Theft in SL - Remedies?

I am a recent victim of theft in SL. L$3200 was taken from my account by two persons while I was on vacation in RL (and hence not logging in). One took L$2600 (paid to her own business), and the other took L$600. The thefts and the month's transaction history have been reported to Linden Labs, and the automated ticket response indicates that the matter has been reported to the relevant department.

The system response was to disable my account -- and when I inquired about that, I was told it appeared there was a phising problem associated with my account (but that nothing else appeared to have gone wrong!).

I am wondering whether anyone else has had a similar experience, and if so, how it was resolved? I can only earn L$ in world, due to international credit card payment problems. So although the thefts were relatively small in RL terms, for me, the amounts involved are significant in SL.

Any thoughts or suggestions would be appreciated. For example, does anyone think it would be appropriate to confront the thieves? Post names, dates, and payment details here or elsewhere? Any other ideas?

If it was a Phishing problem it means you gave your name and password to someone, change your password to a complex password Upper case letters. lower case letters, numbers and symbols all in one password at least 8 Characters long.

Then, never give your password to anyone for any reason... Not to a website that will give you Lindens or a device that as your rez it asks your password, these are all phishing schemes meant to steal your password.

Then do write a abuse report on anyone or anything that asks for your password as it is a violation of the TOS.

Disclaimer: A lot of Ad Farmers believe I am a forum Troll because I pick on them, if your an Ad-Farmer who has taken up Phishing to make up for your lost Lindens because your normal extortion scheme has stopped paying off... I hope this makes your suffer even more.

Don't Post names here. It is against Forum rules. How did they get this money from your account?

Many thanks for the responses, and the good advice.

I did not give my name or password to anyone or through any website. I have also changed my password, and will do so periodically.

My experience is against this background even more troublesome, and I hope that it is an is an isolated one. If this is pervasive, the credibility of SL will suffer -- and that would be a shame.

All additional thoughts would be welcome, of course!

Do you have "Remember Password" set? Ever log in from an internet cafe or something like that? Is there somebody else that has physical access to the PC you usually use? How about somebody having access to your LAN?

How did this happen?

Did you perchance rez any objects and give them 'debit' permissions?

Just curious what happened to you, so maybe others can avoid it.

Thieves will always remain one step ahead of you, me and the grid. It's an unfortunate truth. Realize your password isnt just fo the SL client but several web sites as well. Make sure all your antivirus and anti-spyware is up-to-date. Change your password often, and make it a password that can't be easily guessed.

Confronting these types is almost like giving them candy. Let it go and be thankful it was a low amount. Which leads to another smart method...dont leave a lot of L's in your online wallet. They *will* be broken into again and again on the grid, its almost a predictable nature of scripting.

It couldn;t just be that Lindens code is designed by twits or that their database was compromised, opr that their secuirty is virtually non-existent. It has to be YOUR fault.

Seriously, Rebecca, why are you still in SL? Everyone and everything is SO horrible, so why are you wasting your time with it?

In 99.99999% of cases it has been actions taken by the resident that compromised the data. Can you give me the name of one person who has been harmed by having their information given out by LL, along with evidence backing it up?


Waiting.................
Waiting...............

No, I don't want to hear about WoW and Blizzard.

Bleh.

Misery loves company.

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. blink182
10. (your first name)


This is a list (of many that are all very similar) of the 10 most commonly-used passwords. Hardly Linden Labs' fault.

Is she at it again?

"monkey"!?

Oh please tell me that it's not true...




When it comes to the grid, make sure your *email* password is a strong one also. Yep, the password reset function could get ya.


Another one - do *not* use "your pet's name" as your security question.

Honestly, if someone asked what your dog's name was, what would you say?

a) the dog's name is Astro (or whatever)

b) You are not allowed to know my dog's name. I use my dog's name as the final defence between my credit card and access to the Second Life Land Store, wherein my credit card could be maxed out in region purchases within minutes, my $L balance drained and my USD credit paypal-ed to Paraguay. As such, my dog's name is classified.

Aha! Desmond's dog's name is Classified!

Does he call 'em "Classy" for short?

This is one good reason not to keep a lot of Lindens sitting in your account at any one time.

The practical answer to your question is that there's probably nothing you can do about the loss of money after it is lost.

Linden Lab does have a phone number that you can call for fraud problems, and this potentially falls within fraud. So if you haven't reported potential fraud to Linden Lab yet, do so. It probably won't lead to you getting your money back. But then again, maybe you'll be one of the lucky few who can be helped. So you lose nothing by reporting it.

It's easy for people to tell you after-the-fact what you could have done to protect yourself. Of course, take your advice in the future to protect yourself.

But even a smart, cautious person can't anticipate every problem, and may get caught off-guard. The number-one best way to protect yourself is to not to expose a lot of your money in a place that will not guarantee the safety of your money.

Linden Lab expressly does not guarantee the safety of your money. Don't leave a lot lying around with them in your account.

At least you didn't have more than L$ 3200 lying around. That converts to something like $12.00 USD. So you didn't have a lot risked. Keep that in mind when deciding for the future how many Linden Dollars you want to keep on hand. It's always a proposition filled with risk.

Edit: You did say that you have a support ticket on the issue. I would probably recommend calling the fraud line as well, and talking about it with a live person (assuming that the fraud line links to a live person). I distrust Linden Lab's automated support. Live people tend to be more reliable, I think.

The compromise was about the website and manufacturing L$ from scratch.

The fear was that they did go for personal information initially, but after the review it was shown that they didn't and the scope of the entire thing was rather limited.

Not that that will keep you from spreading disinformation .

Dammit!
/me runs and changes password *giggles*

And what's yoouuur dog's name?

laughs

Just imagine the damage that could be done with a 'talk about your pet' thread...

On a more serious note here are my does (actually just one do) and don'ts regarding password security:

1. Never use your name as part of your password.
2. Never use sequential numbers as part of your password
3. Never use your birthdate as part of your password
4. Never use your social security or national id number as part of your password (hard to believe people actually do this but they do)
5. Always use all the types of characters available for use in your password, e.g., letter. numbers and, as it is becoming increasingly available for secured access, symbols (e.g. ! @ $ etc.)
6. Don't use the same password for all of your accounts
7. Don't provide the same email account for all of your accounts

most popular dog's name:

"Bailey"


(guilty)

Wait, opensesame isn't on that list?

c) Give a fake name for your dog. "My dog's name is Farina Ulysses Colossia Kintara Orly Fanny Foo!" (but you can call her....)

Some people are oblivious to the use of social engineering to phish information. You should be wary of seemingly harmless chit chat with people you are not familiar with whenever it leads to revealing information that is often used as answers to identity verification questions such as:

1. Mother's maiden name
2. Highschool
3. College
4. Place of birth
5. Name of your favorite pet

I've heard that there have been multiple incidents where the
customer database (names, passwords, etc.) was broken into;
don't know if that's true. But the most publicized one was in
the fall of 2006, shortly before your SL account was created:

http://www.techcrunch.com/2006/09/08/metaverse-breached-second-life-customer-database-hacked/

http://news.bbc.co.uk/2/hi/technology/5333996.stm

I don't understand your demand for the names of the victims
of the crimes resulting directly from that breach (and from
other LL problems), but if you are interested, I am sure you
can find them by doing your own reseach.

There have also been in-world problems and other LL bugs
that have doubtless caused some people to be harmed.

I imagine that LL takes those various problems fairly seriously.

Like you, I think that 99% of the time, it's the customers
themselves who expose their passwords (by giving them out,
storing them on public computers, or by typing them into
phishing sites - which is probably the big one lately).