Second Life: Scam at Play

Every so often someone figures out a new way to scam those in Second LifeTM. Seems a new scam has popped up.

After The End

After The End

Links are placed into comments in group chat. Most of us just paste a URL (http://www.someplace…) in and keep going. BUT… SL chat has the ability to make text links (link), text hiding the URL. Seems those are being used to mislead people to a hacking site. The bait is some promise of free or cheap goodies in the marketplace. 

I suspect you land on the hacker’s site where a copy of the SL Marketplace login page resides. If one does not check the URL and just logs in… the hacker has your ID and password and you lose control of your account. Ouch.

This is a basic technique used in many places. Any time you are given an unsolicited URL, and even those you ask for from friends, using those URL’s is a risk.

Reading a URL

Basic marketplace URL

https:/ /marketplace.secondlife.com/p/Indyra-Espirit-Fatpack/6795819

The red part is the key to knowing where you are. The dot COM forward slash is the root of the location. Going left is information for selecting a server. COM says a commercial site, SECONDLIFE says the Lab’s name server, and MARKETPLACE is the name of the server handling the marketplace.

Note: I kinda like Indyra’s stuff. But I picked it ONLY because it was on the first page of the marketplace when I went looking for an example and was pretty.

There is an important part of the URL. the HTTPS. The ‘S’ tells the browser to form a secure connection. if you use https://blog.nalates.net Chrome warns you I do not provide a secure connection. Most of you don’t log into my site and we have no financial dealings. I’m not going to pay for a certificate.

No Secure Connection

No Secure Connection

So, try putting an ‘S’ in the URL to my site. You’ll see your browsers version of the above.

I have this site secured as best I can against hackers. I’m pretty sure it isn’t going to give you a virus or Trojan. Not because my security is all that great. But, because it is good enough to stand up to all but the elites and I think there is nothing of interest for them here.

Easier

There is an easier way to check if you are on the server owned by the people they say they are. Look at the image and notice the green part.

Google Chrome

Google Chrome

In Google Chrome there is an indicator at the left end of the URL in green that says the site is owned by Linden Lab. How does Chrome know?

The problem of Internet identity was so big a certification system was designed so business could proceed. There has to be security and trust for the free market to work. So, Linden Lab buys an Internet security ID, a certificate, from a reputable third party and PROVES to that party they are who they say they are. The certificate tells you and your browser the site purporting to be the Lab is in fact the Lab.

Those third parties are running what is known as Certificate Authority (CA) businesses. In that business reputation is everything. So, if you are the Lab you buy from a well know highly reputable authority.

But, what keeps a hacker from starting his own CA site and faking certs? Nothing, but… The browser makers build in a list of CA’s they trust. In Chrome open your settings and look in: Advanced->HTTPS/SSL->Manage Certificates. You’ll see the list of trusted CA’s. A hacker wanting to issue fake certs has to also hack into that list and that very unlikely to happen.

Firefox

Firefox

Firefox is pretty much using the same display of certs as Chrome.

Internet Explorer

Internet Explorer

Microsoft has to be different. They turn the whole URL green and put a note at the right end of the URL.

Also notice the root server/domain name is highlighted by all three. the URL part secondlife.com is in bold text.

But…

What if none of that stuff is there? Then you aren’t on a secure connection. There is no ‘S’ in the HTTP part. Just click in the URL and add it. If the site is secure, you’ll see it otherwise you will be warned, like the image earlier.

The Habit

I work at training my self to look at the URL every time before typing in a password. The browser makers have made it as easy as possible to read and verify you are on the site you want to be.

So, when asked for a password, look at the URL and decide if you are on the correct site.

Life is complex, but it still beats whatever is in second place…

One thought on “Second Life: Scam at Play

  1. Timely post that all newcomers should read.

    Just one other thing – it’s not always chat links that can cause drama; oddly enough, even the latest SL viewer comes with a phishing link firmly attached to it that my internet security always had conniptions over….but since flushing the SL Viewer completely and using only Firestorm’s Viewer, it’s happy once more.

    Funny about that, isn’t it?

    I do think LL could do more for the residents it’s been fleecing for over a decade, like offering a simple $5 authenticator the way certain MMORPG’s do, but then again, LL would probably want to charge 5 times the price for it and make it as ineffective as possible, so there goes that idea down the drain!

Leave a Reply

Your email address will not be published. Required fields are marked *