Friday, March 9, 2012

it's a ball held in the room of mirrors

This is (verbatim) the message I just received when porting around on the Twisted hunt:
Fata Boa's 'Greeter'
Greetings Emilly Orr, Welcome at Eternal Dream Poses! Please subscribe or group to stay tuned about our new releases! I WILL REMEMBER IT'S ABSOLUTELY FORBIDDEN TAKE SNAPSHOTS INTO THE STORE. THIS IS A STORE, NOT A PHOTOSTUDIO ;) Enjoy Your Stay!
Now, barring my instinctive (and admittedly) childish reaction of Screw you, I'll take pictures where I want...what's making my head tilt on a more rational level is the why behind this statement. Were people coming to her store just to snap pictures, and then leaving without buying things? Did she run into too many illicit late-night photoshoots? She grew tired of picking up torn Polaroids, scattered film canisters and a plethora of lacy underwear, none in her size?

Then, of course, I stepped forward two paces, and as things rezzed in, I realized I was facing a full-size, bleeding bosk carcass (and no, you can go there if you want to see, I snapped NO PHOTOS), so...maybe there is a good reason for her absolutely-no-photos-ever-this-means-YOU policy: she doesn't want to raise the wrath of PETA. (Because all the gods know, they've gotten offended over stupider things.)

In the meantime, the latest rage on SL is...well...full of rage:

[12:38] Kxxxxxx Sxxxxxxxxx: many beautiful little things cost!
[redacting evil "marketplac" link]
[12:39] Lxxxxx Hxxxxxxxx: Altervista... yeah... sure.
[12:39] Rxxxxx Cxxxxxxxx: don't click that...


So, this link went just about everywhere today. I don't think I've heard from a single person who didn't see this or hear about it.

[12:39] Cxxxxxx Mxxxxx: oh dear
[12:39] Bxxxxxxx Axxx: PHISHING!!
[12:39] Kxxxxxx Sxxxxxxxxx: -.-
[12:39] Mxxx Fxxxxxxxx: smh
[12:39] Emilly Orr: I am getting SO TIRED of seeing that damn link


It was the third time I'd seen it, and I'd only been in world an hour at that point.

[12:40] Sxxxxxx Sxxxx: if you open that DO NOT put in any information!
[12:40] Lxxx Dxxxxxxxx: read links before clicking... it says "marketplac."
[12:40] Jxxxxx Lxxxxx prudently does not click that.
[12:40] Axxxx Hxxxxx: yeah i opened it without reading it because i know the person, teaches me to read first
[12:40] Vxxxx Rxxxxxxx: I just logged on, and I already got it like 5 times
[12:41] Sxxxxx Sxxxxxxx: lola, maketplace has ".com" not ".org".....


With perception, and common sense, we can avoid these pitfalls; the problem is that many of us occasionally don't have any. (Myself certainly not excluded from the lack of common sense.)

[12:41] Hxxxxx Lxxxxx: record the name and log a complaint :)

And THERE is the big problem; because these aren't new accounts thrown up just to hassle people. These are established accounts who made the mistake of logging in to a link, giving out information they shouldn't have, and now their OWN accounts have been compromised as a result.

[12:41] Emilly Orr: I get the feeling SL accounts got hacked, because these aren't your usual "been in Sl two days" folks. Some are long-term residents of SL
[12:42] lxxxx Cxxxxxxx: victim after 4 years of being here?
[12:42] Exxxxxx Hxxxxx: ARed
[12:42] Axxxx Mxxxxxxx: I think they spam any groups they're in, maybe IM friends too
[12:42] Rxxxxx Cxxxxxxxx: They do.
[12:43] lxxxx Cxxxxxxx: yeah, you'd think she would know better than to click unknown links
[12:43] Ailsa Muliaina: lez, could have been someone that person trusted who sent the link..that makes it much easier to fall for :)
[12:43] Emilly Orr: So far, everyone I've seen today has been at least two years old, and many more. It's getting odd.


Now, soon after this, "the notecard" started being passed about, group to group. I think it's valid, so I'm reprinting it here, but--as per usual with these things--it went around so widely, in so many different directions, that soon people were getting tired of seeing it too!

Anyway, here's the text of the card:
PHISHING? NO, THANKS

So, what is "phishing"? It is just another way for scammers and other, say... "lazy people" to get your login data and, from that moment, take over your account and use it for their own benefit (usually, monetary, but also impersonating you... or even asking for it to be canceled after it!)

It consists in showing you a link to click (or creatively making it look like an official one - read more below,) very similar to the service you have an account in, usually offering discounts, bargains... and when you click them, they redirect you to a page that can even look the same as the login page (from Second Life, this time.)

So we feel safe, enter our login and password, and bam! We're busted. The scammer now has our login data, and they can very quickly log into the SL website, change our password, change the confirmation e-mail and, of course, log inworld, impersonate us, spend the money, use our credit card if we have associated payment info on file (or spend until the last of our L$ if we don't have this payment info...)

If we copy a link, paste it, and notice that the domain name does not finish in secondlife.com, we can be sure that the website is trying to get our login data.

So, an example:

http://secondlife.marketp.com/ <=== This for sure does NOT come from the official SL web: Don't trust it
http://id.secondlife.com/ <=== It finishes in secondlife.com: It comes from the official SL web

There are other ways for scammers to hide the real Internet address so we click in a link and then input our loging data.
The following page: http://www.arb.ca.gov/html/spoof/spot.htm explains some tips to recognize these attempts of phising.

IMPORTANT - The official link to login into our account via the web is very similar to the following (being the most important how it *begins*):

https://id.secondlife.com/openid/login?return_to=https%3A%2F%2Fsecondlife.com%2Fauth%2Foid_return.php%3Fredirect%3Dhttps%253A%252F%252Fsecondlife.com%252Findex.php&language=en-US

Notice how the link begins:

https://id.secondlife.com/

Here we can read:

https We're login through the Secure HTTP protocol
id.secondlife.com The domain name finishes in .secondlife.com

Read here about a recent case: http://shoppingcartdisco.com/gossip/phishing-scams-popping-up-in-second-life-are-you-next/
This can happen to any of us. It only takes a moment of tiredness to put our login data in the wrong place.

Please, share this notecard: protect yourself by being informed, and protect others by helping them in being informed.

Information is always our best defense against scams.

Take care all,

-- Auryn Beorn
[2012-03-08 12:48] Zxx Sxxxxx: did it automatically take your information or did you have to log in to something once you clicked the link?
[2012-03-08 12:48] Lxxx Rxxxxxx: log into something
[2012-03-08 12:48] Rxxxxx Cxxxxxxxx: I think you have to log in
[2012-03-08 12:48] Lxxx Rxxxxxx: a bogus marketplace site
[2012-03-08 12:48] Pxxxx Vxxxxx: I clicked the link it sent me to the MP and it was a blank page
[2012-03-08 12:49] Cxxxxxx Nxxxxx: Paige, you should change your password as soon as possible.


I can't disagree. May be overly paranoid, but if you did click the link, at the very least change your password. And make sure you change it to something you don't use everywhere else! Otherwise, just be careful out there.

No comments: