is it time for you to jump into the next train?

Here's to the new boss, same as the old boss...AKA, here we go again:

[11:16] Mxxxx Gxxxxxx: eek someone gives me a giftcard of 250 linden or something and i dont know the person ! anyone else having this ? i discard it
[11:17] Mxxxx Gxxxxxx: account eventweek2 Resident made today

I've been seeing this, or something like this, hit several groups I'm in since yesterday.

[11:18] Txx Axxxx: delete
[11:18] mxxxxxxxxxxxxxx Rxxxxxxx: delete it and report that user!
[11:18] pxxxxxxxxxxxxx Rxxxxxxx: probably should discard and report, sounds fake
[11:18] gxxxxxxxxxxxx Rxxxxxxx: definitely delete
[11:18] Sxxxxx Axxxx: ugh delete that
[11:19] axxxxxxxxxxxx Rxxxxxxx: Message didn't go through. I haven't had that happen yet, but I don't think I would use that. I'd delete it.
[11:19] Oxxxx Sxxxxxxx: am getting store notices warning of that issue
[11:19] Wxxxxxxx Rxxxxxxx: guess eventweek1 was already taken....lol

No, that's actually another name the current scammer group is using.

[11:19] txxxxxxxx Rxxxxxxx: stranger danger!!
[11:19] Oxxxx Sxxxxxxx: lol
[11:19] Kxxxxxxxx Rxxxxxxx: Delete it and report it
[11:19] Oxxxx Sxxxxxxx: add them to mute list
[11:20] txxxxxxxx Rxxxxxxx: yes I have been seeing reports of event ava handing out a HUD that will take your L$ too :/
[11:21] dxxxxxxxxxxxxx Rxxxxxxx: That account is fake. Ive had another group warn me about one simular yesterday.
[11:22] mxxxxxxxxxxxxxx Rxxxxxxx: last night (SLT) there was someone handing out free Catwa heads. also was created last night that account.

That, I hadn't heard, but it's a bad step up on the scam concept. While a lot of people question things, there are people that buy mesh heads for others, as a kindness, or just because they want to. And due to that, well, people could accept what they think is a gift of a mesh body or head. Dangerous.

[11:23] Kxxxxxx Sxxxxxx: if you have received that kind of thing or even if you DO put it on, dont panic, it can only take your lindens if you give it access. When you put on a hud that wants to take lindens, Firestorm at least asks you just to make sure. Never give access to your lindens unless totally sure its a official store and you just tried to buy something there.
[11:23] Axxxxxxxx Cxxx: seems like its one person behind it all
[11:23] Axxxxxxxx Cxxx: everyone one of them has been named event something or giftevent something
[11:28] 5xx Rxxxxxxx: eventweek2 just send me 350 ls giftcard lol
[11:28] Pxxx Lxxxxxxx: [11:12] eventweek2 gave you this object: Group Gifts - GIFT CARD 350L$ #Rare
pleasxe delete card and ban and block this person
[11:28] Pxxx Lxxxxxxx: name is eventweek2
[11:29] Lxxxx Oxxxxx: I just got one too...lol
[11:29] Oxxxxxxx Rxxxxxxx: yes keep getting them too

It seems like half of everyone, or at least half of the active shoppers, on the grid are seeing these.

[11:29] Oxxxxxxx Rxxxxxxx: person is 1 day old
[11:29] Oxxxx Sxxxxxxx: I already muted them
[11:29] Pxxx Lxxxxxxx: i reported this bot
[11:30] Oxxxxxxx Rxxxxxxx: you can find the group owner
[11:30] Oxxxxxxx Rxxxxxxx: sent them a message , not that it willl help
[11:30] mxxxxxxxxxxxxxx Rxxxxxxx: muting is stupid, report that account.
[11:30] hxxxxxxxxx Rxxxxxxx: Thank you for the alert, guys.
[11:30] Oxxxx Sxxxxxxx: be aware folks that even at the stores you know you can trust you can't always trust people who drop into those stores

Exactly. And the call to block AND report is a good one. Always report instances of fraud to the Lindens.

In other news, another attempt at phishing:

[11:25] Catalina (catalinaa400): Fitted Mesh*ONLY FOR BODIES MESH. We cover the mesh bodies applitud of the market.Maitreya/Slink / Belleza / Omega System & More. {phishing link containing the words "altervista"}
If you have mesh body and are interested in Gifts / Promotions and New Items! Always up to date with Meshbodyfriends!Group FB {Facebook link which may or may not be real}

Why yes, I'm leaving her name clear. As a seven-year avatar, her account probably got hacked, but even if it was, and there was a real person behind it, there's not now. She was blocked and reported by a bunch of us.

As far as "Meshbodyfriends" being mentioned, that is an actual group, but they may not have anything to do with that particular scam, or the scammer. They may have just picked that up so it sounds somewhat legitimate.

[11:25] Exxxxxxx Lxxxxx: PHISHING LINK DONT KLICK
[11:26] sxxxxxxxxxxxxx Rxxxxxxx: FAKE!
[11:26] bxxxxx Rxxxxxxx: DO NOT CLICK
[11:26] Axxxx Cxxxxxxx: YES!!!!!!
[11:26] txxxxxxxx Rxxxxxxx: yes dont
[11:26] Uxx Fxxxxxxxxx: This person is spamming groups with this message

And this one:

[11:32] Sxxxxx Axxxxx: WARNING - do not accept, rez or wear anything from eventweek, eventweek1, eventweek2 If something hits your invent from them without accepting, immediately delete it and clear your trash so there is no risk of accidentally opening it in the future. The one I just got was named Group Gifts - GIFT CARD 350L$ #Rare
[11:33] Gxxxxxxxxxxxxx Rxxxxxxx: Maybe that is how the phishing thing has been going on
[11:33] Sxxxxx Vxxxxxxx: Thank you
[11:33] Gxxxxxxxxxxxxx Rxxxxxxx: a lot of people have had their accounts hacked and the person then bought lindens and did MP gacha shopping sprees

In the hour I've been in world today, Miss C hit two groups I'm in with the 'altervista' scam, and gift card reports are coming in all over. I've counted people in NINE groups I've in so far. And there were four yesterday, so this is a new infestation of thieves. I've also seen the gift card scam used by an avatar named "giftevent".

Stay aware, people. There's a lot of scammers out there.

they said so, it doesn't need no explanation

So, carrying over from part one and part two, this is part three:

[11:41] Axx Sxxxxxxxxx: Well, LL would know, right? They'll have logs of what IP and MAC address the account has been signed onto from.
[11:41] Yxxxxx Rxxxxxxx: No someone who has been here for a good number of years and spreads phishing attempts in all is or her group is a stolen account. That is obvious.

And deeply puzzling.

[11:42] Axx Sxxxxxxxxx: Both old and new accounts are getting stolen, though, that only speaks to the relative level of ignorance.
[11:42] Axx Sxxxxxxxxx: And the fact that it has been happening for years, on many different accounts, it seems kind of silly to think that one given case is responsible for the whole lot of it.
[11:42] Yxxxxx Rxxxxxxx: And the thieves use a spoof to hide the IP and MAC. That is very simple.
[11:43] Axx Sxxxxxxxxx: That's if they're smart in what they're trying to do.

Depends on how many of them are getting caught, and unfortunately, we don't have access to those numbers.

[11:43] txxxxxxxxxxxxxxx Rxxxxxxx: IP can be manipulated, it is done all of the time on attacks to gov't and bank systems, the Pentagon is one of the most attacked systems in existence as but 1 example
[11:43] wxxxxxxxxxx Rxxxxxxx: my point is there is room for doubt as to whether accounts have ACTUALLY been hacked
[11:44] Yxxxxx Rxxxxxxx: Why would someone with so many years in SL would risk loosing their account?
[11:45] wxxxxxxxxxx Rxxxxxxx: who knows how others think?

And, as has been pointed out, all it takes is one moment of inattention to make a fatal error.

[11:45] gxxxxxxxx Rxxxxxxx: these scammers have unintentionally given up their account... not hacked.
Hacking is beyond your control. If you click a phishing link and provide your personal information, it's not a hack... you have been phished.
[11:45] Pxxxxxxx Exxxxxx: not necessarily [Axx]. at the height of the spam wars..it was controlled by two people with only 5-10 employees each. The worst spammer in the world was also the most prolific hacker whom hacked over 3000 accounts and controlled 1000 at any given time
[11:45] Yxxxxx Rxxxxxxx: Excatly [Gxxxxx].

"Excatly"? That's amusing.

[11:46] gxxxxxxxx Rxxxxxxx: Phishing is a slimy way to get ahold of other people's info :(
[11:46] Axx Sxxxxxxxxx: But still one of the most effective.
[11:46] txxxxxxxxxxxxxxx Rxxxxxxx: to a criminal it is a slick and easy way or would no longer be used
[11:47] Bxxxxx Fxxxxx: If you look, most of them are ESL. Also, if you are busy, you may not realize it's a phishing link. I've been in SL for 8 years and I accidentally hit one and put in my info without thinking about. I keep my dashboard page up so had my password changed about 10 seconds later, but all it takes is a moment on inattention.

And being vigilant all the time is draining. Emotionally draining, mentally taxing, and it tips us towards free-floating paranoia, which is not good for most of us.

