Jump to content

Scam Alert - Please Becareful

benchthis

By benchthis,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 532 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Silent Mistwalker

Silent Mistwalker

Posted
Posted
On 4/14/2023 at 10:42 AM, EliseAnne85 said:

I don't know if you'd find this interesting information or not if it happened before, but I kind of remember something like it once but it was a long time ago.  I'd going to guess it has been done before but maybe once for me a long time ago.  I remember something like it vaguely and NOT putting in my password but actually logging out as it scared me.  I cannot absolutely tell you what it is exactly though, meaning it was the same blue box asking for my password because it said I was about to be logged out.  I remember being "scared" by something.  These kinds of unusual things scare me and my reaction is to log off.   This particular "scam" seems vaguely familiar.  

I didn't log out. I just closed the dialog box and went about my day. That was more than 10 years ago, and I'm not really surprised someone managed to do it again. It's what script kiddies did/do. Give it a few years and it'll crop up again, a few newbies might fall for it but other than that it will fail like it always has since people are usually quick to report such things to LL. LL, with the exception of RZ, has always been prompt in closing financial loopholes.

  • Thanks 3
Link to comment
Share on other sites
  • Replies 272
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Solar Legion
Solar Legion

Its a generic, LSL scripted input dialog - it doesn't care what Viewer the target is using. It can be customized to state it is part of any Viewer. One of the reasons I find this so incredibly la

Qie Niangao
Qie Niangao

I'm going to dive deep here, so apologies in advance for how fiddly this gets. The objective is to see if there's something special about this situation (including the textbox, but broader too) that i

Alwin Alcott
Alwin Alcott

don't click things that you don't know, is still a very wise advice...   but the same with links.. you'll always find people who do... "i am hacked "....noo you clicked" 

Posted Images

Silent Mistwalker

Silent Mistwalker

Posted
Posted
On 4/14/2023 at 3:51 PM, Arielle Popstar said:

Not the children but the geriatrics who are the most susceptible to phishing scams because of less familiarity with computers, cognitive decline, tendency to be more trusting and a few other reasons as repeated studies have proven in past. The "stupid" some of you are all going on about are statistically most prevalent in the older age groups. Here is a few articles some might want to look at before making judgements about the type of people who fall for scams.

The elderly are most susceptible to being scammed because they are targeted more often than the young and dumb.

  • Like 3
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
15 hours ago, MiaWasHacked said:

I already filed 2 support tickets that were immediately closed because I don't have access to the email account I used for my SL account and couldn't answer the secret phrase.

This is when you get on the phone and talk to CS. They can and do ask you questions about your account to verify. One they may ask is to list 3 - 5 people on your contact list. Another would be any and all email addresses you have/might have used. There are other things they can ask about that only the person who opened the account would know the answer to.

Been there, done that. Got my account back.

  • Thanks 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted

..just because your idea is so easily dismissed, don't let that discourage you from making suggestions! There's also a middle ground, where you don't have to defend every single idea like a honey badger (known to attack the top predators, because "honey badger don't care")!

Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted (edited)
2 hours ago, Rolig Loon said:

And there's the basic lesson to be gained from all tis conversation.  Stop focusing on the text boxes.  They are not the problem here. The problem is how to get people using more reliable, safer ways to verify that they are using their own accounts.  I find MFA annoying at times, but I started using it for SL and a few other places because it's the best way I can keep someone else from using my stolen password.

I only log in from home. I don't even have a smartphone or cellphone. 

I don't need Big Brother holding my hand even though I am in my 60s and apparently suffer from dementia or Alzheimer's. 🙄

If someone really wants to take your SL account, MFA isn't going to stop the determined.

Edited by Silent Mistwalker
Link to comment
Share on other sites
Rowan Amore

Rowan Amore

Posted
Posted (edited)

Just to dispel rumors of us older folks falling for phishing scams...

Older adults were the least likely of any age group to report losing money to scams. The overwhelming majority of fraud reports filed with the FTC’s Consumer Sentinel Network by people 60+ didn’t indicate any monetary loss. What’s more, consumers in that age group spotted fraud and reported it before losing any money at nearly twice the rate of people between 20 and 59.

So although we may be targeted more (more assets to phish for?), we fall prey to it less.

Edited by Rowan Amore
  • Like 2
  • Thanks 4
Link to comment
Share on other sites
EliseAnne85

EliseAnne85

Posted
Posted
1 hour ago, Theresa Tennyson said:

Suggestion box, guest book, security system used by a renter but owned by the landlord, searching for an item in a vendor...

