Jump to content

Scam Alert - Please Becareful

benchthis

By benchthis,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 437 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

PheebyKatz

PheebyKatz

Posted
Posted

I could make a special necklace that prevents these things from happening, but I'd have to charge each user 250,000L$, and I can't guarantee it would do anything besides look really cool, because I made it.

No refunds, of course.

I buried $3125 in my backyard once, and boy, was I disappointed when the promised contact from an underground agent never arrived.

Seriously though, people who do this to others should have unmentionable things done to their unmentionable parts. By spider monkeys with rabies. And  knives for fingers. Just saying.

  • Like 4
Link to comment
Share on other sites
  • Replies 272
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Solar Legion
Solar Legion

Its a generic, LSL scripted input dialog - it doesn't care what Viewer the target is using. It can be customized to state it is part of any Viewer. One of the reasons I find this so incredibly la

Qie Niangao
Qie Niangao

I'm going to dive deep here, so apologies in advance for how fiddly this gets. The objective is to see if there's something special about this situation (including the textbox, but broader too) that i

Alwin Alcott
Alwin Alcott

don't click things that you don't know, is still a very wise advice...   but the same with links.. you'll always find people who do... "i am hacked "....noo you clicked" 

Posted Images

Love Zhaoying

Love Zhaoying

Posted
Posted
34 minutes ago, PheebyKatz said:

I could make a special necklace that prevents these things from happening, but I'd have to charge each user 250,000L$, and I can't guarantee it would do anything besides look really cool, because I made it.

No refunds, of course.

I buried $3125 in my backyard once, and boy, was I disappointed when the promised contact from an underground agent never arrived.

Seriously though, people who do this to others should have unmentionable things done to their unmentionable parts. By spider monkeys with rabies. And  knives for fingers. Just saying.

Could you make the necklace look like a string of garlic bulbs?

  • Like 1
  • Haha 1
Link to comment
Share on other sites
SpiritSparrow Skydancer

SpiritSparrow Skydancer

Posted
Posted

this is what someone sent me to beware of. Not had it happen to me.

kinda scary you know because it does looks official...ish.. to a new person who just doesn't know.

Things like this is why I am spending less and less time on SL... I know.. booohoo for me... but for real.

https://gyazo.com/0215f0cd04d52eadacf7b03fce055b6b

Link to comment
Share on other sites
benchthis

benchthis

Posted
  • Author
Posted
1 minute ago, SpiritSparrow Skydancer said:

this is what someone sent me to beware of. Not had it happen to me.

kinda scary you know because it does looks official...ish.. to a new person who just doesn't know.

Things like this is why I am spending less and less time on SL... I know.. booohoo for me... but for real.

https://gyazo.com/0215f0cd04d52eadacf7b03fce055b6b

thanks goodness we have the forums to fall back on during times of transformation.

Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted
5 hours ago, Lindal Kidd said:

How does one GET that text box in the first place?

It's a trivial script, doesn't need to be in an attachment or anything, just needs to be present in the same region as the targeted avatar when the script runs.

The "safeguard" (such as it is) is the owner of the scripted object (and the object name) is identified with the textbox prompt. A victim may not think to check that, and may not realize that "FirestormViewing" and "FirestormViewerSL" sound pretty sketchy.

Those accounts don't seem to be found in Search for me, but a newbie probably wouldn't try that anyway. A script can fetch up their profiles, though, enough to know the former was created on April 5th and the latter on April 6th. The former has a profile pic with a quote from Ayn Rand (but of course it would).

Not much to see, but the in-world profiles can be fetched-up by clicking these UUID-linked URLs typed into chat:
FirestromViewing: secondlife:///app/agent/7ab6d26c-abc0-444b-b96f-7e95f5510384/inspect
FirestormViewerSL: secondlife:///app/agent/76f3aacf-52da-47b8-9f8b-1a31d71ddd07/inspect

To be clear, the script owner wouldn't necessarily be so suspect. It could be done from an attachment, in which case the owner would be whoever's wearing that attachment, so the unwitting victim themselves or possibly a nearby friend (an unlikely source of a password request, though). One can imagine object names that might sound convincing when identified as owned by the victim themselves.

  • Like 4
  • Thanks 2
Link to comment
Share on other sites
benchthis

benchthis

Posted
  • Author
Posted (edited)
10 hours ago, Solar Legion said:

Dance HUD a

this

That's brilliant. Modify a dance hud to have a different texture face looking like official message. want to allow this person to animate you would be replaced with you will be logged out soon enter your password to remain logged in. the password is then sent somewhere somehow. Should be able to track those transmissions. 

If ll/sl considers pop up notication badges to prevent those being duplicated the official pop up would need to display the pop up like a sub pop up to make sure it is legit. 

