Jump to content

Phishing Scheme: Dont Click The Link

Perrie Juran

By Perrie Juran,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 2857 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Perrie Juran

Perrie Juran

Posted
Posted

phishing scheme.JPG

 

An offer for a free gift popped up tonight in one of my store group chats with the message, "new free gift on the Market Place for group members."

I almost got burned by it.

Note the URL carefully and the lack of the secure sign in lock at the start of the URL.

If you got this and tried to log into it then you need to go change your password NOW!

 

Link to comment
Share on other sites
wiked Anton

wiked Anton

Posted
Posted

NEVER EVER EVER EVER EVER EVER EVER EVER EVER use a link given to you, even from second life. If someone asks you to go in and check you details, then use you own bookmark...THIS IS COMMON SENSE AND ANYONE THAT IS STUPID ENOUGH TO CLICK ON A LINK IN THIS DAY AND AGE DESERVES TO LOOSE THEIR **bleep**. IDIOTS

Link to comment
Share on other sites
Peggy Paperdoll

Peggy Paperdoll

Posted
Posted

Pay attention to Perrie's warning.  It's easy to get caught up is some of these schemes.  Even Internet savvy people get fooled (like Perrie almost did earlier this evening).  I did a couple screen shots of his shots and circled the area you need to pay attention to whenever you are on the Internet and some site wants personal information (even if it's a site you are comfortable with such the example Perrie posted).  It's hard to see because of the image size (plus a couple JPEG saves) but look in the address bar of your browser.  If the site wants personal information, like the SL forum log in screen, take a glance at the header for the address.  If it does not say "https://***" when it should then get the heck away from the site.  Perrie saw it but if he was just a little more careless he would have been a victum. 

Get in the habit of glancing at the header everytime you visit a site......even the "well known" sites.

Perrie

Great post Perrie.........thank you.  :)

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
  • Author
Posted

legite.JPG

 

Peggy Paperdoll wrote:

Pay attention to Perrie's warning.  It's easy to get caught up is some of these schemes.  Even Internet savvy people get fooled (like Perrie almost did earlier this evening).  I did a couple screen shots of his shots and circled the area you need to pay attention to whenever you are on the Internet and some site wants personal information (even if it's a site you are comfortable with such the example Perrie posted).  It's hard to see because of the image size (plus a couple JPEG saves) but look in the address bar of your browser.  If the site wants personal information, like the SL forum log in screen, take a glance at the header for the address.  If it does not say
"
when it should then get the heck away from the site.  Perrie saw it but if he was just a little more careless he would have been a victum. 

Get in the habit of glancing at the header everytime you visit a site......even the "well known" sites.

Great post Perrie.........thank you. 
:)

I did another snip, hopefully this is clear enough.

You can see the security lock and the "https"  that a legitimate page would have.  Also note carefully how the domain name is listed.

Link to comment
Share on other sites
GothGirl Demonia

GothGirl Demonia

Posted
Posted

Thanks, I got advised about a similar phishing tactic just recently.

Also it appears griefers are using in world objects to offer free gifts to people and when they click sigin in and provide username and password it could put their account at risk.

Also it might be best that all users manually type their password in the box, do not have it set to save on their pc I believe this is the way my account was compromised although I do remember one link that was sent to me on my friend list and I did sign in before checking the link all it takes is one little mistake though and goodbye account.

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
  • Author
Posted

GothGirl Demonia wrote:

Thanks, I got advised about a similar phishing tactic just recently.

Also it appears griefers are using in world objects to offer free gifts to people and when they click sigin in and provide username and password it could put their account at risk.

Also it might be best that all users manually type their password in the box, do not have it set to save on their pc I believe this is the way my account was compromised although I do remember one link that was sent to me on my friend list and I did sign in before checking the link all it takes is one little mistake though and goodbye account.

The Second Life Web Site does NOT offer a save password option.  It does offer "remember me," which would be your sign in Name.  I've never used but the comments in the Forum have seemed to indicated that it doesn't work well.

The Viewers DO have a save password option. 

I guess there are some people who do use 'save password' judging from comments I have read.  I consider this the height of foolishness.

When you consider all that has been written about safe computing, why any Service Provider would provide the ability to "save password" is at least to my thinking, 100% asinine.

 

Link to comment
Share on other sites
Czari Zenovka

Czari Zenovka

Posted
Posted

Whoa!!! I could easily have been fooled by that one and I consider myself fairly savvy on not clicking embedded links, not providing account details to online programs, email phishing schemes (I keep getting emails for a game I've never purchased nor played, but owned by the same company of a game I have played that says my account is about to be deleted if I don't click some link...) - but this one is tricky.

Many, many thanks for the heads up, Perrie!

 

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
  • Author
Posted

phishing 2.JPG

 

Bumping my own thread.  This is today's offering. 

And I think this topic is important enough to keep alive for a while.

Once again, no secure lock and "https" in the URL.  And this URL doesn't even include the word "second life."

As I stated in my original post,

IF YOU HAVE ENTERED YOUR LOG IN INFORMATION INTO ONE OF THESE FAKES,

THEN YOU NEED TO GO CHANGE YOUR PASSWORD NOW!

 

Link to comment
Share on other sites
  • 3 weeks later...
  • 2 weeks later...
Perrie Juran

Perrie Juran

Posted
  • Author
Posted

sven Homewood wrote:

https is not a grant for being genuine. It's just one more hint that the site could be a fake or not. The most important part is actually the domain. Which is in case of SL secondlife.com. The domian of the phishing site is altervista.org. You can also practice spotting phishing sites here:
for example.

yep

as i stated further down:

"You can see the security lock and the "https"  that a legitimate page would have.  Also note carefully how the domain name is listed."

Link to comment
Share on other sites
Perrie Juran

Perrie Juran

Posted
  • Author
Posted

free lindens.JPG

Free lindens2.JPG


Something a little different today.  Can't say that this is really "phishing." 

Interestingly enough, they do have a disclaimer on the bottom of their page.

I would be skeptical if they have permission to use the Second Life Logo.

I wonder where I would report that.?

Maybe we need a group, "Residents For A Phish Free Second Life."

Link to comment
Share on other sites
Dillon Levenque

Dillon Levenque

Posted
Posted

But, but...what if it's for real? I mean, it appears to be about getting paid to partake in surveys, doesn't it? Maybe this place is where all the really smart (or really well-financed) college kids go to get their 'virtual world' survey questions answered. It could be the solution the Forum has waited for! Pay for palaver. Lindens for learning. Bucks for B... nm.

Our survey SAYS: naah, probably not.

Link to comment
Share on other sites
Jadeclaw Denfu

Jadeclaw Denfu

Posted
Posted

Dillon Levenque wrote: "But, but...what if it's for real? "

Trust me, it isn't.

The Key point here is: To get the free Linden$, they don't need your SL-Password.
Only your full avatar name.

What a genuine paying survey site would do, is to set up an agent account inside SL and tie
that to their IT.

One Example: Eldexchange (the exchange I use) has set up such an agent, whenever I transfer
L$ from them into my SL-Account, I get a message stating "N... B... paid you xxxL$".
All they needed was my full avatar name and nothing else. They never got my SL-Password.
The password for my account there is a different one.

Dillon Levenque wrote: "Our survey SAYS: naah, probably not."

And with that, you're right on the money.

 

Link to comment
Share on other sites
  • 2 weeks later...
  • 6 months later...
Mileva Milev

Mileva Milev

Posted
Posted

Jadeclaw Denfu wrote:

Dillon Levenque wrote: "
But, but...what if it's for real?
"

Trust me, it isn't.

The Key point here is: To get the free Linden$, they
don't
need your SL-Password.

Only
your full avatar name.

...

One Example: Eldexchang.... They
never
got my SL-Password.

The password for my account there is a
different
one....

 

Jadeclaw is right. Or to say it with other words:

 

Never give your account name AND password to anyone or any link.

 

The links can look very differnt, for eample a freebie you get or a full perm item you bought and it opens a link for download or reward. When it asks you for your SL name AND SL password it is phishing. When it asks you for your SL PASSWORD, it is phishing, because they probably have your account name from action before.

When you have to create a new (!) account to get bonus or third party money exchange ... ensure to use a different password.

 

 

 

Link to comment
Share on other sites
  • 2 years later...
You are about to reply to a thread that has been inactive for 2857 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...