Suggestion box, guest book could be done just like a mailbox with a drop in notecard.  But, SL works on the principle that people are either too lazy to learn to work a notecard or too dumb which is unfortunate to view people that way since SL does have a high learning curve and it takes time to learn all this stuff.  

However, I think it's perhaps better overall to look towards some kind of wallet where we can store our lindens offline.  Perhaps a one time code is sent to our phone when we want to check out (spend) lindens, or something....?

  • Haha 1
Link to comment
Share on other sites
Ayashe Ninetails

Ayashe Ninetails

Posted
Posted
8 minutes ago, EliseAnne85 said:

Suggestion box, guest book could be done just like a mailbox with a drop in notecard. But, SL works on the principle that people are either too lazy to learn to work a notecard or too dumb which is unfortunate to view people that way since SL does have a high learning curve and it takes time to learn all this stuff.

Where is this stated?

I get tons of notecards dropped on my head every day from one source or another. Not to mention all the notecard fiddling that goes into AOs and scripts and the like.

  • Haha 1
Link to comment
Share on other sites
EliseAnne85

EliseAnne85

Posted
Posted
5 minutes ago, Ayashe Ninetails said:

Where is this stated?

I get tons of notecards dropped on my head every day from one source or another. Not to mention all the notecard fiddling that goes into AOs and scripts and the like.

Well, they had to make a fancy text box to write suggestions and add their name in a guest book.  I gather it looks "easier".  It also probably gathers usernames via a bot.  Dropping in a notecard would suffice, however.  

  • Haha 1
  • Confused 1
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
26 minutes ago, EliseAnne85 said:

Suggestion box, guest book could be done just like a mailbox with a drop in notecard.  But, SL works on the principle that people are either too lazy to learn to work a notecard or too dumb which is unfortunate to view people that way since SL does have a high learning curve and it takes time to learn all this stuff.  

However, I think it's perhaps better overall to look towards some kind of wallet where we can store our lindens offline.  Perhaps a one time code is sent to our phone when we want to check out (spend) lindens, or something....?

So those of us who do not have a cellphone are just SOL and can't buy Ls? 

Let's not do the whole government funded phone thing again please. I'd still have to call my own "landline" to keep it active. And I simply do not want a cellphone nor do I have a need for one.

Link to comment
Share on other sites
Theresa Tennyson

Theresa Tennyson

Posted
Posted
11 minutes ago, EliseAnne85 said:

Well, they had to make a fancy text box to write suggestions and add their name in a guest book.  I gather it looks "easier".  It also probably gathers usernames via a bot.  Dropping in a notecard would suffice, however.  

As opposed to a notecard that's permanently stamped with the name of the avatar that created it?

Link to comment
Share on other sites
EliseAnne85

EliseAnne85

Posted
Posted
1 minute ago, Silent Mistwalker said:

So those of us who do not have a cellphone are just SOL and can't buy Ls? 

Let's not do the whole government funded phone thing again please. I'd still have to call my own "landline" to keep it active. And I simply do not want a cellphone nor do I have a need for one.

I know this is the other problem.  That's why my post said send a one-time code to our phone when we want to checkout (spend) lindens...or something?   Perhaps there is something else that doesn't involve phones.   Plus, make it opt-in. And, perhaps make it so that we need a one-time code sent to our phone when spending over 500 lindens.  

But, with perhaps many people wanting wallets, it would overall still benefit those who do not have a wallet by bringing down the chance of anyone even wanting to do this scam again because they'd probably think not many lindens are accessible via the viewers. 

  • Confused 1
  • Sad 1
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
1 hour ago, EliseAnne85 said:

I know this is the other problem.  That's why my post said send a one-time code to our phone when we want to checkout (spend) lindens...or something?   Perhaps there is something else that doesn't involve phones.   Plus, make it opt-in. And, perhaps make it so that we need a one-time code sent to our phone when spending over 500 lindens.  

But, with perhaps many people wanting wallets, it would overall still benefit those who do not have a wallet by bringing down the chance of anyone even wanting to do this scam again because they'd probably think not many lindens are accessible via the viewers. 

😕?

Send a one-time code to what phone? The landline? It can't get text messages.

The scams aren't going to stop until the people pulling the scams stop pulling them. Good luck with that since many of them don't believe or see (or care) that what they are doing is wrong.

