'T  CLICK ON LINKS, even if it's from people you know! :

[Alicia Sautereau]

Classic phishing attempt, the altervista stands out clearly for me as it is a free hosting and i always look at the domain

Here is the thing, when an account is comprimised, they send the link to all the friends as they assume it`s "trusted", once one person falls for it, the chain starts...

[Aarla]

Agreed - I think she just missed it after a really rough rl day.  Poor girl.

Lesson learned, I'd say.

[Feldspar Millgrove]

I tried out the phising URL from the IM quoted in this thread.

It brings up a site that is designed to look just like the Second Life web site, where you are to type in your SL name and password.  When you do this, it silently steals your password.  Then it brings up the real SL Marketplace web site, as if nothing is wrong.

So while you go on about your business on the Marketplace, the evil site, working at the speed of light behind your back, no longer using your computer in any way, breaks into your account.  Since this is not happening on your computer, you won't have any idea it's happening.  Everything it does is automated or semi-automated; it will happen quick. What exactly it does is speculation, but based on the reports, we can surmise.

It is probably logging into the SL account page, changing your password, and then paying whatever is in your L$ balance to the bad guy's account (their avatar).  Then it buys more L$ using your card on file, and repeats, until some limit eventually cuts it off.  (If they are clever and don't do it all at once in a hurry, there might not be any limit and they can entirely drain your bank account this way.)  Meanwhile, they have access to any info that's on your SL account: email, phone number, RL name and address, and anything else you can see on your account web page. (They can also send emails to people claiming to be you.) Of course, they can also actually log into SL and take over your avatar there, too (either turning you into a bot, or otherwise using automation to make their attack.) Buying L$, sending IMs and Group messages, harvesting your Friends list, and so on.

See, once you give your SL login credentials to someone like this, they have full control of your account and can do anything in-world that you can do, and anything on the account or Marketplace web sites that you can do.  Because they *are* you, now.

And the first order of business is to lock you out, so you can't interfere.  Then have at.

Always be careful of what links you click on.  And never type your password into anything unless you are very carefully looking at the URL and the security padlock icon.  Make sure the URL matches what you expected before entering any information.

Malicious web pages like this may be able to steal your password out of your browser (without you typing it in), or even take over your entire computer.  This has historically been possible using the Microsoft browser (Internet Explorer).  Many people use browsers with a better security reputation, such as Firefox with NoScript.  Or Google Chrome.  (I use a Mac, which has the Safari browser, and when I try to go to the page it stops me with a warning that the site has been reported as a malicious phising site, and am I sure I want to continue?) But at the moment, I don't know of any such obscene vulnerabilities in any of the browsers (assuming you have the very latest up-to-date versions).  So that's probably not how this attack is working.

What most likely happened is that the fake page came up, and the person entered their password -- just handed it to the theives!

Linden Lab's Security ought to have figured out where this phishing attack is coming from (either from Marketplace activity or from in-world logins by avatars).  And some account is the recipient of the money.   (Or maybe they are changing your accounts details so they can PayPal themselves in a L$ cashout; I don't know which method they are using to extract the money from your account and then from your bank.)   But it still seems to be in operation, and people are falling for it.

Can't say it often enough:  be careful on the web!

Peronally, I maintain a seperate RL bank account for SL activities: it has 1$US in it.  When I want to buy L$, I transfer the funds into it IRL before doing the SL transaction.

 

[Amethyst Jetaime]

That link you posted looked pretty obviously a fake to me with the misspelled words.  Yes your friend was busy but warning about this kind of thing have been around since early days.  She was careless.

Her blaming LL for not having a secure enough server is BS.  LL had nothing to do with this as obviously the thief had obtained her password and used it to log into her account.  There is nothing LL can do to prevent this.  It was HER actions that led to her account being compromised. 

I do hope that between LL and the bank they are able to track the thief down and put him behind bars where he belongs and your friend has her money returned to her.  No one deserves this kind of thing.

[Paul Hexem]

Moral of the story? Look at the URL before you give your username and password to strangers.

[jwenting]

---

Gadget Portal wrote:

Moral of the story? Look at the URL before you give your username and password to strangers.

---

moral of the story: never enter your SL username and password on any website that's not HTTPS enabled, and then only on sites that live on the secondlife.com domain.

In other words, only on https://whatever.secondlife.com

And don't ever give your account information to anyone anywhere else.

[Syo Emerald]

Or in short: Use basic internet securtiy rules.

[Trinity Yazimoto]

First, except if the item is rated as adult, you dont need to log in the MP to see an item page.

Secondly, one way, to avoid such disagreement, is to log in your dashboard BEFORE logging in SL and to keep this page opened in your browser. That way, you are ALREADY logged in the MP site too.. If any link ask you to log in, you'll know right away its a scam.

The same disagreement, just happened to a friend of mine some days ago. She fortunately could get back her account a few days later, but i still dont know if she could get back the money that has been stolen to her. While her account was hacked she contacted her main account with an alt and the person threated her to delete her whole inventory if she report... She reported nevertheless and muted this account.. Maybe the best is to not try to contact the hacker for not having more threats.

My friend told me SHE LOGGED in the fake MP page... not that it happened without her typing her name and password... So i have doubts your friend didnt logged.

 

[Perrie Juran]

---

Aarla wrote:

Her phone is set 20mins fast cos she just uses it that way - she sent me these pictures of screen shots of her phone, when I questioned her - and I censored the amount it said, for own benefit:

 She does bank with Barclays, and uses a debit card,  LL would have known that as they had her details on file.

 

---

First off, I did this thread a few months ago which goes into a lot of detail on how these Phishing Sites work.  For a while we were bumping it so new people joining the Forum would see it.

http://community.secondlife.com/t5/General-Discussion-Forum/Phishing-Scheme-Dont-Click-The-Link/td-p/1750713

First off, from all the information you posted it does look like your friend fell for a phishing scheme.  But there is so much bloat in the story it is nuts.

Now everything I am going to post applies specifically to the U.S.  I know there could be differences in other countries.  But I also know that there are a lot of similarities in how things operate in other countries.

 So here we go.

1.  The cell phone number.  Unless I am missing it, there is no place to enter your cell phone number on the SL Web Site.  Nor is there anyplace to enter it in new account sign up and I can never remember there being a place to do so.

2.  Banking information:  BY LAW in the United States ALL and ALL means ALL businesses must have protocols in place to protect any and all banking and credit card information they may store.  One of the protocols in place is that they NEVER display your full account number.  It is ALWAYS truncated to the last four digits of the account.  Even when I log into my own bank account on the Web, I can not see my full account numbers. 

Second Life follows these protocols so that there is no way to obtain your account numbers from the Second Life Website.  The only shortcoming is that it does display the full E Mail address associated with my PayPal account.  But guess what, even if someone figured out a way to access my PayPal, when they logged in to PayPal the account information they have stored and that gets displayed is truncated also.

Bottom line, short of actually hacking into the Second Life servers, there is no way to get your banking info from the SL Website.

3.  Now this is U.S. specific, I can't speak for Europe but it would not surprise me if they don't have similar protocols.  In the U.S. ALL banks have a DAILY limit on what you can charge on a Debit Card without sending up a flag.  Many people do not know this and only discover it the first time they make a large purchase.  For most banks the default limit is $500.00US.  Some do $1000.  The minute you exceed that limit the charge will be denied. 

When I'd run into this as a businessman I'd have to ask the customer to call their bank to get the Debit authorized.  I have also witnessed the people getting alerts on their phones at the time.

(There was a quirky flaw in the system that on rare occasions that allowed a work around, that was I'd run the card as a Credit Card rather than as a Debit Card but it only worked with Cards with older account numbers.)

So my take on the phone messages from the bank is that they really did come from the bank.  It is an automated system when they exceeded the amount.  Despite what your friend may be claiming.

4.  Changing the time on the Cell phone.  Again, I can only speak for the U.S. and my cell phone but I called my tech support to see if there was a way for me to do this, set the time ahead.  They said no, the time displayed is synched to the system.  The ability does not exist in the software.  Maybe it is possible but at least for me, I can not do it.

5.  I do know two people who had fallen for the Phishing.  Upon discovery they called LL and the accounts were locked almost instantaneously.  The investigation did take a little time but both of them had their accounts restored to them after providing the documentation LL requested.

So while from the information you posted it does look like your friend did fall for a phishing scheme there is a lot of bloat in the story.

[Jinnywitha Cleanslate]

Well, LL has sorted some of the problems out, and we are still working on others.  It's been a long day!

Yes... I KNOW!... I screwed up big time!  Thanks for letting me know.

However, I want to make it clear that I did not at any time, log into this page nor did I enter any password!  And according to LL, worryingly, that isn't actually necessary at all.

I clicked on the link inworld, where I was already logged in, and the moment I did that, I that gave them all the access they needed, as I was already logged in (or something)  the Lady had a very strong American accent, and I missed some of what she said.  The lady said that it was the same sort of thing that is emailed to people, as a single link, that spreads virus's and malwares.... and yes I have run virus scans and malware checks on my computer from the early hours of the morning.

I had a very bad  day yesterday.  I was very unfocused, and had been in tears shortly before clicking.  I completely mis-read the URL, and made a mistake.  That was all.  It doesn't make me an idiot, as some seem to imply here.  I am a bit surprised at that to be honest, as when I wrote the email, I simply wanted to warn others, and quickly, so I sent it to my friend to distribute here, I was even more upset (obviously) and I have Aspergers with the inability to summerise, so I understand it does tend to waffle on a lot, but that is what happened and in the order that it happened ...its just very wordy...which is just what I do.  Sorry.

