PHISHING? NO, THANKS
So, what is "phishing"? It is just another way for scammers and other, say... "lazy people" to get your login data and, from that moment, take over your account and use it for their own benefit (usually, monetary, but also impersonating you... or even asking for it to be canceled after it!)
It consists in showing you a link to click (or creatively making it look like an official one - read more below,) very similar to the service you have an account in, usually offering discounts, bargains... and when you click them, they redirect you to a page that can even look the same as the login page (from Second Life, this time.)
So we feel safe, enter our login and password, and bam! We're busted. The scammer now has our login data, and they can very quickly log into the SL website, change our password, change the confirmation e-mail and, of course, log inworld, impersonate us, spend the money, use our credit card if we have associated payment info on file (or spend until the last of our L$ if we don't have this payment info...)
If we copy a link, paste it, and notice that the domain name does not finish in .secondlife.com, we can be sure that the website is trying to get our login data.
So, an example:
| http://secondlife.marketp.com/ | This for sure does NOT come from the official SL web: Don't trust it |
| http://id.secondlife.com/ | It finishes in .secondlife.com: It comes from the official SL web (note the DOT before secondlife.com! http://my_secondlife.com/ is NOT an official SL web!) |
There are other ways for scammers to hide the real Internet address so we click in a link and then input our loging data.
The following page: http://www.arb.ca.gov/html/spoof/spot.htm explains some tips to recognize these attempts of phising.
IMPORTANT - The official link to login into our account via the web is very similar to the following (being the most important how it *begins*):
https://id.secondlife.com/openid/login?return_to=https%3A%2F%2Fsecondlife.com%2Fauth%2Foid_return.php%3Fredirect%3Dhttps%253A%252F%252Fsecondlife.com%252Findex.php&language=en-US
Notice how the link begins:
https://id.secondlife.com/
Here we can read:
| https | We're login through the Secure HTTP protocol |
| id.secondlife.com | The domain name finishes in .secondlife.com (again, note the DOT before secondlife.com) |
Read here about a recent case: http://shoppingcartdisco.com/gossip/phishing-scams-popping-up-in-second-life-are-you-next/
This can happen to any of us. It only takes a moment of tiredness to put our login data in the wrong place.
Please, share this notecard: protect yourself by being informed, and protect others by helping them in being informed.
Information is always our best defense against scams.
Take care all,
-- Auryn Beorn
A good rule of thumb with websites...whether they're for SL or for your personal bank or bills... NEVER just follow a convenient link. Always use your own fingers to type that link in or from your saved bookmarks. It's not very hard for someone to make the text of a link look legitimate, yet the actual link goes someplace else. Phishing has been around for a long time. It's one of the hazards we have to live with both in SL and RL. Be careful. =^.^=
ReplyDeleteI prefer to type the URLs in fact. They're not that complicated to remember. If it's for the e-mail, then sure "gmail" has to be something like "www.gmail.com". If SL, then sure I have to type "www.secondlife.com" and then click in "log in". But it takes just a moment of tiredness to fall in one, that's why we have to be alert always.
DeleteBtw... It's also a good idea to use different passwords for different services. It wouldn't be the first time that, by knowing your password for a service, a thief tries that same password in other services you may have an account in.