Sign in to follow this  
Pamela Galli

Tricky phishing scam

Recommended Posts

Got this notice in the Content Creators group -- an avatar with initials MM (and could be anyone really) IMs and says something like someone is selling your stuff on MP, and gives you the link, which takes you to a fake login page.

 

Share this post


Link to post
Share on other sites

Sadly, "MM" is one of the stolen accounts.  The original owner of said "MM" account must have clicked on one of the phishing links and entered in his username/password.

Everyone needs to be alerted and be careful.  The phishing IM`s prompt people to "Click this link for 50% off sales!"  Or, if you`re a content creator they will IM you with legit looking customer accounts they have stolen saying things along the lines of: "Your hairs are stolen , look here" and paste a phishing link.

Of course, the link is an unofficial SL website that prompts people to log-in.  Once "Logged in" their user name and password have been successfully stolen.  Thief then uses the stolen accounts to make more notices.  Such as in the case of "MM". 

 

Feel horrible for the original owner of that account.  But that isn`t the first or only account that has been stolen (He takes your linden balance, too).  Whoever is behind all of this has been phishing at my sim for awhile now.  LL has been lighting fast with banning the accounts, and for good reason: With $L balances and credit card information on file, this is opening a big big big can of worms.

 

Shoppers and merchants need to be careful.  In my case, the phisher has registered loads of *very* similar user names to mine, hangs out on my sim on multiple accounts, and IM`s customers claiming I (read: him posing as me) am having a sale.  Customer clicks link..and the cycle continues.

 

Here are a few screenshots from phishing attempts at my store "AITUI".  Note the "aitui" usernames he has created in attempt to fool people shopping at my store. 
Obviously, do not submit your user name and password if you should choose to check the links out.

phishing examples.jpg

 

 

Share this post


Link to post
Share on other sites

Pamela, thanks for posting that group notice!  When I opened SL tonight I had a message from Xstreet SL Centeal Authority, advertising MyDear Skin Store. Since Xstreet quit operating some time ago, it seemed scammy to me, but your group note definitely prompted me to delete it.

Share this post


Link to post
Share on other sites

Sadly I have been waiting for this to happen for a while now. 

 

Thanks for the samples, will be adding those to my hosts files on mine and a few dozen other pals machines.  If we can keep bogus urls coming in we can make sure of some level of protection at least for those not keen or adept enough to make sense of the urls and such.

 

As always with these information is the best defence, thanks again for bringing it to the attention of others. 

Share this post


Link to post
Share on other sites

I just messaged ripway that they have a phishing website on their domain... would that work? :P

 

Though, it keeps amazing me by how succesful these scams are, guess it's true that some people don't look up, though in this case it would be not looking at all.

 

Sidenote... the .co.gp address is hosted in germany, also sent them an alert message.

Share this post


Link to post
Share on other sites

What's so tricky, tho, is that the IM could come from a friend or customer -- without the warning I can see myself just clicking the link.

Share this post


Link to post
Share on other sites

I got a IM about this the other day for my old business saying somone was stealing my wepon creations.... I was like uhm I used to do that 2 years ago I dont care if somone is stealing them..... but I noticed the link after  (if your like me and use chrome or firefox itll auto tell you that the page isnt safe when you copy the link in) so I didnt click it..... this is why I dont touch the SL browser cause it has no filters like that

 

Share this post


Link to post
Share on other sites

I use frefox to, it's wonderful for that. I dont recall is IE does it. But since that redzone scam I don't click to many links in SL. And that one given at random would have set off flags to me. I hope LL is taking this serious.   AND DO give a MOTD warning same with phoenix and other browsers.

Share this post


Link to post
Share on other sites

Don't click any spam links at all, is my advice (like the ones in every thread today). I would not be surprised if that avi got hacked and is being used to send spam.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this