Second Life Forums Archive - WARNING! New PWD Hacking Scam

Cow Hand

Registered User

Join date: 20 Feb 2006

Posts: 292

08-09-2006 12:30

This is urgently needed to be posted! I just received word of a new scam whereby users attempt to have well-known merchant's SL login password reset so that they can log in as the person to loot and pillage.

If you receive a message in your email account that your password is attempting to be reset, take immediate heed!

This types of action cannot be tolerated!

Ingrid Ingersoll

Archived

Join date: 10 Aug 2004

Posts: 4,601

08-09-2006 12:38

From: Cow Hand

users attempt to have well-known merchant's SL login password reset

eh?

_____________________

http://www.ingrid.0catch.com/1.html

Cow Hand

Registered User

Join date: 20 Feb 2006

Posts: 292

08-09-2006 12:54

From: Ingrid Ingersoll

eh?

What I mean is that I've heard today from quite a few people (mostly content creators though) that they received notifications in their emails that their passwords were requested to be reset and to click a link to confirm.

If you get an unrequested password change link in your e-mail be very wary! Somebody is trying to get access to your account.

Brucas Bardeen

Registered User

Join date: 21 Jun 2006

Posts: 20

08-09-2006 13:01

This scam is just like every thing else that handles real currency like paypal, online banks, etc.

_____________________

<a href="http://jumpgate.cabspace.com">Space man on the run.</a>

Jon Rolland

Registered User

Join date: 3 Oct 2005

Posts: 705

08-09-2006 13:05

I'm still amazed SL uses our public names as our login name instead of having a seperate private login ID.

Sean Martin

Yesnomaybe.

Join date: 13 Sep 2005

Posts: 584

08-09-2006 13:37

I don't see how this idea could would work, other than damage control, because someone who hacks into your account would first off send all the money to one of their own accounts.

But to get what you can out of your main account after it's been hacked into.
You could probably setup a scripted "money box" somewhere in-world. Transparent and hidden etc.
When it's rezzed it would ask your main avitar for permission to take money.
Then have the box hard coded to only accept clicks or listen for a message from one of your alts.
Then if ever your main is hacked you can take any leftover cash from your main and transfer it to your alt.

Really the only way I could see that being of any use is if they try selling your land. I would assume they would do so for the cash.
So you could buy the land with your alt, click your money box, and get all the money back right after you buy the land.

I dunno.
Crazy world isn't it.

_____________________

Eata Kitty

Registered User

Join date: 21 Jan 2005

Posts: 387

08-09-2006 13:43

From: Jon Rolland

I'm still amazed SL uses our public names as our login name instead of having a seperate private login ID.

Easier to base it off email and usually they also require you to answer a secret question before it goes through.

Cow Hand

Registered User

Join date: 20 Feb 2006

Posts: 292

08-09-2006 14:40

From: Sean Martin

I don't see how this idea could would work, other than damage control, because someone who hacks into your account would first off send all the money to one of their own accounts.

But to get what you can out of your main account after it's been hacked into.
You could probably setup a scripted "money box" somewhere in-world. Transparent and hidden etc.
When it's rezzed it would ask your main avitar for permission to take money.
Then have the box hard coded to only accept clicks or listen for a message from one of your alts.
Then if ever your main is hacked you can take any leftover cash from your main and transfer it to your alt.

Really the only way I could see that being of any use is if they try selling your land. I would assume they would do so for the cash.
So you could buy the land with your alt, click your money box, and get all the money back right after you buy the land.

I dunno.
Crazy world isn't it.

No, they could also delete your store. Which would suck worse than any amount of money being stolen.

Chronic Skronski

SL Live Musician

Join date: 23 Jun 2006

Posts: 997

08-09-2006 14:46

From: Cow Hand

This is urgently needed to be posted! I just received word of a new scam whereby users attempt to have well-known merchant's SL login password reset so that they can log in as the person to loot and pillage.

I don't think there is need for much panic. I imagine the well-known merchants are internet-savvy enough that they would recognise it immediately as a phishing scam. I would be totally stunned if any of them fell for it.

_____________________

A man without religion is like a fish without a bicycle.

Jon Rolland

Registered User

Join date: 3 Oct 2005

Posts: 705

08-09-2006 14:46

From: Eata Kitty

Easier to base it off email and usually they also require you to answer a secret question before it goes through.

I'm not talking about how to reset passwords. I mean...

SL:

Login: Jon Rolland
PassWord: **********
Avi Name: Jon Rolland

More Secure Method:

Login: XXXXXXXXXX
PassWord: **********
Avi Name: Jon Rolland

As SL stands if someone sees me they know the account name they need to try hacking is Jon Rolland. If my account name is different than my Avi name then a would be hacker has to both guess my account name AND my password AND get them both right at the same time.

nimrod Yaffle

Cavemen are people too...