I wanted my friend to post it, mainly as a warning to others.  That was all.  If this all just stops one other person from clicking, then its all good.  If it only brings to attention the type of link to be wary of, in SL or elsewhere,  then to me, that too is good.  And hopefully then, something good should come out of my silly mistake!

Don't click on links IS common sense, but I have had real contact from several friends now, where some also clicked, simply because their first reaction was "oh its from Jinny so it's ok".  It IS a simple error.  That is all.  The friend who sent me the link (as she was hacked too) has a Marketplace store, and when she puts in new stuff, and links me to see it, and it's only sent to me during a conversation.  We had been having a conversation, with a usual slow response time, if someone is caught in IMs, literally a minute before.... I simply didn't read the link, and clicked as I made an assumption about it.  I only saw the first part of the URL, and stupidly could have sworn it just said MarketplaceSecondlife - it was only when I saw it here - I thought "DARN IT!".  And while I appreciate that it started a discussion amongst people, it was hardly worthy of some of the harsh and judging tones I have sensed coming from some posters, IMO. 

Anyway -

Banking and clearing my bank account: 

They didn't have the full bank number, but they used my avatar, to transfer all the Lindens into their AV, as per below:

08/14/2013  -   16:55:39   -   Destination: minimi Botha  - Gift  -  Region: Aqua  L$***,***

08/14/2013  -   16:53:01   -  Destination: minimi Botha  - Gift  -  Region: Aqua  L$***

08/14/2013  -   16:51:14   -  Destination: minimi Botha  - Gift  -  Region: Aqua  L$***

and bought more, in several smaller amounts until my RL bank was drained.  I did not (Do now!) have a seperate LL bank account.

All this happened super fast, and the account was frozen in approx 3 - 5 minutes.  Once they had hit several decline transaction messages, they changed my account email and that was that..... and that was when I was either  on the phone to the bank questioning the texts (as they didn't have my cell on their system) and I wanted to check all was ok, trying to log in, cursing (mistakenly for once) my super dodgy internet connection, ooorrr that was while I was desperately searching for a telephone number for LL to call, and struggling to find it instantly, all made a little harder, because I was in a little bit of a state of alarm at the chilling realisation that I had done what I had lived my entire internet life without doing - getting phished.  Like I said - the whirlwind of actually damage was just a couple of minutes, but will take a while to fully resolve.

The details on file:   LL have confirmed that they did indeed have both my phone numbers on file in my account, and yes - because of the type of Card registered, they also knew what bank it was registered too.  The phishing would have obtained these details, and LL argued that on the balance of probability, the SMS messages were sent automatically, to phish for other details, or cell phone useage.  2 friends of mine who also clicked, also had SMS Messages.

There have been 3 scam telephone numbers with automated nessages claiming they are from my bank, calling both phones regularly since all this happened last night, and if we don't pick up, it goes to voicemail.  The numbers calling are:  0044 20 70710188,  and 0845 351 2262, and also 01228 830 132..... DO NOT CALL THESE NUMBERS!!!!!!  Lol.

I have been instructed to by LL, and have done, report the whole thing to : http://www.actionfraud.police.uk/report-a-fraud-including-online-crime-questions   as real life money was taken, albeit through SL's website, and the bank wanted a Crime Reference Number.

Drama sort of resolved!... and yes - lesson learnt! 

If anyone has any questions that they wish to ask me directly, please feel free to IM me inworld, or post here.

But what I would really like to say is THANK YOU AARLA!!!!!!   You have been a wonderful support ,and you are a fab friend.  Thank you for fighting my corner here!!!!!  xxxxxx

[Paul Hexem]

---

Jinnywitha Cleanslate wrote:

Well, LL has sorted some of the problems out, and we are still working on others.  It's been a long day!

Yes... I KNOW!... I screwed up big time!  Thanks for letting me know.

However, I want to make it clear that I

did not

at any time, log into this page

nor

did I enter any password

!  And according to LL, worryingly, that isn't actually necessary at all.

I clicked on the link inworld, where I was already logged in, and the moment I did that, I that gave them all the access they needed, as I was already logged in (or something)  the Lady had a very strong American accent, and I missed some of what she said.  The lady said that it was the same sort of thing that is emailed to people, as a single link, that spreads virus's and malwares.... and yes I have run virus scans and malware checks on my computer from the early hours of the morning.

---

If that's true, that means there's an astronomically, incomprehensibly large security flaw in the viewer.

Not even LL would release software that was THAT broken. There's no way... I don't even have words for how insane that is.

[Perrie Juran]

glad to hear you are getting it all resolved