Link to comment
Share on other sites
Rolig Loon

Rolig Loon

Posted
Posted
11 minutes ago, Silent Mistwalker said:

Send a one-time code to what phone? The landline? It can't get text messages.

If you choose MFA, you don't have to use a mobile phone or get text messages. There are several free apps that will handle MFA codes right on your computer. I use Authy myself.  

  • Like 2
  • Thanks 2
Link to comment
Share on other sites
Istelathis

Istelathis

Posted
Posted (edited)
11 minutes ago, Love Zhaoying said:

AI 's will have better scams.

AI will be a lot more convincing for sure.  Ya know though, a lot of scammers intentionally make their scams look more "scammy" with spelling mistakes, so as to weed out the smarter people.  They want gullible people to follow through with their scams, and one way of doing that is by intentionally sending out emails that look questionable to a lot of us.  

I know that sounds counterintuitive, as one would think they want to be as convincing as possible, but it is a means of filtering out people who would catch on relatively easily to the scam.  Those that respond to obvious scams, are more than likely to go along with the scam, this saves the scammers a lot of time.

 

Edited by Istelathis
  • Like 2
Link to comment
Share on other sites
Ayashe Ninetails

Ayashe Ninetails

Posted
Posted

Just to throw some general tips out there (it's a popular time for scams, at least in the US with tax day being around the corner). I know you guys already know this, but just in case:

Inside SL:

Don't click on links unless they're from trusted sources (and even then...)...this has been a problem for a long time now.

Never log in to a website if you arrive there via a link in group chat - no matter how official it looks. They think they're slick.

Don't enter anything like a password or real life info into a text box, no matter what it looks like. If you wouldn't type it into local chat to a group of 30 people, don't type it there either.

 

Outside of SL:

If you get emails from a company asking you to click a button or link and it looks official, verify the email address or better yet - navigate to the site manually and log in that way, because forget that noise! If there's really a problem with your account, you can find it on the official site.

The IRS will NOT call or text or email you digging for personal info - hang up on that mess.

Don't click links IM'd to you or spammed in Discord servers either unless you're absolutely sure it's coming from a real person you know who is actively chatting with you - Discord phishing scams are rampant.

Don't ever say "yes" into the phone before confirming who you're speaking with. "Can you hear me?" scams have been going on for ages.

More tips here (including how to report them) -

 https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

https://consumer.ftc.gov/consumer-alerts/2023/03/it-really-irs

 

Note: I just LITERALLY received a scam email while typing this up - blah blah blah your account blah blaaaaaah (I cancelled Disney+ months ago...get out of here with that!).

  • Like 2
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted
27 minutes ago, Istelathis said:

Ya know though, a lot of scammers intentionally make their scams look more "scammy" with spelling mistakes, so as to weed out the smarter people.  They want gullible people to follow through with their scams, and one way of doing that is by intentionally sending out emails that look questionable to a lot of us.  

I know that sounds counterintuitive, as one would think they want to be as convincing as possible, but it is a means of filtering out people who would catch on relatively easily to the scam.  Those that respond to obvious scams, are more than likely to go along with the scam, this saves the scammers a lot of time.

I did not know this is why scam / phishing emails have all the blatant misteaks*!

In our company's data security training, one of the obvious things we are taught to look for is the mistakes.

  • Like 1
Link to comment
Share on other sites
  • Moles
Quartz Mole

Quartz Mole

Posted
  • Moles
Posted
1 hour ago, Rolig Loon said:

If you choose MFA, you don't have to use a mobile phone or get text messages. There are several free apps that will handle MFA codes right on your computer. I use Authy myself.  

Just to add to Rolig's advice, there's a very helpful discussion of MFA here 

 

  • Like 1
  • Thanks 3
Link to comment
Share on other sites
EliseAnne85

EliseAnne85

Posted
Posted (edited)
2 hours ago, Silent Mistwalker said:

😕?

Send a one-time code to what phone? The landline? It can't get text messages.

The scams aren't going to stop until the people pulling the scams stop pulling them. Good luck with that since many of them don't believe or see (or care) that what they are doing is wrong.

Sorry, I must not be explaining this right.  I said it could send a message to a phone with a one-time code for people who would opt-in and have a phone to do it with.

My original thought in my post that I wrote was send a one-time code message...or something?   When I wrote or something? (I meant something else not yet known as this is not a real plan - but not a phone as the "or something?" which I meant something else).     Anyhow, if you don't understand what I'm suggesting, it's not a big deal because it's not a real plan.  It was hypothetical.  

Edited by EliseAnne85
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 532 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...