Join date: 15 Nov 2004

Posts: 3,146

08-09-2006 14:52

I get password resets once every month or so, yet I don't do them. I wish there was a way to know who was doing them. (I.E. Linking the IP from the reset page, to an SL account)

_____________________

"People can cry much easier than they can change."
-James Baldwin

Sator Canetti

Frustrated Catgirl

Join date: 20 Sep 2005

Posts: 130

08-09-2006 15:42

To those confused:

There would be 2 ways of doing this. One is calling SL and trying to get them to do it, and they'd send the email... which you could ignore...

Or, they get your uuid, which is easy to find at a shop, just get the info for an item. Send an email to the UUID email, cloaking/spoofing the email to be from Linden Labs.

What I would do is submit these emails, with headers, to Linden Labs, to see if they can begin to pinpoint users, based upon IP's used.

_____________________

"Have gone to commit suicide. Intend to return from grave Friday. Feed cat." -- A memo by Spider Jerusalem in Transmetropolitan

"Some people are like Slinkies; not really good for anything, but they still bring a smile to your face when you push them down a flight of stairs."

If you're reading this signature, I've probably just disagreed with you. Welcome to the club

Sean Martin

Yesnomaybe.

Join date: 13 Sep 2005

Posts: 584

08-10-2006 00:08

From: Cow Hand

No, they could also delete your store. Which would suck worse than any amount of money being stolen.

Lol I was just playing around with the idea.

But I could save all my stores to my alt.
And keep the the linked money box on my alts land.
I know, two or more premium accounts sounds stupid. But yearly premiums pay for themselves if you made them before our allowance was cut off. Oh and as long as the L$/USD stays above L$340 something I think it was.
Hmm unless, of course, they hack the alts at the same time.

Anyway, yeah it would still suck.

_____________________

mcgeeb Gupte

Jolie Femme @}-,-'-,---

Join date: 17 Sep 2005

Posts: 1,152

08-10-2006 00:13

Doesn't surprise me. I'm guilty of not changing my password monthly. I get emails trying to scam me out of my paypal account every day it seems. This is nothin new. That would be very bad news if someone's account got stolen

It would be one very bad day if my LL account was hacked into. If I lost the store and all the items in my inventory, OMG!! That would be worse than losing a few hundred dollars at least!! All the time and effort spent gone!!

Axel Truss

ssurT lexA

Join date: 2 Feb 2006

Posts: 251

08-10-2006 02:35

From: Chronic Skronski

I don't think there is need for much panic. I imagine the well-known merchants are internet-savvy enough that they would recognise it immediately as a phishing scam. I would be totally stunned if any of them fell for it.

**clicks on link in email**

huh?

what scam?

_____________________

MANIC CASINO!

