PheebyKatz Posted April 9, 2023 Share Posted April 9, 2023 I could make a special necklace that prevents these things from happening, but I'd have to charge each user 250,000L$, and I can't guarantee it would do anything besides look really cool, because I made it. No refunds, of course. I buried $3125 in my backyard once, and boy, was I disappointed when the promised contact from an underground agent never arrived. Seriously though, people who do this to others should have unmentionable things done to their unmentionable parts. By spider monkeys with rabies. And knives for fingers. Just saying. 4 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted April 9, 2023 Share Posted April 9, 2023 34 minutes ago, PheebyKatz said: I could make a special necklace that prevents these things from happening, but I'd have to charge each user 250,000L$, and I can't guarantee it would do anything besides look really cool, because I made it. No refunds, of course. I buried $3125 in my backyard once, and boy, was I disappointed when the promised contact from an underground agent never arrived. Seriously though, people who do this to others should have unmentionable things done to their unmentionable parts. By spider monkeys with rabies. And knives for fingers. Just saying. Could you make the necklace look like a string of garlic bulbs? 1 1 Link to comment Share on other sites More sharing options...
PheebyKatz Posted April 9, 2023 Share Posted April 9, 2023 6 minutes ago, Love Zhaoying said: Could you make the necklace look like a string of garlic bulbs? Probably. But then I'd have to charge extra, and make it no copy. 2 1 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted April 10, 2023 Share Posted April 10, 2023 1 hour ago, PheebyKatz said: Probably. But then I'd have to charge extra, and make it no copy. Can I get a discount on a second copy for my Alt? 1 Link to comment Share on other sites More sharing options...
SpiritSparrow Skydancer Posted April 10, 2023 Share Posted April 10, 2023 this is what someone sent me to beware of. Not had it happen to me. kinda scary you know because it does looks official...ish.. to a new person who just doesn't know. Things like this is why I am spending less and less time on SL... I know.. booohoo for me... but for real. https://gyazo.com/0215f0cd04d52eadacf7b03fce055b6b Link to comment Share on other sites More sharing options...
benchthis Posted April 10, 2023 Author Share Posted April 10, 2023 1 minute ago, SpiritSparrow Skydancer said: this is what someone sent me to beware of. Not had it happen to me. kinda scary you know because it does looks official...ish.. to a new person who just doesn't know. Things like this is why I am spending less and less time on SL... I know.. booohoo for me... but for real. https://gyazo.com/0215f0cd04d52eadacf7b03fce055b6b thanks goodness we have the forums to fall back on during times of transformation. Link to comment Share on other sites More sharing options...
Lindal Kidd Posted April 10, 2023 Share Posted April 10, 2023 Can someone clarify this scam for me? How does one GET that text box in the first place? 1 Link to comment Share on other sites More sharing options...
Solar Legion Posted April 10, 2023 Share Posted April 10, 2023 3 minutes ago, Lindal Kidd said: Can someone clarify this scam for me? How does one GET that text box in the first place? The same way one got bite requests from certain Vampire games, invites to another's Dance HUD and other normal uses. 3 Link to comment Share on other sites More sharing options...
Alwin Alcott Posted April 10, 2023 Share Posted April 10, 2023 don't click things that you don't know, is still a very wise advice... but the same with links.. you'll always find people who do... "i am hacked "....noo you clicked" 8 Link to comment Share on other sites More sharing options...
