PHISHING? NO, THANKS

Auryn Beorn's Profile Pic

Auryn Beorn has made a note card that is making it around Second Life. I received a copy of it from a friend in D’ni Refugees (a Myst related group). It is great advice and information about avoiding being scammed.

Auryn’s profile has info abour being into; The Basic to Advanced Scripting, SculptCrafter, MLP, Animation, Tips&Tricks instructor at Builders Brewery. And she is the owner of “Black Tulip” (scripted tools, books, scripts).

Yep, another one of us creative types in Second Life. 🙂 After the fold is the copy of her note card with some tweaks to fit the formatting of my blog. 

So, what is “phishing”? It is just another way for scammers and other, say… “lazy people” to get your login data and, from that moment, take over your account and use it for their own benefit (usually, monetary, but also impersonating you… or even asking for it to be canceled after it!)

It consists in showing you a link to click (or creatively making it look like an official one – read more below,) very similar to the service you have an account in, usually offering discounts, bargains… and when you click them, they redirect you to a page that can even look the same as the login page (from Second Life, this time.)

So we feel safe, enter our login and password, and bam! We’re busted. The scammer now has our login data, and they can very quickly log into the SL website, change our password, change the confirmation e-mail and, of course, log inworld, impersonate us, spend the money, use our credit card if we have associated payment info on file (or spend until the last of our L$ if we don’t have this payment info…)

If we copy a link, paste it, and notice that the domain name does not finish in secondlife.com, we can be sure that the website is trying to get our login data.

So, an example:

http://secondlife.marketp.com/   -> This for sure does NOT come from the official SL web: Don't trust it

http://id.secondlife.com/        -> It finishes in .secondlife.com: It comes from the official SL web

NOTE THE DOT BEFORE secondlife.com !

http://my_secondlife.com/ is NOT an official SL web

There are other ways for scammers to hide the real Internet address so we click in a link and then input our login data.

The following page: http://www.arb.ca.gov/html/spoof/spot.htm explains some tips to recognize these attempts of phishing.

IMPORTANT – The official link to login into our account via the web is very similar to the following (being the most important how it *begins*) :

https://id.secondlife.com/openid/login?return_to=https%3A%2F%2Fsecondlife.com%2Fauth%2Foid_return.php%3Fredirect%3Dhttps%253A%252F%252Fsecondlife.com%252Findex.php&language=en-US

Notice how the link begins:

https://id.secondlife.com/

Here we can read:

https                   We're logging in through the Secure HTTP Protocol
id.secondlife.com       The domain name finishes in .secondlife.com (again, NOTE the DOT)

Read here about a recent case: Phishing Scams Popping Up In Second Life Are You Next

This can happen to any of us. It only takes a moment of tiredness to put our login data in the wrong place.

Please, share this notecard: protect yourself by being informed, and protect others by helping them in being informed.

Information is always our best defense against scams.

Take care all,

— Auryn Beorn

PS: Published also here: Phishing? No Thanks

Summary

This is important information to know. Understanding how to read URL’s is a basic skill for survival on the Internet.

I will say what the note card says a little differently. One finds the REAL domain by looking left to right for the last dot before a ‘/’.

Auryn’s “NOTE THE DOT BEFORE secondlife.com !” is VERY important. The example used is an excellent example of a scammer attempting to fool you. One must keep their brain on, skepticism healthy, and treat trust as a fattening delicacy reserved for special occasions…

The Internet is one of the greatest tools of freedom human kind has ever had. It is being attacked and those freedoms stripped from us under the guise of protecting us from scammers. Be smart enough to realize you are responsible for your safety and trust no one, especially a politician, to ‘protect’ you.

Leave a Reply

Your email address will not be published.