Gone phishing

Secondlife sems to be under seige. Not from the denizens of Linden Lab, but from a far more serious and insidious direction.

Scams have been a part of online life for over a decade now, and most seasoned users of the internet are savvy about their forms. Just recently the attack upon Secondlife residents and to some degree the fabric of Secondlife has been taken to a new level.

Several recent phishing (attempted identity or IP theft) scams seem to have been unusually successful, judging by the type of account seen spamming in-world with bogus website urls. Previously the accounts were often relatively new, “single-use” accounts, but recently accounts of several years’ standing have been doing the spamming and it appears that these accounts (or at least some of them) have been “Hijacked” by identity theft.

The recent major outage to Secondlife was attributed in some accounts to a significant trojan attack upon the OS of Secondlife, but I have no definitive evidence of that and so it may well be just rumour and surmise.

There can be no doubt that the number and variety of scams and phishing attempts in Secondlife have recently vastly increased, but to me those are not the most worrying. Most sensible folk know better than to click on unfamiliar links or even ones resembling known “safe” links. The recent trend in sending out objects purporting to be “updates” of items is causing a lot of comment. These “objects”, if accepted appear capable of overcoming the original account-owner’s control and at the least causing loss of Linden Dollars and far more worryingly allowing access to premium members’ RL credit-cards and Paypal accounts.

It is these Hijacked accounts that are subsequently used in further phishing attempts. I have seen evidence of these bogus updates and gifts (even notecards) recently and have rejected one or two myself. The bottom line must be that if ANY offer of inventory is from an account that you do not recognise REJECT it at once. Having one’s account set to “automatically accept” inventory offers is really extremely foolhardy at the moment.

I have no doubt that Linden Lab will take any action that they can to foil any such attempts, but it now behoves us all to Abuse Report (AR) any account offering unsolicited gifts if one has ANY doubt as to their BonaFide. If it is a genuine error, it can be easily resolved but it can be very difficult, if not impossible to reacquire a stolen account.

It is also worth pointing out that such situations can also result in RL credit issues.

~ by Ayesha Askham-Ezvalt on May 22, 2012.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: