Jump to content

Scam Alert - Please Becareful

benchthis

By benchthis,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 443 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Theresa Tennyson

Theresa Tennyson

Posted
Posted
1 hour ago, Arielle Popstar said:

For me it begs the question though of why I would want to give them even more personal information when I am not so impressed with their handling of the info they already have. Is it going to be data available for bots to scrape in a new hack or scripting exploit?

 

But doesn't your "solution" require anyone wanting to use a text box (excuse me -- more properly, Nefarious Text Box) to provide data to Linden Lab?

Realistically, if "payment information on file" was an effective barrier (which it isn't) the best solution would be to require all accounts to have it on file. Personally, I'd have no problem with that. But then there would be widespread screaming about (wait for it...) security.

  • Like 3
Link to comment
Share on other sites
  • Replies 272
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Solar Legion
Solar Legion

Its a generic, LSL scripted input dialog - it doesn't care what Viewer the target is using. It can be customized to state it is part of any Viewer. One of the reasons I find this so incredibly la

Qie Niangao
Qie Niangao

I'm going to dive deep here, so apologies in advance for how fiddly this gets. The objective is to see if there's something special about this situation (including the textbox, but broader too) that i

Alwin Alcott
Alwin Alcott

don't click things that you don't know, is still a very wise advice...   but the same with links.. you'll always find people who do... "i am hacked "....noo you clicked" 

Posted Images

EliseAnne85

EliseAnne85

Posted
Posted
34 minutes ago, Innula Zenovka said:

I don't remember this ever happening before.  Do you?

I don't know if you'd find this interesting information or not if it happened before, but I kind of remember something like it once but it was a long time ago.  I'd going to guess it has been done before but maybe once for me a long time ago.  I remember something like it vaguely and NOT putting in my password but actually logging out as it scared me.  I cannot absolutely tell you what it is exactly though, meaning it was the same blue box asking for my password because it said I was about to be logged out.  I remember being "scared" by something.  These kinds of unusual things scare me and my reaction is to log off.   This particular "scam" seems vaguely familiar.  

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
CaithLynnSayes

CaithLynnSayes

Posted
Posted

Right, i promised i would not react anymore but i just can't with this. @Arielle Popstar, After me, several people have tried to explain to you that what so religiously believe to be thé solution to this, isn't going to be feasible but when they do you (as usual) have a bit of a go at them. It's... fascinating, but a little embarrassing. Specially because you said you're Dutch. I'm Dutch too and I took it a tad personal what you said that about the Dutch but i thought i'd let it slide.

I wonder how it doesn't click in your head that several people have said basically the same thing to you now. Trust me, i get that you passionately want to find a way to prevent this 'new' type of phishing. Restricting script functions isn't one of them though. It just really isn't.

Someone here said what i didn't want to say at first but it's exactly right. We shouldn't have to pay for people's stupidity.

You've tried several reasons as to why this part in LSL should be restricted. Allow me to suggest to you a new one:

somebodythinkofthechildren.jpg.fadc4a76ca8d65a5a1b820f6bd9432cd.jpg

Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted

If they magically "fixed" text boxes so there'd be no possible way for anybody to compromise their password through them, do we really think it would stop successful password phishing? Any scripter knows multiple alternate ways to solicit a password from a user without using llTextBox, and however they'd work, some users would "bite".

The problem is not llTextBox. The problem is passwords.

  • Like 4
Link to comment
Share on other sites
Istelathis

Istelathis

Posted
Posted

Unfortunately, there will always be people who are easily separated from their money and there is little we can do about it other than try to keep them away from computers.  Imagine getting rid of the Internet as a solution to spare them from the multitude of scammers out there.  At some point, you just have to say we have done everything feasible that we can do, and try to warn people of potential ways they can be scammed.  This still doesn't work for a lot of people.

 

Not saying that anyone deserves to be scammed, but when the solutions to every problem becomes "Lets remove features people use, so they can not be abused" people start to get resentful toward the gullible.  

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted
12 minutes ago, Qie Niangao said:

If they magically "fixed" text boxes so there'd be no possible way for anybody to compromise their password through them, do we really think it would stop successful password phishing? Any scripter knows multiple alternate ways to solicit a password from a user without using llTextBox, and however they'd work, some users would "bite".

The problem is not llTextBox. The problem is passwords.

You'd think MFA helped, I guess not enough adopted it yet..

  • Like 2
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
5 hours ago, Innula Zenovka said:

From this I conclude that this exploit must be pretty rare.   Or perhaps it's a common occurrence but, for some reason, no one has ever thought to publicise it in groups or the forums before.  

Which do you think is more likely?

Well even if in past it was rare, considering the amount of current discussion about it both here and other social media sites, it would not be unexpected to see an uptick of similar scams as S/L has made it so easy to do.

4 hours ago, Theresa Tennyson said:

But doesn't your "solution" require anyone wanting to use a text box (excuse me -- more properly, Nefarious Text Box) to provide data to Linden Lab?

Yes that is the point. If they want data from residents, they should at least be willing to provide data to LL to make them tracible in case they use the resident data for nefarious purposes. Why would you have a problem with that?

 

3 hours ago, CaithLynnSayes said:

somebodythinkofthechildren.jpg.fadc4a76ca8d65a5a1b820f6bd9432cd.jpg

Not the children but the geriatrics who are the most susceptible to phishing scams because of less familiarity with computers, cognitive decline, tendency to be more trusting and a few other reasons as repeated studies have proven in past. The "stupid" some of you are all going on about are statistically most prevalent in the older age groups. Here is a few articles some might want to look at before making judgements about the type of people who fall for scams.

https://www.zdnet.com/article/cybersecurity-why-more-needs-to-be-done-to-help-older-people-stay-safe-online/

https://eandt.theiet.org/content/articles/2017/01/the-elderly-most-at-risk-from-cyber-crime-report-warns/

https://cybernews.com/security/who-is-most-vulnerable-to-cybercrime-new-report-reveals-surprising-insights/

https://www.securitymagazine.com/articles/94684-cybercrime-report-finds-young-adults-and-adults-over-75-most-vulnerable-to-fraud-attacks

It is not that I want to see content breaking but at the same time I question the Lab allowing ready access to scripting features which makes it child's play for anyone to do so without some degree of accountability. It's all well and good till an older parent gives away your inheritance to some scammer. There are plenty of examples on other parts of the net where that has happened. And just because it might be silly to think it would happen on S/L, there is an aspect of industry standards at play here, especially as the Lab makes the tools to set up a phishing scam so readily available and especially on a platform where there is such a high percentage of the age group that is most susceptible.

  • Like 1
  • Haha 2
  • Sad 1
Link to comment
Share on other sites
Sid Nagy

Sid Nagy

Posted
Posted

People with Dutch roots should know what "van een mug een olifant maken" means.
Just saying.

LL made a post about it in the blog.
People who are a member of an inworld group or two are spammed by their groups several times about it.
That should do the trick.
On to the next one.

  • Like 3
Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted (edited)
21 hours ago, Arielle Popstar said:

Well doesn't bother me as I follow your frequent Pet Peeve posts on how you often get less then you were expecting from different creators and your peeve at being scammed

I don't consider getting less than I maybe expected from a creator as getting "scammed".   

When I'm peeved at getting less than expected, that almost always has to do with them doing things like charging for a "gift" or giving the same item in multiple hunts or giving an event gift of some really no-nothing item (like a sippy cup) when they are a clothing creator or putting some staple colors like black/white in a fatpack only -- those kinds of things.  While that makes me think less of the creator, it doesn't mean I was "scammed".

 

Edited by LittleMe Jewell
  • Like 2
Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted
1 minute ago, Solar Legion said:

The problem is not passwords. The problem is users/people.

Users/people are the reason passwords can't work. They're just not fit to purpose, wherever fallible people are involved. We keep finding exciting new ways to lose out to that human/password combination. But it'll be around a while, hard and expensive to fix.

People are definitely the problem at a higher level of organizations and processes. I'm thinking the Pentagon has some grand-scale operational security problems to solve about now. Organizations can be fallible, too… usually are.

Link to comment
Share on other sites
CaithLynnSayes

CaithLynnSayes

Posted
Posted
3 hours ago, Arielle Popstar said:

...there is an aspect of industry standards at play here, especially as the Lab makes the tools to set up a phishing scam so readily available...

There is a DIY store near me that allows me to buy a screwdriver that i can use to break into a car/house. They don't question me what my intend is with the screwdriver when i buy it.

 

You've cited a couple of articles that say a change should be done. None, however even suggest what you're proposing here so i don't really understand why you even posted them. I'm sure all of us here agree with you on the matter of implementing mechanisms that would protect the end user but i ask you, name me one example where restricting tools that where available before have had a positive outcome. Name me just one.

The way to go here is to prevent through education. I don't know if you're a Firestorm user but FS has always had a random "loading screen tip". Since recently they have 2. The first one is always a warning about this latest phishing attempt and not to just randomly enter your password in a box that asks for it.

"The Lab" (as you call them) isn't going to take the route you suggest. For the simple reasons that several people have already told you. Mainly that it will break a lot of content and secondly, but perhaps more importantly. It will actually act as a deterrent for people to create/script things, helping to make SL less attractive to new (and existing) users.

Preventing phishing attempts isn't as simple as just switching off abilities, or restricting them. You have to think about what such a restriction (yes, i keep calling it that, because it is) will do in the end and i promise you, it isn't going to turn out as you hope it will. I mean, just look at the reaction of several people just here. Imagine the backlash once this would roll out.

