The Most Common Type of Phishing & Security

[GothGirl Demonia]

I have seen a lot of Phishing Threads lately, and would just like to talk about the most type of phishing scams.

1. The most type of phishing Scam currently used which gets a lot of people from all types of different MMORPG games, and services including Second Life, is the phishing Scam, which is sent via email, and contains a link asknig you to login to your Second Life account, for things like Payment Information, Account Compromise, TOS/CS Violations  which are not really from Linden Lab for example, or from the game company sending them to you but a fake company sending links which if you look at them you will notice there is something a bit strange or different about them, never trust links sent to your email, and if you have questions about it always log directly in from the actual games site, or service you are using.

* One way to tell if a link is fakse is to have your status bar enabled on Internet Explorer, and put your mouse over the clickable link do not click on it, but look at the bottom of your status bar, and it will show the full link and you can usually tell if its fake. Also the headers of course but I mostly check by links.*

2. These type of links are also sent through Second Life, for example someone claiming to be a good citizen will send you a message, they might even try to use display names too fool you saying go to the market place because your goods were CopyBotted, and as soon as you sign in they got your login and password it will redirect you to the actual market place site that Linden Lab owns, or the game company, but it is not theirs. They could even be your friend, or someone else in a sandbox for example you ask where they bought something they send you the fake login link and you click on it and enter your login information without thinking.

3. I run across Phishing Scams all the time, I get them in my email from multiple game companies, now a lot of people wonder, how did they get my email to do such, well there are numerous ways people could have obtained your email, and the most common way and questions you have to ask is.

1. Did you do a third party trade such as L$, or third party exchange on a website with people known as Chineese Farmers, I know third party websites sell Linden Dollars, and other game currency for example.

2. Did you use your email on any other service besides Second Life, and if you do I recommend you make one just for Second life, make the password extra secure, if you were a member of sony as well who had their account compromised, and used the same password, or security information for example, Change your password, call Linden Lab and change your security question, dont just use a basic answer, but user numbers as well, and possibly more than one word so its not easily guessed, and never talk about it in game, dont use common things such as a game character, or information about your family which can be easily gussed.

Rogue Exploits/Viruses.

For those of you not aware there is an actual virus, or rogue exploit out which can effect the computer, one of them fakes itself as a MicroSoft security program, and takes full control over the computer, which also may contain keyloggers, however an experienced person or someone who knows what they are doing can easily remove and fix their pc without any format needed. Another major Virus/Keylogger going around is the new one which watches in the background for when you login to your online banking, and as soon as you do it logs your information, takes snapshots, and spoofs itself to display incorrect pages, for example you go to your bank website, this rogue virus will redirect your browser to a different login page spoofed to look like your own, and before you know it they clean out your account, so another reason to be very careful.

http://redtape.msnbc.msn.com/_news/2012/01/06/9986119-new-virus-raids-your-bank-account-but-you-wont-notice

The Best AntiVirus.

For those not aware, the Norton Source Code, which was stolen, I hear some sasying that it was the source code to their AntiVirus from 2006, so if a hacker group can easily steal the Norton Source Code, then why would you trust them, or their products to protect your PC. While some sites are saying it is the old code from 2006 which makes the AntiVirus, others and other rumors are saying it is the most recent one, there is no way to be sure, but either way their security failed to protect them, and why would someone trust a product.You know, there is an obvious reason why people made a meme that says Not Even Norton Can Protect You. Just because the comapny says one thing doesn't mean its always true.

http://securitywatch.pcmag.com/none/292432-report-symantec-confirms-theft-of-norton-antivirus-source-code

And for the love of god, do not trust StopSign Internet Security, their company had similar stuff happen to them back in the day, and you know those programs they talk about over TV, called Fix my computer because its slow and all that other stuff, Totally Useless.

Now based on my own opinion for the basic user the best security you can get is.

1. BrainCells to know how to operate and fix your own computer incase of epic fail, in other words the most that can go wrong is you get a virus have to format and fix it. ( Remember) Always keep at least Two BackUP's of all important Files you do not wish to loose.

2. An Anti Virus like AVG internet Security, along with their AVG PC TuneUp, is very helpful, I have used it for years, edited the advanced Security settings to my own profile and such to match what I need it to do and the best I have seen or used so far.

3. Zone Alarm, is also a decent Firewall itself.

4. Malaware Bytes, and Adawre is good for removing unwanted possible keyloggers and spyware from your computer that other virus scanners might not detect.

