Scam Alert Posted to Twitter - Multiple User Reports

[benchthis]

 

Phishing scam targeting Firestorm users now being alerted
If you have a long SL history, you will be able to see through this dialog immediately, but those who are not used to it should be careful.
There is no such thing as the viewer asking for a password in the dialog w
(￣▽￣;)

Edited April 8, 2023 by benchthis

[benchthis]

Here's another report.

Edited April 8, 2023 by benchthis

[Rowan Amore]

1 hour ago, benchthis said:

Here's another report.

Might want to post in General section as well.  Lots of people never scroll.down here to techie stuff.

[benchthis]

roger that

 

[benchthis]

Here's the link to the general post w more information for anyone looking for more information. 

 

[AmeliaJ08]

And how is this dialog being delivered, assuming via some bad item the user has attached?

 

Would be good to get more details

Edited April 9, 2023 by AmeliaJ08

[KT Kingsley]

The script function to deliver a text box to an avatar (any avatar in the same region) will work from any rezzed object, whether it's rezzed on the ground or attached to an avatar (either the avatar being targeted or by a completely different one – even an avatar completely unaware of it's presence).

It could be triggered by almost any event (a sensor response, a collision, an avatar attaching the object containing the script; there are many other possibilities).

For more detail see the LSL wiki for llTextBox here: https://wiki.secondlife.com/wiki/LlTextBox

[benchthis]

If I was LL/SL I would reach out on twitter to the users and ask for more information: region it happened, time frame, and if possible way to pull region traffic data. Be leery of links could be trap. 

If I was doing this my goal would be to gain access to leadership. 

[benchthis]

3 hours ago, KT Kingsley said:

The script function to deliver a text box to an avatar (any avatar in the same region) will work from any rezzed object, whether it's rezzed on the ground or attached to an avatar (either the avatar being targeted or by a completely different one – even an avatar completely unaware of it's presence).

It could be triggered by almost any event (a sensor response, a collision, an avatar attaching the object containing the script; there are many other possibilities).

For more detail see the LSL wiki for llTextBox here: https://wiki.secondlife.com/wiki/LlTextBox

I appreciate no scripted sandboxes more. 

We need a notificaion if pop up is not official and could be dangerous. Official pop ups, vetted popups, and non vetted popups. Someone is always going to figure ways around things but currently there's no around anything they are just doing it.

If I was doing this I would target new users with payment information on file. I would access the account, purchase as many lindens as I could, and then transfer those lindens to another account. That's as far as my currency laundering knowledge goes. Does not seem like that's a crime worth the trouble. Maybe if the target is elderly and has the same password for everything can access computer files and emails accounts banking accounts. 

Or the want to access the account to modify it somehow so that then will infect the computer and they would not have to do anything else?

Regarding official scam report LL receives there should be an account diagnostic that can be performed to show changes. Those changes are important they may reveal the scam. Gota be data trail. 

One time I was at a galleria during a weekend, I only had my debit card on my and some cash. I found a nice jacket I could not live without. I went to use my debit card and because I was shopping in a town I never shopped out the card was frooze. I could not unfreeze the card right away. Thankfully I had cash too. 

Maybe if account is logged in from a new location (I clear my cache like 50 times a day I'm always new) SL will send an email to the account to verify, only problem is if someone has that password could intercept the confirmation email. Maybe a option to add text verification. Then we have to deal with people not wanting their data collected.  

Edited April 10, 2023 by benchthis
extra blah

[Zalificent Corvinus]

4 hours ago, benchthis said:

We need a notificaion if pop up is not official and could be dangerous. Official pop ups, vetted popups, and non vetted popups.

NO, we don't. Every scripted item in SL that offers a menu ,or asks you to input anything, "enter the rgb values for your custom colour choice now", or "please select the pose you want", every script in SL, that does that uses those standard script popups. EVERY SINGLE ONE.

The only ones that would be "official", would be those written by Linden staff members or Moles, such as the menus for Linden Homes. A "Tin-Foil-Hat" warning such as you describe would go off every time you used anything with a damn menu.

4 hours ago, benchthis said:

Maybe if account is logged in from a new location SL will send an email to the account to verify, only problem is if someone has that password could intercept the confirmation email. Maybe a option to add text verification. Then we have to deal with people not wanting their data collected.  

Hell no, I don't want a tidal wave of emails and SMS texts if I log in from the laptop, in my bedroom rather than the desktop in the living room., just because you can't understand why interactive scripted items interact.

And  finally.

4 hours ago, benchthis said:

 (I clear my cache like 50 times a day I'm always new)

Clearing the cache is something you are ONLY supposed to do when you have, corrupted textures, not something you do every week, or every day, and certainly not 50 times a day.

It's like claiming that your car will work better if you BLOW the wheels off with explosives, every 2 miles, and call roadside assist to bring you new wheels. Just stop, ok?

Edited April 10, 2023 by Zalificent Corvinus

[Wilma Philbin]

I think it is a good idea to spread the news about this phishing scam. And a clear warning never to fill in your password or any sensitive information in a box that looks like that. It's clearly a scripted box and very easy to recognize. Even if it was my mail box in my Linden Home, created by moles, that asked me for my password in a box like that I'd never enter it.

[Nalates Urriah]

On 4/9/2023 at 6:07 PM, benchthis said:

Maybe if account is logged in from a new location (I clear my cache like 50 times a day I'm always new) SL will send an email to the account to verify, only problem is if someone has that password could intercept the confirmation email. Maybe a option to add text verification. Then we have to deal with people not wanting their data collected.  

Bad idea. R E A L L Y BAD idea.

Clearing the viewer cache does NOT make you look new in SL. Any scripter can ask the age of your Avatar. (See: llRequestAgentData()  )

The viewer caches are used to improve performance and reduce the load on the backend servers. By clearing your viewer's cache you negate all those performance benefits. You make SL suck for all of us because we all need those backend server clock-ticks you are wasting.

You have a REALLY bad list of suggestions.

[Kyrah Abattoir]

I really wish I didn't find this so funny...

On 4/10/2023 at 3:07 AM, benchthis said:

We need a notificaion if pop up is not official and could be dangerous. Official pop ups, vetted popups, and non vetted popups. Someone is always going to figure ways around things but currently there's no around anything they are just doing it.

Official messages do not use the scripted popup window. Why on earth would LL ever ask for your password withing the client, if they need you to re-authenticate they will just kick you offline.

[benchthis]

im pretty much a noob, i think i saw something like this being used on a social media platform  o well. I'm learning to enjoy drawing with real things that do not require technology that requires power.