 

  • Like 2
Link to comment
Share on other sites
MiaWasHacked

MiaWasHacked

Posted
Posted

I was one of the "idiots" that got caught in this hack. I use encrypted email and a VPN to protect myself from some of the many attacks on the internet. I NEVER click on links and have probably avoided dozens if not hundreds of attacks over the years. I'm not some ignorant newb to the internet. This attack happened when I was distracted and let my guard down.  I should not have assumed that because it was inside the viewer that it was safe. I'm just bringing it here so it might prevent just one person from the grief of losing over 10 years of friends, landmarks, groups, and inventory. In all my time in SL I had never even seen this input popup. That's possibly just because of my habits in SL it was never displayed. What kind of things is this even used for?

Is it possible the word "password" can be filtered out of this submission form without wrecking the entirety of SL as some people seem to think that any sort of change or fix would do?

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
22 hours ago, CaithLynnSayes said:

There is a DIY store near me that allows me to buy a screwdriver that i can use to break into a car/house. They don't question me what my intend is with the screwdriver when i buy it.

That is a pretty rough hack. Here is some tricks for Jeeps and Tesla's

https://www.wired.com/video/watch/hackers-wireless-jeep-attack-stranded-me-on-a-highway

https://www.wired.com/story/tesla-model-x-hack-bluetooth/

Developer incompetence, not user.

Quote

You've cited a couple of articles that say a change should be done. None, however even suggest what you're proposing here so i don't really understand why you even posted them. I'm sure all of us here agree with you on the matter of implementing mechanisms that would protect the end user but i ask you, name me one example where restricting tools that where available before have had a positive outcome. Name me just one.

The point of those links was to show who were the most vulnerable. Maybe once residents turn 65 they should be retired from having an active SL account so as to protect them from Phishing attacks?

As far as positive outcomes, well there are thousands of bug and vulnerability fixes in SL alone that had positive outcomes as the software was no longer as vulnerable or buggy!

 

Quote

The way to go here is to prevent through education. I don't know if you're a Firestorm user but FS has always had a random "loading screen tip". Since recently they have 2. The first one is always a warning about this latest phishing attempt and not to just randomly enter your password in a box that asks for it.

Education is something I have also suggested though I did point out the SL blog wasn't specific enough to tell users the nature of how Phishing looks here with these dialogue boxes.

Quote

"The Lab" (as you call them) isn't going to take the route you suggest. For the simple reasons that several people have already told you. Mainly that it will break a lot of content and secondly, but perhaps more importantly. It will actually act as a deterrent for people to create/script things, helping to make SL less attractive to new (and existing) users.

I don't know what route "The Lab" is going to take if at all, do you? But hey, people could put up Youtube videos for new people to join Secondlife, and easily phish other residents for fun and profit through ready made scripts. That will no doubt be a good attraction. 

Quote

Preventing phishing attempts isn't as simple as just switching off abilities, or restricting them. You have to think about what such a restriction (yes, i keep calling it that, because it is) will do in the end and i promise you, it isn't going to turn out as you hope it will. I mean, just look at the reaction of several people just here. Imagine the backlash once this would roll out.

Ok fine and I agreed with that so what is another way to prevent this becoming the new standard for making L$? Education of residents alone is not going to cut it imo. Something needs to be done also to prevent griefers from using these sort of vectors. I've suggested PIOF which you obviously don't like, so what do you suggest as an alternative?

  • Haha 2
Link to comment
Share on other sites
EliseAnne85

EliseAnne85

Posted
Posted (edited)
38 minutes ago, MiaWasHacked said:

What kind of things is this even used for?

This script has both a SUBMIT or IGNORE with a box where one can write something.  Submit what, I have no idea.  I do not use the script in all my years of building in SL.  I don't know what SL users need to SUBMIT with written data via this script?  It could be an Adult thing.   And, I don't do Adult, so I have no idea what people in SL would need to submit nor to whom.  I have sold thousands and thousands of sleep-only no sex beds plus furniture for one - mostly to the alt community or to those who need a business alt but want a nice looking little inexpensive place.  

If someone could answer what this script is used for, it would be helpful. 

Edited by EliseAnne85
  • Thanks 1
Link to comment
Share on other sites
MiaWasHacked

MiaWasHacked

Posted
Posted
2 minutes ago, EliseAnne85 said:

This script has both a SUBMIT or IGNORE with a box where one can write something.  Submit what, I have no idea.  I do not use the script in all my years of building in SL.  I don't know what SL users need to SUBMIT with written data via this script?  It could be an Adult thing.   And, I don't do Adult, so I have no idea what people in SL would need to submit nor to whom.  

If someone could answer that, it would be helpful.  

Well...I needed to submit my password or be logged out. I know! I know!

Silly me

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 443 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...