5. Perfect Disk 12, for defragging a PC's Hard Drive, is actually a good program.

6. A VPN service for when you have to go offensive instead of defensive, and make sure you have your VPN, and traffic set with all programs you are using so that if the connection gets interupted for any reason your connection breaks, It is optional to have access to Public WI-FI, and a Second ISP connection the more the better. * Dont Forget *TOR* is your best friend as well. Remaining Anonymous on the internet can pay off as well.

7. Check Windows Updates, and All custom settings, and internet security, as well as do a command prompt SFC/ScanNow once in awhile to check your system files on vista, not sure if its the same for windows 7.

8. You could always use a Router, and Computer Based Hardware firewall, like some of my computers have along with your Anti Virus Firewall to provide additional security.

9. Another thing that is important is to make sure your router does not respond to pings, and that you are protected from things such as DDOS attacks, and that you have your ports secured properly.

Why is security important.

As games like Second Life, Entropia Universe, and Many MMO Based games grow bigger, security becomes important, because services such as PayPal, can easily be compromised should a user for example obtain your SL username and password, and you have it linked to your paypal account, they could easily overdraw your bank account, buy a lot of L$ for example, and send it to random people all over SL, or Launder it out using third party services, while you may think, oh the FBI can track whoever did this, that is where you are wrong. While it is possible for Law Enforcement to track such, it is a waste of valueable resources when they find out that some 15 year old kid outsmarted an Anti VIrus company, managed to use a disposable Visa Card with no real name tracking to them to pay for a VPN service for example, then went to a Hotel which provides a Free WI-FI Connection, logged into the VPN service, and did this type of illegal stuff from there for example, because when they trace it back down the line they could always send all the money to someone else they hate who has totally done nothing, and worst of all if it gets laundered outside of Second Life, cashed out to paypal from someone elses service, and then is used to pay for other goods which are delivered to some random persons account in another game where that money is then entered into the economy and such, either way it could leave two individuals at loss of serious money, and no one to to take the blame, and possibly an innocent person on the other end if they do mange to track it back to someone who completely had nothing to do with it.

** Should you actually notice any wierd Transactions on your account, like some random person giving you money, it is best you do not spend it, leave it on your account, and contact Linden Lab if you feel someone maybe trying to frame you or create problems for you aka fraud, and of course if you see wierd transactions made on your Account always Contact Linden Lab, or any other service provider who you are dealing with as well such as another game company, or service. Spending such money is not okay, and you could find yourself into more trouble even if you didn't do anything unelss the game company says it is fine, and like maybe months go by with no wierd suspensions and such, but even then you should know the person who did business with you, and or why they gave you the L$, or virtual currency.**

This goes for Credit Card information, and any other game service you use as well such as Entropia as I know that is another big real cash game.

See I am one of those who cosntantly reads news sites, Learns all possible expoits, and such enough to do my best to protect my accounts, and my own computer from Keyloggers, I always report new Security Threats I find to my Anti Virus company, and to Microsoft, as well as all known phishing sites so that hopefully people who try to visit such a site is stopped by Internet Explorer, or by their AntiVirus as it will be Red Flagger for being a known threat. Yes I know a lot of other things as well to do with Fraud, and not talking about Second Life, but things like people do when they scam those prepaid gamecards codes from people saying they can use a keygenerator to obtain unlimited free points lie where they take what you really paid for, thati s another thing people have to watch out for, but there are ways to obtain free ones but it is just as bad as stealing so I would never advise such.

However there are ways to protect yourself from all of this.

1. Use Hard to guess security information for your bank account, dont use the same as you use anywhere else.

2. Make sure that your Bank Account has its OverDraft turned off so that if something overdrafts it isn't paid, however if you put a purchase through paypal and it does overdraw you will get hit with like two NSF Fees but considering you have enough moeny this would prevent people from actually stealing the money from your bank account and making you in serious debt.

3. Use Hard to Guess Passwords for all your accounts for example. Instead of  the word Password, use something like PÄ$sW0rD#9Ä¿72!P, as some services accept sepcial characters, should you loose your password keep it saved on an external floppy, or USB/SD Card disconnected from your network, hey I was threatend before to have my SL account hacked years ago, and I made a SL password which was over 40 digits long, can you imagine that.