[11:48] Yxxxxx Rxxxxxxx: The accounts in SL are stolen either because people fall for a very simple fake login page trap or because the have simple stupid passwords. Hacking is one case out of 10,000
[11:48] txxxxxxxxxxxxxxx Rxxxxxxx: it is based on reflexive actions for the most part
[11:48] 6xxxxxxxxxxxxxxxx Rxxxxxxx: and the people who im me about things i have no clue what they are on about just get shut down
[11:48] Axx Sxxxxxxxxx: It's someone casting a large net.
[11:48] txxxxxxxxxxxxxxx Rxxxxxxx: all you need are a few fish for a nice meal ;)

Here, fishy fishy...

[11:49] Yxxxxx Rxxxxxxx: It is based on stupidity of people. They don't even advertise for promoting a product these days. They just post a link. And because of the fear of missing out residents blindly rush for it!

Yeah, remember when spambots used to try to get you to click the link to get Lindens, or for a sale at a store? This one, they're not even bothering to that extent. Zero effort. Outright laziness, that is.

[11:49] Bxxxxx Fxxxxx: A well-known designer in SL got caught and had money transferred out. They got it back, but just that moment of inattention is all it takes.
[11:50] txxxxxxxxxxxxxxx Rxxxxxxx: it's based on reflexive nature of the common user
[11:50] Yxxxxx Rxxxxxxx: It more than inattention. And even then when you realize it is a trap if you change right away your data you are safe.

It's convenience, again. If it's convenient, we'll do it. See a link, click a link, it's safe because it's coming from a trusted store group, or a friend, or a social group, right? Save for...in a lot of cases, it's just not.

[11:50] gxxxxxxxx Rxxxxxxx: sadly that's what the scammers are hoping for. accounts that acquire a lot of lindens or the ones that have payment info
[11:51] Axx Sxxxxxxxxx: I imagine it's all automated. Like they have scripts running on VPSes to log into bot clients with harvested accounts, and the clients are programmed to join groups and regurgitate the link.
[11:51] Yxxxxx Rxxxxxxx: They don't target specific accounts.
[11:51] txxxxxxxxxxxxxxx Rxxxxxxx: payment info is the golden nugget, cyber $ is not the true target.
[11:52] Axx Sxxxxxxxxx: Unless they launder it into non bot accounts.
[11:53] txxxxxxxxxxxxxxx Rxxxxxxx: there have been cash-out monitoring systems in place for several years now that Interpol and other crime-fighting orgs use to combat org crime syndicates

Yes, there are monitoring systems in place, both to observe transactions in real time, and in digital environments. But I'm still not sure Second Life is on Interpol's radar.

[11:54] txxxxxxxxxxxxxxx Rxxxxxxx: it is the payment info they really can't do much about once obtained
[11:57] Bxxxxx Fxxxxx: That's why I use Paypal to pay for my stuff. Adds an extra layer of security
[11:57] Yxxxxx Rxxxxxxx: Yes Paypal is free and an excellent protection.
[11:58] txxxxxxxxxxxxxxx Rxxxxxxx: i use refillable visa cards that have no link to my actual bank accounts
[11:58] mxxxxxxxxx Rxxxxxxx: great idea [Txxxxx]
[11:58] 6xxxxxxxxxxxxxxxx Rxxxxxxx: you know [txxxxx] it wouldnt let me use a gift visa card here

Depends on the company. Some companies' cards read as debit cards, because of how they set up their pay-in systems, and some online services don't deal in debit, only credit. Check with the companies you're interested in purchasing refillable cards with, to ensure they'd be accepted where you want them to be accepted. Also, make sure they don't have any hidden or delayed fees that could zap your budget later.

[11:59] Bxxxxx Fxxxxx: The phishing is a good part of why LL implemented the delay for transferring money out of SL. You used to be able to do it right away, now there's the 3 day delay.
[11:59] Sxxxxx Sxxxxxxxx: diamondgirl34 Comet has been ejected from '[store group]' by Sxxxxx Sxxxxxxxx.

Yay, owner to the rescue!

[11:59] Sxxxxx Sxxxxxxxx: sorry i was afk girls

[11:59] wxxxxxxxxxx Rxxxxxxx: np :)

Indeed not. The deed was done, we're happier for it.

And from yet ANOTHER group:

[11:34] diamondgirl34 Comet: http:// marketplace second life 000977 .my3gb .com/ 09345/ secondlife. htm
[11:34] Cxxxxxxxx Sxxxxxxxx: dont click that omg
[11:35] cxxxxxxxxxxxxx Rxxxxxxx: [f*ck] i almost did
[11:35] Kxxxxx Dxxxxxx: wow this has hit all my groups
[11:35] cxxxxxxxxxxxxx Rxxxxxxx: i didnt even realize
[11:35] cxxxxxxxxxxxxx Rxxxxxxx: i thought it was someone answering me lol
[11:35] cxxxxxxxxxxxxxx Rxxxxxxx: yeah I almost clicked too but then realized it wasn't [store group's] owner
[11:36] Cxxx Txxxxxxxxx: Just block the user, report for phishing links and move on. Chances are it will steal your password if you login to that website.
[11:36] dxxxxxx Rxxxxxxx: omg Oo
[11:45] pxxxxxxxxxxxx Rxxxxxxx: I got sent something by someone at the shop. It says "tsg 50% OFF"
[11:45] pxxxxxxxxxxxx Rxxxxxxx: it's a box, decline it if you get it.

I've heard the same trick's occurring with random offers of gift cards, for stores that don't offer them generally. Now, to be fair, to my way of thinking, someone I don't know tosses me a box or a folder for no reason, purporting to be a gift card for the store I'm in? And I know it's not a store employee or owner? I'm going to decline it. But others may not think about it that much; may, even, think of it as a kind gesture, or a great deal on one of the store's products. And, since most gift cards are used by attaching them...well, I have yet to know how an attachment can drain Lindens from your account UNLESS you give permission for that attachment to access your Lindens, so there's that. But if you agree to give the attachment access to your Lindens, then all bets are off.

[11:45] mxxxxxxxxxxxxxxxxxx Rxxxxxxx: Yeah I just got one but at COCO
[11:46] axxxx Jxxxx: delete it it's probably a hacking tool :X
[11:46] mxxxxxxxxxxxxxxxxxx Rxxxxxxx: Oh I'm sure it is. I muted the person right away
[11:46] pxxxxxxxxxxxx Rxxxxxxx: oh I deleted and blocked the user
[11:46] pxxxxxxxxxxxx Rxxxxxxx: boots something
[11:46] mxxxxxxxxxxxxxxxxxx Rxxxxxxx: BootsGift

Almost right.

What I want to know is, was that particular account gathered in the wide phishing net, too, or did some spammer set up that one? Hard to tell from the name.

[11:46] pxxxxxxxxxxxx Rxxxxxxx: blank profile and everything
[11:46] pxxxxxxxxxxxx Rxxxxxxx: yeah that's it
[11:46] mxxxxxxxxxxxxxxxxxx Rxxxxxxx: I believe
[11:47] mxxxxxxxxxxxxxxxxxx Rxxxxxxx: Wait no
[11:47] mxxxxxxxxxxxxxxxxxx Rxxxxxxx: The one here was
[11:47] pxxxxxxxxxxxx Rxxxxxxx: gonna let my groups know about it
[11:47] mxxxxxxxxxxxxxxxxxx Rxxxxxxx: BootTheGift Resident

That's the one. Also, that one's been mentioned in a post previously, as well.

And to tie things up:

[12:42] Txxxxxx Sxxx: ...is it safe?

I will never not be haunted by that film. Anyway.

[12:42] rxxxxxxxxxxxxxx Rxxxxxxx: its never safe in here
[12:42] Jxxxx Kxxxx: compared to what?
[12:42] Wxxxxxxxxxxx Pxxxxx: What kind of question is that?
[12:43] ixxxxxxxxxxx Rxxxxxxx: Honey, this is SL. May as well be Thunderdome. XD
[12:43] Kxxx Mxxxxxxxxx: NEVER... RUN for your life

All good points, frankly.

[12:43] Txxxxxx Sxxx: half my groups had spam phishing attacks today

Yep. I figure, if it's a group, and it's free to join, diamondgirl has spammed it. Be careful out there, gentles.

you say you don’t spook easy, you won’t go

When last seen, we were discussing diamondgirl's phishing attempts earlier. This excerpt comes from a different group entirely:

[11:32] diamondgirl34 Comet: http:// marketplace second life 000977 .my3gb .com/ 09345/ secondlife. htm

Same statement, likely copy-pasted, which I have again separated out into component parts because I don't want anyone clicking it.

[11:33] wxxxxx Rxxxxxxx: scam

Obviously. But even without that clue, at this point in the day, many group members in many groups had seen this enough to recognize it as spam.

[11:33] Sxxxxx Oxxxxx: wow again
[11:33] Hxxxx Bxxxxxxxx: It has been nonstop today
[11:34] Axxxx Xxx: dont click it
[11:34] ixxxxxxxxxx Rxxxxxxx: everyone's just reporting and blocking the people doing it
[11:35] Txxx Gxxxxxxx: scam dotn click

"Don't". It was likely a slip of the fingers, but...

[11:35] dxxxxxxx Rxxxxxxx: Ban the lowlife scammer.
[11:35] Sxxxxx Oxxxxx: they just dont stop
[11:35] Yxxx Sxxxxxxx: no, don't click bad bot

Bad bot! No data!