WARNING! New PWD Hacking Scam
Cow Hand Registered User Join date: 20 Feb 2006 Posts: 292	08-09-2006 12:30 This is urgently needed to be posted! I just received word of a new scam whereby users attempt to have well-known merchant's SL login password reset so that they can log in as the person to loot and pillage. If you receive a message in your email account that your password is attempting to be reset, take immediate heed! This types of action cannot be tolerated!
Ingrid Ingersoll Archived Join date: 10 Aug 2004 Posts: 4,601	08-09-2006 12:38 From: Cow Hand users attempt to have well-known merchant's SL login password reset eh? _____________________ http://www.ingrid.0catch.com/1.html
Cow Hand Registered User Join date: 20 Feb 2006 Posts: 292	08-09-2006 12:54 From: Ingrid Ingersoll eh? What I mean is that I've heard today from quite a few people (mostly content creators though) that they received notifications in their emails that their passwords were requested to be reset and to click a link to confirm. If you get an unrequested password change link in your e-mail be very wary! Somebody is trying to get access to your account.
Brucas Bardeen Registered User Join date: 21 Jun 2006 Posts: 20	08-09-2006 13:01 This scam is just like every thing else that handles real currency like paypal, online banks, etc. _____________________ <a href="http://jumpgate.cabspace.com">Space man on the run.</a>
Jon Rolland Registered User Join date: 3 Oct 2005 Posts: 705	08-09-2006 13:05 I'm still amazed SL uses our public names as our login name instead of having a seperate private login ID.
Sean Martin Yesnomaybe. Join date: 13 Sep 2005 Posts: 584	08-09-2006 13:37 I don't see how this idea could would work, other than damage control, because someone who hacks into your account would first off send all the money to one of their own accounts. But to get what you can out of your main account after it's been hacked into. You could probably setup a scripted "money box" somewhere in-world. Transparent and hidden etc. When it's rezzed it would ask your main avitar for permission to take money. Then have the box hard coded to only accept clicks or listen for a message from one of your alts. Then if ever your main is hacked you can take any leftover cash from your main and transfer it to your alt. Really the only way I could see that being of any use is if they try selling your land. I would assume they would do so for the cash. So you could buy the land with your alt, click your money box, and get all the money back right after you buy the land. I dunno. Crazy world isn't it. _____________________
Eata Kitty Registered User Join date: 21 Jan 2005 Posts: 387	08-09-2006 13:43 From: Jon Rolland I'm still amazed SL uses our public names as our login name instead of having a seperate private login ID. Easier to base it off email and usually they also require you to answer a secret question before it goes through.
Cow Hand Registered User Join date: 20 Feb 2006 Posts: 292	08-09-2006 14:40 From: Sean Martin I don't see how this idea could would work, other than damage control, because someone who hacks into your account would first off send all the money to one of their own accounts. But to get what you can out of your main account after it's been hacked into. You could probably setup a scripted "money box" somewhere in-world. Transparent and hidden etc. When it's rezzed it would ask your main avitar for permission to take money. Then have the box hard coded to only accept clicks or listen for a message from one of your alts. Then if ever your main is hacked you can take any leftover cash from your main and transfer it to your alt. Really the only way I could see that being of any use is if they try selling your land. I would assume they would do so for the cash. So you could buy the land with your alt, click your money box, and get all the money back right after you buy the land. I dunno. Crazy world isn't it. No, they could also delete your store. Which would suck worse than any amount of money being stolen.
Chronic Skronski SL Live Musician Join date: 23 Jun 2006 Posts: 997	08-09-2006 14:46 From: Cow Hand This is urgently needed to be posted! I just received word of a new scam whereby users attempt to have well-known merchant's SL login password reset so that they can log in as the person to loot and pillage. I don't think there is need for much panic. I imagine the well-known merchants are internet-savvy enough that they would recognise it immediately as a phishing scam. I would be totally stunned if any of them fell for it. _____________________ A man without religion is like a fish without a bicycle.
Jon Rolland Registered User Join date: 3 Oct 2005 Posts: 705	08-09-2006 14:46 From: Eata Kitty Easier to base it off email and usually they also require you to answer a secret question before it goes through. I'm not talking about how to reset passwords. I mean... SL: Login: Jon Rolland PassWord: ******** Avi Name: Jon Rolland More Secure Method: Login: XXXXXXXXXX PassWord: ******** Avi Name: Jon Rolland As SL stands if someone sees me they know the account name they need to try hacking is Jon Rolland. If my account name is different than my Avi name then a would be hacker has to both guess my account name AND my password AND get them both right at the same time.
nimrod Yaffle Cavemen are people too... Join date: 15 Nov 2004 Posts: 3,146	08-09-2006 14:52 I get password resets once every month or so, yet I don't do them. I wish there was a way to know who was doing them. (I.E. Linking the IP from the reset page, to an SL account) _____________________ "People can cry much easier than they can change." -James Baldwin
Sator Canetti Frustrated Catgirl Join date: 20 Sep 2005 Posts: 130	08-09-2006 15:42 To those confused: There would be 2 ways of doing this. One is calling SL and trying to get them to do it, and they'd send the email... which you could ignore... Or, they get your uuid, which is easy to find at a shop, just get the info for an item. Send an email to the UUID email, cloaking/spoofing the email to be from Linden Labs. What I would do is submit these emails, with headers, to Linden Labs, to see if they can begin to pinpoint users, based upon IP's used. _____________________ "Have gone to commit suicide. Intend to return from grave Friday. Feed cat." -- A memo by Spider Jerusalem in Transmetropolitan "Some people are like Slinkies; not really good for anything, but they still bring a smile to your face when you push them down a flight of stairs." If you're reading this signature, I've probably just disagreed with you. Welcome to the club
Sean Martin Yesnomaybe. Join date: 13 Sep 2005 Posts: 584	08-10-2006 00:08 From: Cow Hand No, they could also delete your store. Which would suck worse than any amount of money being stolen. Lol I was just playing around with the idea. But I could save all my stores to my alt. And keep the the linked money box on my alts land. I know, two or more premium accounts sounds stupid. But yearly premiums pay for themselves if you made them before our allowance was cut off. Oh and as long as the L$/USD stays above L$340 something I think it was. Hmm unless, of course, they hack the alts at the same time. Anyway, yeah it would still suck. _____________________
mcgeeb Gupte Jolie Femme @}-,-'-,--- Join date: 17 Sep 2005 Posts: 1,152	08-10-2006 00:13 Doesn't surprise me. I'm guilty of not changing my password monthly. I get emails trying to scam me out of my paypal account every day it seems. This is nothin new. That would be very bad news if someone's account got stolen It would be one very bad day if my LL account was hacked into. If I lost the store and all the items in my inventory, OMG!! That would be worse than losing a few hundred dollars at least!! All the time and effort spent gone!!
Axel Truss ssurT lexA Join date: 2 Feb 2006 Posts: 251	08-10-2006 02:35 From: Chronic Skronski I don't think there is need for much panic. I imagine the well-known merchants are internet-savvy enough that they would recognise it immediately as a phishing scam. I would be totally stunned if any of them fell for it. clicks on link in email huh? what scam? _____________________ MANIC CASINO!

Welcome to the Second Life Forums Archive

WARNING! New PWD Hacking Scam