Edited by benchthis
  • Confused 1
Link to comment
Share on other sites
Maitimo

Maitimo

Posted
Posted
19 hours ago, Sid Nagy said:

An awful lot of people never script. Have no clue.
A pop up appears and asks for input. Those people have no thoughts about scripts or not.
They only look at the question. Is it a valid question, they will possibly answer. If they are aware of phishing even inworld, they will not.
 

I would have been one of those people. Except, the first scam phish I ever received, was for a service that I wasn't subscribed to, so I knew right away that it was fake. If it had been something I had been subscribed to at the time, I would have entered my credentials without a second thought. That was at least 15 years ago and of course, now I know better.

But I can certainly see how someone who is non-techy, never reads tech news, doesn't participate in forums like this and doesn't use social media for anything beyond their little circle of friends and family, could easily not know enough about it to take the proper precautions.

  • Like 2
Link to comment
Share on other sites
pizza7

pizza7

Posted
Posted
50 minutes ago, Maitimo said:

I would have been one of those people. Except, the first scam phish I ever received, was for a service that I wasn't subscribed to, so I knew right away that it was fake. If it had been something I had been subscribed to at the time, I would have entered my credentials without a second thought. That was at least 15 years ago and of course, now I know better.

But I can certainly see how someone who is non-techy, never reads tech news, doesn't participate in forums like this and doesn't use social media for anything beyond their little circle of friends and family, could easily not know enough about it to take the proper precautions.

so, i say, before you go online on the web be it sl or anywhere else, you need to know some dont do things...  if you drive a car you need a licence.

it is sad, but users have to be more educated now.

 

Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted

I have an obvious idea. I am happy for everyone to shoot it down, here goes!

LL could add a basic "keywords check" to the code that displays these input boxes (llTextBox), to check for obvious things like "password" and warn the user with an OFFICIAL pop-up message (which the user must confirm) before displaying the dialog. This could be done "once", "once per session", etc.

Basic phishing check. 

Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted
2 hours ago, CaithLynnSayes said:

So this is an interesting thread. I've read through most of it but, I have one suggestion for the OP. If still possible, can you please change the typo in the title? It's driving me nuts. "Becareful" isn't a word. It should be "Be Careful". :D 

Thread titles cannot be changed after 24 hours (except by a Mod) -- just like we cannot edit any of our posts after 24 hours.

  • Sad 1
Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted
3 hours ago, LittleMe Jewell said:

And the people that most need to read that will not.  No diff from the warnings all over RL about various scams, but people continue to get caught in them.

Education is such a slow solution

Tempting to seek a techno cure:

6 hours ago, Love Zhaoying said:

…  a basic "keywords check"

… Basic phishing check. 

Passwords cannot die fast enough to protect all the stupid vulnerable

  • Like 4
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
16 hours ago, LittleMe Jewell said:

And the people that most need to read that will not.  No diff from the warnings all over RL about various scams, but people continue to get caught in them.

And yet SL has the ability to make sure everyone logging in will see the issue and yet doesn't do so. If it is such a problem that they had to issue a blog post about it, they could have put a flashing message on the viewers splash page and or an inworld notification similar to a Region going offline to make sure a greater percentage of residents are aware of phishing scams. They have the means, why are they not taking advantage of it?

 

8 hours ago, Love Zhaoying said:

Once internet education is widespread, let's say, 10 years ago, there comes a time when "you can't fix stupid".

Well perhaps stupid is on both sides of the coin in that to my mind the ones who created the possibility of potential problems, should also be the ones who fix the loophole that allows for it. Last I looked, the general IQ and education level of the general internet user has not increased significantly, so the onus is on developers and programmers to institute safety protocols that minimize or eradicate the potential for problems on their applications.

  • Haha 1
  • Confused 1
Link to comment
Share on other sites
Alwin Alcott

Alwin Alcott

Posted
Posted
16 minutes ago, Arielle Popstar said:

And yet SL has the ability to make sure everyone logging in will see the issue and yet doesn't do so. If it is such a problem that they had to issue a blog post about it, they could have put a flashing message on the viewers splash page and or an inworld notification similar to a Region going offline to make sure a greater percentage of residents are aware of phishing scams. They have the means, why are they not taking advantage of it?

the ones that need it  .....they-will-not-read-it
 

Quote

 the ones who created the possibility of potential problems, should also be the ones who fix the loophole that allows for it.

so.. the car dealer is also responsible for solving your stupid driving? ..  there are breaks on your car, use them.
 

Quote

 Last I looked, the general IQ and education level of the general internet user has not increased significantly, 

 .. the safety of pc/computer entry process is as safe as the user uses it

  • Like 4
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 437 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...