[11:35] txxxxxxxxxxxxxxx Rxxxxxxx: not "EVERYone" there is always 1-2 or more that click onto links out of reflex

Unfortunately. You can hand people all the information in the world, and people will still make mistakes. It's a harsh, cold world out there, and we do what we can, but in the end, it only takes a single moment of not paying attention to have your world yanked out from under you.

[11:35] Yxxxxxxx Cxxxxx: you can tell its a scam because it should be https://marketplace... without the S its not secure as the regular good site is
[11:36] sxxxxxxxxxx Rxxxxxxx: I'm sure that link was post in Blacklace as well

Probably. I'm not in the Blacklace group, so I wouldn't know, but it seems highly likely. Might have even been the same avatar.

[11:36] Txxx Gxxxxxxx: sorry my msg come late
[11:36] bxxxxxxx Rxxxxxxx: seems to be turning up in a number of places
[11:36] Txxx Gxxxxxxx: dang so much scam today
[11:36] sxxxxxxxxxx Rxxxxxxx: i could tell it was a scam due to the .my3db.com bit

Well, again, obviously.

[11:36] jxxxxxxxxxxx Rxxxxxxx: they can put fake self signed certificate if they want
[11:36] Axxxxx Fxxxxxxxx: Also, looking at the spammer's profile, that is a hacked account, since it's over 8 years old

Seriously, how are they getting their hands on old accounts?? Newbies I can buy, but oldbies, they should definitely know better...right?

Right?

[11:36] Yxxxxxxx Cxxxxx: hopefully more people are getting wise to it though and are learning what to look out for
[11:37] Axxxxx Fxxxxxxxx: Most spam link accounts are newbie accounts, less than 2 months old
[11:37] sxxxxxxxxxx Rxxxxxxx: i honestly hope so, i hate to see anyone get scammed
[11:37] 6xxxxxxxxxxxxxxxx Rxxxxxxx: its like thinking you won the nigerian lottery
[11:38] Axxxxx Fxxxxxxxx: I have a feeling that the original owner of that account got scammed, they got the person's account info and now using their group memberships to spam

Also quite likely.

[11:38] Yxxxxx Rxxxxxxx: It is not enough to click the link. You have to enter you name and password in the fake login page. So really you have to be careless to get trapped.

Well, to a point. I mean, the fellow that had the one-letter Twitter account got hacked solely because the hacker wanted that one-letter account. It smacks a bit too much of rape apology thinking to say that if he hadn't had that one-letter Twitter account, he wouldn't have gotten hacked, because that's unfair to the situation. He also had non-complex passwords and did much of his business in the Cloud, downloading and uploading through various devices. There were many mistakes made, most of them either to make his personal life easier when on the road, or to increase his business productivity by allowing these interconnections between his devices. But for every device or app that makes life easier in our data-rich world, there's another potential security breach.

[11:39] Axx Sxxxxxxxxx: It's just a constant chain of hijacked accounts.
[11:40] wxxxxxxxxxx Rxxxxxxx: or "alleged" hacked accounts
[11:40] Axx Sxxxxxxxxx: How could it not be?
[11:40] wxxxxxxxxxx Rxxxxxxx: easy to say they have been hacked as it can't be proven otherwise

Okay, there's that, but why would someone say they've been hacked if they haven't been ha....Oh, never mind, I'm being naïve. Carry on.

[11:40] txxxxxxxxxxxxxxx Rxxxxxxx: depends on how tech savvy the criminals are, if very sophisticated there are ways i wont discuss for obvious reasons that can put not just SL ID at risk, but ANY other accounts you access with that specific computer
[11:40] wxxxxxxxxxx Rxxxxxxx: unless you do an IP search

Don't make IP the next Grail. IP addresses can be reconfigured, spoofed, and set aside in various ways at this point. It's no longer the be-all and end-all.

And, as this one's getting long again, chopping the commentary here, to commence anew in part three.

well, we're just a wet dream for the webzine

Now this is the way you warn your group about scams:

[11:30] Gxxxxxxxx Rxxxxxxx: Ladies & Gents alike: Please be advised that there are phony marketplace links going around. This is a phishing scam intended to hijack your account & steal your lindens. Legit MP link is https://marketplace.secondlife.com { Any variation of this is a scam. Stay safe Beauties!! xo

See? Simple, easy, and doesn't involve reproducing a known bad link. Works in every situation, doesn't contribute to the problem.

The irony is, not even three minutes later, we saw this in that same group:

[11:33] diamondgirl34 Comet: http:// marketplace second life 000977 .my3gb .com/ 09345/ secondlife.htm

[[Spaces are mine, because while I want to show it off in full, I do NOT want it to be clickable.]] Also preserving diamondgirl's name, because known bad account is bad.

[11:33] xxxxxxxxxx Rxxxxxxx: DO NOT CLICK IT
[11:33] xxxxxxxxxx Rxxxxxxx: DONT CLICK THAT
[11:33] xxxxxxxxxx Rxxxxxxx: Dont!
[11:33] xxxxxxxxxx Rxxxxxxx: FAKE
[11:33] txxxxxxxxx Rxxxxxxx: oh shoot I so almost clicked that, thanks.

And this is why reminders are still necessary, because people have zero reading comprehension.

[11:33] xxxxxxxxxx Rxxxxxxx: Good you didnt
[11:34] Axxxxx Sxxxxxxxx: [Xxxx], no need to yell
[11:34] xxxxxxxxxx Rxxxxxxx: [Axx]! :D waves and hugs...I got scared! Peeps were posting gyazoo pics,so someone mightve thought its safe..Like [Txxxx]..Sorreh
[11:35] Vxxxxxxx Rxxxxxxx: Diamondgirl's link, is a good example of a fake, or 'Phishing" link.
[11:35] txxxxxxxxx Rxxxxxxx: Thats why I almost clicked it tbh, bc I had just posted my gyazo so my brain was like "oh someone else is sharing too" lol
[11:35] xxxxxxxxxx Rxxxxxxx: Yeah well thats why I yeleld. Kinda..Sorry

I admit it, I am twitching at "yeleld", but it is what she typed, so I'm letting it stand.

[11:35] Vxxxxxxx Rxxxxxxx: *hides Diamondgirl's link behind a very big curtain*

If only it were that easy.

[11:36] mxxxxxxxxxx Rxxxxxxx: she's posting in every group, wtf
[11:36] mxxxxxxxxxx Rxxxxxxx: 4 of mine already popped
[11:36] Gxxxxxxxx Rxxxxxxx: i see >.<
[11:36] txxxxxxxxx Rxxxxxxx: yeah she's not the only one, someone else posted a fake MP link earlier too.

It's almost like she's going down a list of groups.

[11:36] Gxxxxxxxx Rxxxxxxx: 6 of mine so far
[11:36] mxxxxxxxxxx Rxxxxxxx: smh
[11:37] Axxxxx Sxxxxxxxx: ok, have a suggestion ladies, if you're on FS or ctrlaltstudio or the LL viewer, if you have the v3 mini header icons set to show, real mp links, and any real sl web link, will have the sl hand logo before it
[11:38] Gxxxxxxxx Rxxxxxxx: ^ I wish all viewers would hop on the bandwagon...
[11:38] mxxxxxxxxxx Rxxxxxxx: FS!
[11:38] Vxxxxxxx Rxxxxxxx: FS
[11:38] txxxxxxxxx Rxxxxxxx: That's almost a 9 year old acct too, weird usually the scams come from like 2week olds. I bet she was hacked. :\
[11:38] mxxxxxxxxxx Rxxxxxxx: probably

Seems very likely.

[11:38] xxxxxxxxxx Rxxxxxxx: I saw older avis earlier being used for scams...

So here's a question: how are these scammers getting access to older ccounts in the first place?

[11:38] ixxxxxxxxx Rxxxxxxx: [Gxxxxxxxxx], how do you turn that option on?
[11:38] ixxxxxxxxx Rxxxxxxx: in FS
[11:39] Gxxxxxxxx Rxxxxxxx: I believe it's automatic
[11:39] Gxxxxxxxx Rxxxxxxx: i never clicked an option for it.

Some aspects of it are automatic. Since I'm now on Firestorm (at least until Singularity updates to account for the weird vertex buffer issues that are causing me to crash on it), Marketplace links that are listed in profiles or in search automatically show the little SL hand logo. But to set that up for group chat, you have to set that up by hand.

[11:39] ixxxxxxxxx Rxxxxxxx: OK [11:40] Axxxxx Sxxxxxxxx: it in your chat prefs, you can use either v1 or v3 headers.. you need to choose v3 and make sure that mini icons are enabled
[11:40] Kxxxxxxx Kxxxx: Thanks [Axx]
[11:41] Wxxxxxxxxxx Rxxxxxxx: yes thank you

It is a good tip. I'm not crazy about the spacing, so I won't be doing it, but it's pretty simple to track out and implement.