4. Another Very Important Thing, If friends access your computer in Real Life, make sure your login info is not saved on your pc, as if anyone manages to copy your cache files, it is very easy for them to get access to your account, for example the MD5 password hash is easily copy/pasted, and also people giving remote assistance through certain programs to help you on your computer could take it, but another important thing to know is that If you use any other Third Party viewer other than what Linden Lab makes, you are already at risk. I am not saying that Third Party Viewers are bad,but someone could put something in one of them you always have to be aware the risk is there.

If you play it smart, and also Do Not Poke The Bear!

Then you are less likely to be a victim of any phishing scam, or have anything like this happen to them, although there are some situations where an Anti Virus, or security does not fully protect you, and it will happen, the most important thing to do when you know you have been infected, is to Unlplug your infected computer from your network, and internet, and start running your security scans on all computers on the same network and such to be safe, as there are some Rogue Exploits that do manage to get past Mcafee, Norton, and AVG, and you can simply be browsing google, or any site and this can occur it happens through pop-up AD, and scripts you don't even have to click anything sometimes.

Be Prepared for anything, not only SL Security but things that can occur in Real Life too such as 2012.

It might all be rumors blah blah world comes to its end December 21, 2012, and I am personally not one to say what is true, talk about politics, or religion, but hey it is always best to be prepared for anything that is thrown at you, do your best to survive, and deal with things that are thrown your way, always expect the knife in the back, you know those crazy internet memes like Thunder Cats, and the Troll guy who backstabs this other guy, well Memes are actually made for a reason to teach things too at least thats my opinion on it, and hey even if nothing comes of any of this or the Zombie Apocalypse be prepared. You might think I am a paranoid person, and hey I am, and there are few things that make actual sense to me in life, I like to think outside the box, and even if nothing comes such as anything ban at least you are prepared for other emergency situations.

http://wiki.secondlife.com/wiki/Linden_Lab_Official:Email_Scam_(Phishing)_FAQ As said by a Linden on another post.

[AliceOneders]

Thanks for all the info, GothGirl.  I have remained with the V3 viewer because I have been concerned about third-party viewers for those types of reasons.  However all those potential exploits are worries.  I have a few questions.  I was looking back at threads in the archive and found this one from February of last year:  http://community.secondlife.com/t5/General-Discussions/GUIDE-Save-the-day-with-proper-network-security/m-p/514577/highlight/true#M254406  Is it still relevant or is it out of date?  I am concerned about the streaming media issue, especially since I've been attending art exhibits or sims which use streaming media as part of the presentation.  Also pretty much any live performance or club will require that enabled in order to enjoy the music there.  I thought I read previously that streaming music was a potential problem also re: revealing an IP address.  Given these types of venues are such a large part of SL, I'm wondering why there's not official information about such potential exploits (and workarounds) provided by LL.   Or maybe there is but I am unsure of where to look?  I've only so far seen these issues appear in the forums.  Especially if they are interested in attracting a larger audience who may not be familiar with having to go through such procedures, I'd think this would be a major focus of LL's.  I also want to reference this thread:  http://community.secondlife.com/t5/General-Discussions/IP-Address-to-Real-Address/td-p/308465/highlight/true/page/9 , especially the last post.  How accurate is this assertion?  There are so many links in-world to outside web pages - for example if you are interested in roleplay there's always a webpage associated with a roleplay sim, usually referred to in a notecard.  Do we potentially have to worry about things like that too?  What about unofficial wiki pages about SL?  For instance, all the roleplay information is "unofficial" on wiki.   Not to mention all the website links on other avatars' profiles to their blogs, etc. 

For those of you not aware there is an actual virus, or rogue exploit out which can effect the computer, one of them fakes itself as a MicroSoft security program, and takes full control over the computer, which also may contain keyloggers, however an experienced person or someone who knows what they are doing can easily remove and fix their pc without any format needed.

Is there any way to find out how something like this specifically can be done so novices can accomplish this should they need to?

Many posters have been complaining about the lack of robust features included in Premium membership.  I know if part of it included educating and helping protect newer members against many of these issues -- perhaps providing tools, centralized information to do this -- I'd think that would be a large incentive to participate, at least for those who are not already well-versed in these issues. 

Now I do understand that LL's job is creating and maintaining systems, so perhaps they already have policies in place to help address these issues that the Lab may not see fit to publicly advertise?  

[Alazarin Mondrian]

Hilariously I get regular email from some phishing outfit claiming to be from Battle.Net who repeatedly inform me that my WoW account will be suspended if I don't update my information by clicking through from the conveniently provided link. I've never played WoW or even registered for it so I've no idea where they got my email address from. Still it goes to show that even the hoariest of old scams never die out.