Beware People Attempting to Hack Your Account

Today, for the second time in a couple of weeks I got an email titled "Second Life: Password Assistance" It reads as follows:



If you get one of these in your email, DO NOT CLICK THE LINK! Doing so will allow whoever caused the email to be sent to you to change your password, and then wreak havok on your account.
Just delete the email. The link will expire in a couple of hours.

Whoever keeps doing this thinking I'm stupid enough to fall for it, grow up.

Thanks for posting about this, Chip. I think the Lindens had a MOTD a couple weeks back about it, too. It's important to mention this periodically if it's happening on a continuing basis.

Yeah, thanks Chip

Spoofing is scary, and easy to get caught on.

I always check for grammar bad.
It makes really good notice of they thinking of sender.

.

I don't think it's spoofing. I think people use the "I forgot my password" thing which causes an email to be sent out with the link to reset your password. If you click the link then whoever was trying to log in to your account has a chance to get there before you and change it. That's my theory anyway.

So is the e-mail traceable? Or is there any reliable way to track this person down? It seems to me that this behavior is more of a criminal violation than a simple TOS issue.

I'm not sure Aimee. It could be someone who's not even an SL member. If they are I suppose LL could compare the IP that initiated the password change request to the IP's of users. If they found a match they could ban that IP.

The email would be generated by LL. Only LL would have the ability to find the IP of those requesting the password generation.

Good points. I guess these kinds of perps are just generally difficult to pursue.

Just out of curiousity, how do they have the account email addresses to email people anyway?

If you look in the headers of the e-mail you can find the IP address where the e-mail originated. You can look up the IP address on WHOIS

http://www.networksolutions.com/en_US/whois/index.jhtml

Also you can get the IP address of whatever site you are redirected to (right click the link in your e-mail, copy location, and paste it into notepad) and look it up.

Forward this information to LL, they most likely have procedures on contacting ISPs regarding the behavior.

I can't remember, but did LL ask an additional security question when you created your account? If not, that would be the best thing to use as an added measure when someone wants their password reset.

Account security has to be a tricky thing for them to deal with considering everyone has your login name anyway. I would definitely rather go through the inconvenience of an extra step or two when accessing my account or requesting a password change than to have someone be able do this.

I don't think they do, Cris. The email is actually sent from LL.

If you try to sign into an account and don't know the password, you can request they send you the password.. but the email will be sent to whatever email you have linked to your SL account, not the email of the person trying to log into the account.

They don't. They use the SL client software to request a password change on your account. To do that all they need to know is your user name. That causes LL to send the email I quoted. It gets sent to you, not to them. If you click the link I assume the person who initiated the password change request then has a chance to beat you to changing your password. They'd have to keep trying in the hopes that you foolishly clicked the link. It's a total crap shoot and I'm not even sure it would work for them. I've never changed my password so I don't know what happens next after you click the link in the email. It's just rather annoying and unpleasant knowing there's someone trying to gain access to my account.

OMFG Th3Y H4xX0r3D D4 G1b50N!

Siggy.

(You have no idea how long it took to type that...)

Bored at work again Siggy?

Oh wait. I think I know how this works. They tell you to click on a link, and they have a code at the end of that URL you need to click (that only YOU have, not your hacker). I suspect what happens is, if you click on that link it will take you to a web page that asks you for a new password but ONLY if that code is in the URL you clicked. So basically the only person that can change your password is whoever sees that special link sent only to you.

Does this make sense or have I been hitting the wine early this weekend?

Yep, that makes sense. The code in the email verifies that the account owner is the one who requested the password change. What happens after that I don't know. Maybe a Linden can chime in with how it actually works and if getting one of these emails and clicking the link could actually give someone else the ability to change your password or not.

You get asked for your security question answer. There's no way they'd guess that.

I'm confused. If you forget your password they email you a link. You click on the link and it asks you your security question. If like me you have no idea what you put in you end up having to decrypt your browser's password cache to get your password back.

If this is phishing then wouldn't it go to a fake SL page?

I'm thinking it asks YOU (the one with the code) to change the password. If your hacker tries to log in before you change it, they have to guess your old password. If they try to log in after you change it, they have to guess your new password. And if they try to go to that web page without that code, the page will tell them to take a hike.

Linden chime would be good here but I am guessing this is all secure.

It doesn't appear to be phishing. According to the headers the email originated from web1.lindenlab.com

That's my guess too, but since is the second time in as many weeks I wouldn't mind some clarification Just to be sure. It makes me want to change my password, but now I'm nervous to do it because I won't know if the email I get is from my request or someone else's.

Good to know about the security question. I wonder what the hell I put? hehe

Whoops, sorry Chip, I was trying to change MY password but accidentally misspelled "Eggy Lippmann"

Happens all the time. I was writing an e-mail to chip earlier today, and I accidentally misspelled

as



And you know me...butterfingers Aimee. I misspelled Chip's e-mail address as [email]tips@fbi.gov[/email].

You know, I haven't checked my email in awhile, but I have noticed some weird things going on with my password. Wonder if there's actually some sort of bug? I had it clicked to save password, but for awhile it wouldn't. Then it started to. Then yesterday it had one in there but it was like 6 letters longer than mine...*wonders if she should check her email tonight*
*realizes it has over a 1000 msgs and pushes off the task to another day*

That reminds me... I think I'll have a fried egg sandwich for lunch today