[11:41] Axxxxx Sxxxxxxxx: and she wasn't hacked, she was phished because she clicked a link and then entered her login info...clicking the link itself SHOULD be harmless as long as you don't enter your info, but always be on the safe side, if you click a fake link, change your password
[11:42] txxxxxxxxx Rxxxxxxx: oh wow lol I just changed the chat header like you said and turning V1 off looks so weird. I kind of like it though
[11:42] mxxxxxxxxxx Rxxxxxxx: oooh i like v3 much better
[11:42] Hxxxx Pxxxx: let's report this b...
[11:43] Axxxxx Sxxxxxxxx: I like having the mini profile pic there, and it spaces chat out a bit more so people who have difficulty seeing can see easier
[11:43] txxxxxxxxx Rxxxxxxx: I'm leaving mine this way, it's cool. lol

I'm not crazy about how it works, but then, I haven't liked the last several updates to YouTube, Tumblr, Twitter, and Skype, so maybe I'm just reaching that stage of brain ossification that resists all change. So I won't be running with it, but it could make a difference for people who don't generally read before clicking things.

I captured more chat bits from today, because diamondgirl hit a LOT of groups, but...that's for next entry. See you there.

you're right, I'm not from here

So, more today from a freebie and sales group that is steadily becoming infamous for these little drama flares...

[19:44] Axxxxxxxxx Rxxxxxxx: (( IF YOU SEE THIS DO NOT CLICK ))...Get 2500L$ Just Pass 1 Survey [non-secondlife-link redacted] Click, Join And Win 2500L$ !.

Really? Really? You thought the best way to protect folks from an obvious phishing link was to repost the phishing link?? Way to help the spammers there, madam, go you.

[19:45] Txxxxx Txxxxxx: lol wtf
[19:45] Axxxxxxxxx Rxxxxxxx: IT IS A SCAM

No duh it's a scam! It's also now a scam you're contributing to spreading. Aren't you special.

[19:45] Rxxxx Cxxxxxx: Oh dear..
[19:45] Axxxxxxxxx Rxxxxxxx: I have seen it in 2 of my groups

I've seen it in six today, but who's counting? Still beyond dumb to repost the link with no editing of the link itself.

[19:45] Axxxxxxxxx Rxxxxxxx: in two different names
[19:45] Txxxxx Txxxxxx: today is the attack of the spammers....they are in so many groups today
[19:45] Ixxxxxxxxxx Rxxxxxxx: not wise to paste the link here without breaking it up, so someone doesn't accidentally click it
[19:45] vxxxxxxxxxx Rxxxxxxx: so you posted it here? well done

Good, so I'm not the only one who thinks that was a brain-dead move.

[19:45] Axxxxxxxxx Rxxxxxxx: so i'm warning all of my groups
[19:46] vxxxxxxxxxx Rxxxxxxx: please dont

Yeah, really. Please don't do this, because you're just contributing to viral spam. Just point it out if folks ask, otherwise step back, and do not engage. Don't become part of the problem you're trying to solve.

[19:46] Txxxxx Txxxxxx: yea no need to re-paste the damn thing o.O

My point exactly.

[19:46] Ixxxxxxxxxx Rxxxxxxx: better to do www . secondlife . com (for example)
[19:46] Axxxxxxxxx Rxxxxxxx: i'm telling them not to click the link before i post it so they will know what it looks like

You can do that without posting the exact link.

[19:46] vxxxxxxxxxx Rxxxxxxx: especially as many of us will be in the same damn groups and have already seen it 3 or 4 times
[19:47] Bxxxxx Mxxxxxxxx: I think you should just remind people to not click outside links lol
[19:47] Txxxxx Txxxxxx: yea we get that....still there was no need to put in the link..at all
[19:47] Axxxxxxxxx Rxxxxxxx: you all need to calm down and listen
[19:47] Axxxxxxxxx Rxxxxxxx: I was just trying to help ppl

But in a really, really dumb way. You get that, right? I mean, spamming groups with the phishing links is bad enough, but there's a whole new level in the hyperbolic "PPL R THIEVES ON TEH INTERNET DON'T CLICK TEH THINGS!!1!" screaming. So try to strike a balance. Instead of posting the exact link--thereby exposing more users to risk than you're protecting--say X Resident has been seen posting a link. If the link doesn't look right, don't click it. Or, when you see it pop up, simply say it's a scam, because most people on SL we can at least assume are 18, if not older. Old enough, anyway, not to fall for phishing scams.

[19:48] Txxxx Dxxxxxxx: (wait for it)
[19:48] Axxxxxxxxx Rxxxxxxx: by telling them like I have seen others do in the past
[19:48] Txxxxx Txxxxxx: and....we are just telling you how to go about helping ppl
[19:48] Axxxxxxxxx Rxxxxxxx: yeah but very rude

How was she rude? She said don't post the original link because it's a bad idea. In fact, this is exactly what she said:

[19:45] Ixxxxxxxxxx Rxxxxxxx: not wise to paste the link here without breaking it up, so someone doesn't accidentally click it

How is that rude?

[19:48] Txxxxx Txxxxxx: also...we are all very calm.
[19:48] Axxxxxxxxx Rxxxxxxx: yoy don't have to be rude about it
[19:49] Axxxxxxxxx Rxxxxxxx: you know what good bye
[19:49] Vxxxxx Cxxxxxxxxxx: Please adhere to group rules.
[19:49] Txxxxx Txxxxxx: and... flounce o.O

The flounce is always expected.

[19:49] vxxxxxxxxxx Rxxxxxxx: not rude, i said 'please dont' and didnt shout once
[19:50] Dxxx Hxxxx: well that was lovely
[19:50] Vxxxxx Cxxxxxxxxxx passes out pillows. Please place that between your head and the wall.

Ah, thank you, that's very helpful for those of us deeply needing to bash our heads against a solid surface.

[19:50] txxxxxxxx Mxxxxxx: :/ lol
[19:51] yxxxxxx Rxxxxxxx: cup of tea?
[19:51] Txxxxx Txxxxxx: haha
[19:51] zxxxxxxx Rxxxxxxx: I think you can warn people w/o posting the actual link, there are people in this group who don't read English and may just click the link. But appreciate the fact you want to protect people
[19:55] Axxxxxxxxx Rxxxxxxx: Thank you Zim for explaining that to me politely
[19:56] Axxxxxxxxx Rxxxxxxx: and not jumping all over me for trying to help
[19:56] Axxxxxxxxx Rxxxxxxx: now i know to post it w/o the link

You should have known that before, when Ms. I posted her (non-rude, non-aggressive) reply. Ms. Z basically said the same thing, only added that she appreciated your efforts. So, a little bit of flattery is all that it takes to make you charming? Remind me not to interact with you in future.

some do magic and some do harm

Thought I'd post what amounts to a warning, since it's been seen everywhere this week:

[17:02] ixxxx Rxxxxxxx: ***CLOSING SALE MY STORE ALL OUTFIT 3L$!!! ( fullperms mesh HD quality creation male and female, texturized and ready to use and resell vendor included!!) http://marketplacesecondlife.4rog.in/[deleting the rest but leaving the first bit so you get the idea]
[17:02] Txxxxx Txxxxx: SCAM
[17:02] lxxxxxxxxx Rxxxxxxx: its a scam dont do it
[17:02] Axxxxxxxx Gxxxxxxxxxx: mhm
[17:02] Sxxxx Gxxxxxxxx: o.o
[17:02] Txxxxx Txxxxx: SCAM SCAM SCAM
[17:02] Axxxxxxxx Gxxxxxxxxxx: the url is wrong, DONT click that, just ban the person
[17:02] Ixx Cxxxxxxx: thank you
[17:03] Sxxxx Gxxxxxxxx: tytyty
[17:03] jxxxxxxxx Sxxxxx: omg was about to click on the link.. thankyou for the quick response
[17:03] sxxxxxxxx Cxxxxxxxx: damn was wondering cause i like that store

What store?!? That was a scam marketplace link, designed to steal your info and empty your accounts (RL at least, if not SL) if you buy anything there. So what store?!?

[17:03] mxxxxxxxxxxx Rxxxxxxx: IKR!
[17:03] Sxxxxxxxxxxxx Rxxxxxxx: ty blocked.
[17:03] Cxxxx Exxxxxx: wow ty
[17:04] Axxxxxxxx Gxxxxxxxxxx: ill file a report with LL as well. if you got a minute, do the same and they can block the account

And many, many reports on the person were sent to LL.

Later, in another group:

[17:04] ixxxx Rxxxxxxx: ***CLOSING SALE MY STORE ALL OUTFIT 3L$!!! ( fullperms mesh HD quality creation male and female, texturized and ready to use and resell vendor included!!) http://marketplacesecondlife.4rog.in/[deleting the rest, but it was the EXACT SAME LINK]
[17:04] Vxxxxxxxxxx Rxxxxxxx: now THAT is a bad url, lol
[17:05] Mxxxxxxx Hxxxxxxxxx: ugh.... scam.... I'm sure you all are smart enough not to click on that link
[17:08] yxxxxx Rxxxxxxx: Yes this new PHISHING attempt is turning since a few days
[17:08] Mxxxxxxxxx Nxxx: it's actually not new ...they have used it many times, [Yxxx] =D

Yeah, it's far from new. The sad thing is people are still clicking these links. Gentles, listen, if it doesn't look like a marketplace link, IT IS NOT A MARKETPLACE LINK, so DON'T CLICK IT.

I haven't seen it today, which is good; it may mean that account has already been banned. But I'm sure, like gold spammers in MMOs, another phishing attempt will pop up, another day. And the cycle of theft and deception goes on...