Qie Niangao Posted April 10, 2023 Share Posted April 10, 2023 5 hours ago, Lindal Kidd said: How does one GET that text box in the first place? It's a trivial script, doesn't need to be in an attachment or anything, just needs to be present in the same region as the targeted avatar when the script runs. The "safeguard" (such as it is) is the owner of the scripted object (and the object name) is identified with the textbox prompt. A victim may not think to check that, and may not realize that "FirestormViewing" and "FirestormViewerSL" sound pretty sketchy. Those accounts don't seem to be found in Search for me, but a newbie probably wouldn't try that anyway. A script can fetch up their profiles, though, enough to know the former was created on April 5th and the latter on April 6th. The former has a profile pic with a quote from Ayn Rand (but of course it would). Not much to see, but the in-world profiles can be fetched-up by clicking these UUID-linked URLs typed into chat: FirestromViewing: secondlife:///app/agent/7ab6d26c-abc0-444b-b96f-7e95f5510384/inspect FirestormViewerSL: secondlife:///app/agent/76f3aacf-52da-47b8-9f8b-1a31d71ddd07/inspect To be clear, the script owner wouldn't necessarily be so suspect. It could be done from an attachment, in which case the owner would be whoever's wearing that attachment, so the unwitting victim themselves or possibly a nearby friend (an unlikely source of a password request, though). One can imagine object names that might sound convincing when identified as owned by the victim themselves. 4 2 Link to comment Share on other sites More sharing options...
benchthis Posted April 10, 2023 Author Share Posted April 10, 2023 (edited) 10 hours ago, Solar Legion said: Dance HUD a this That's brilliant. Modify a dance hud to have a different texture face looking like official message. want to allow this person to animate you would be replaced with you will be logged out soon enter your password to remain logged in. the password is then sent somewhere somehow. Should be able to track those transmissions. If ll/sl considers pop up notication badges to prevent those being duplicated the official pop up would need to display the pop up like a sub pop up to make sure it is legit. Edited April 10, 2023 by benchthis 1 Link to comment Share on other sites More sharing options...
Solar Legion Posted April 10, 2023 Share Posted April 10, 2023 Oh for .... Link to comment Share on other sites More sharing options...
Sid Nagy Posted April 10, 2023 Share Posted April 10, 2023 2 minutes ago, Solar Legion said: Oh for .... Yes? 1 Link to comment Share on other sites More sharing options...
Maitimo Posted April 10, 2023 Share Posted April 10, 2023 19 hours ago, Sid Nagy said: An awful lot of people never script. Have no clue. A pop up appears and asks for input. Those people have no thoughts about scripts or not. They only look at the question. Is it a valid question, they will possibly answer. If they are aware of phishing even inworld, they will not. I would have been one of those people. Except, the first scam phish I ever received, was for a service that I wasn't subscribed to, so I knew right away that it was fake. If it had been something I had been subscribed to at the time, I would have entered my credentials without a second thought. That was at least 15 years ago and of course, now I know better. But I can certainly see how someone who is non-techy, never reads tech news, doesn't participate in forums like this and doesn't use social media for anything beyond their little circle of friends and family, could easily not know enough about it to take the proper precautions. 2 Link to comment Share on other sites More sharing options...
pizza7 Posted April 10, 2023 Share Posted April 10, 2023 50 minutes ago, Maitimo said: I would have been one of those people. Except, the first scam phish I ever received, was for a service that I wasn't subscribed to, so I knew right away that it was fake. If it had been something I had been subscribed to at the time, I would have entered my credentials without a second thought. That was at least 15 years ago and of course, now I know better. But I can certainly see how someone who is non-techy, never reads tech news, doesn't participate in forums like this and doesn't use social media for anything beyond their little circle of friends and family, could easily not know enough about it to take the proper precautions. so, i say, before you go online on the web be it sl or anywhere else, you need to know some dont do things... if you drive a car you need a licence. it is sad, but users have to be more educated now. Link to comment Share on other sites More sharing options...
Love Zhaoying Posted April 10, 2023 Share Posted April 10, 2023 I have an obvious idea. I am happy for everyone to shoot it down, here goes! LL could add a basic "keywords check" to the code that displays these input boxes (llTextBox), to check for obvious things like "password" and warn the user with an OFFICIAL pop-up message (which the user must confirm) before displaying the dialog. This could be done "once", "once per session", etc. Basic phishing check. Link to comment Share on other sites More sharing options...
CaithLynnSayes Posted April 10, 2023 Share Posted April 10, 2023 So this is an interesting thread. I've read through most of it but, I have one suggestion for the OP. If still possible, can you please change the typo in the title? It's driving me nuts. "Becareful" isn't a word. It should be "Be Careful". 2 1 Link to comment Share on other sites More sharing options...
LittleMe Jewell Posted April 10, 2023 Share Posted April 10, 2023 2 hours ago, CaithLynnSayes said: So this is an interesting thread. I've read through most of it but, I have one suggestion for the OP. If still possible, can you please change the typo in the title? It's driving me nuts. "Becareful" isn't a word. It should be "Be Careful". Thread titles cannot be changed after 24 hours (except by a Mod) -- just like we cannot edit any of our posts after 24 hours. 1 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted April 10, 2023 Share Posted April 10, 2023 And then: 3 1 Link to comment Share on other sites More sharing options...
LittleMe Jewell Posted April 10, 2023 Share Posted April 10, 2023 37 minutes ago, Love Zhaoying said: And then: And the people that most need to read that will not. No diff from the warnings all over RL about various scams, but people continue to get caught in them. 4 1 1 Link to comment Share on other sites More sharing options...
Qie Niangao Posted April 11, 2023 Share Posted April 11, 2023 3 hours ago, LittleMe Jewell said: And the people that most need to read that will not. No diff from the warnings all over RL about various scams, but people continue to get caught in them. Education is such a slow solution Tempting to seek a techno cure: 6 hours ago, Love Zhaoying said: … a basic "keywords check" … Basic phishing check. Passwords cannot die fast enough to protect all the stupid vulnerable 4 Link to comment Share on other sites More sharing options...
SpiritSparrow Skydancer Posted April 11, 2023 Share Posted April 11, 2023 I actually got an alert from a group I am in about it.. So perhaps more groups could pass on warnings. This will potentially allow non-savvy users to spot an attempt to phish their accounts. Who reads the MOTD really? But most group notices we read.. 2 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted April 11, 2023 Share Posted April 11, 2023 4 hours ago, Qie Niangao said: Passwords cannot die fast enough to protect all the stupid vulnerable Once internet education is widespread, let's say, 10 years ago, there comes a time when "you can't fix stupid". 2 Link to comment Share on other sites More sharing options...
Arielle Popstar Posted April 11, 2023 Share Posted April 11, 2023 16 hours ago, LittleMe Jewell said: And the people that most need to read that will not. No diff from the warnings all over RL about various scams, but people continue to get caught in them. And yet SL has the ability to make sure everyone logging in will see the issue and yet doesn't do so. If it is such a problem that they had to issue a blog post about it, they could have put a flashing message on the viewers splash page and or an inworld notification similar to a Region going offline to make sure a greater percentage of residents are aware of phishing scams. They have the means, why are they not taking advantage of it? 8 hours ago, Love Zhaoying said: Once internet education is widespread, let's say, 10 years ago, there comes a time when "you can't fix stupid". Well perhaps stupid is on both sides of the coin in that to my mind the ones who created the possibility of potential problems, should also be the ones who fix the loophole that allows for it. Last I looked, the general IQ and education level of the general internet user has not increased significantly, so the onus is on developers and programmers to institute safety protocols that minimize or eradicate the potential for problems on their applications. 1 1 Link to comment Share on other sites More sharing options...
Alwin Alcott Posted April 11, 2023 Share Posted April 11, 2023 16 minutes ago, Arielle Popstar said: And yet SL has the ability to make sure everyone logging in will see the issue and yet doesn't do so. If it is such a problem that they had to issue a blog post about it, they could have put a flashing message on the viewers splash page and or an inworld notification similar to a Region going offline to make sure a greater percentage of residents are aware of phishing scams. They have the means, why are they not taking advantage of it? the ones that need it .....they-will-not-read-it Quote the ones who created the possibility of potential problems, should also be the ones who fix the loophole that allows for it. so.. the car dealer is also responsible for solving your stupid driving? .. there are breaks on your car, use them. Quote Last I looked, the general IQ and education level of the general internet user has not increased significantly, .. the safety of pc/computer entry process is as safe as the user uses it 4 Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now