a New phishing scam to get your CC info?????

Is this for real or just another Phishing scam. this was sent to me, Please everyone be careful, Whenever you get an email like this NEVER click on THE LINKS IN THE EMAIL. People will rob your butt if u arent careful


An upgrade of our billing system recently revealed minor discrepancies
in your billing information. To get everyone back on track we are
asking that you update your payment method via the website as soon as
possible. If you have a balance due it will be billed to your account
within 24 hours of your update. If you do not update your information
and you have a balance due when we bill, your account will go
delinquent. As always with delinquencies, you will then have 7 days to
pay your balance. After 7 days the account will go on hold and you
will not be able to login without clearing your balance. After 30 days
your account will go defunct and you will lose any inventory, land and
L$ associated with the account.
To upgrade your payment information:

1) Go to secondlife dot com
2) Login to your account
3) Click upgrade payment method
4) Upgrade with either credit card or Paypal, your choice
5) Follow instructions
6) You’re done!

If you have any questions regarding your account status, or have
difficulty making changes to your account, please contact billing
through the support portal:
http://cts.vresp.com/c/?LindenLab/064233cb86/6de50ac2c5/d9bf9fa50c


Thank you!
Linden Lab


______________________________________________________________________
If you no longer wish to receive these emails, please reply to this
message with "Unsubscribe" in the subject line or simply click on the
following link:
http://cts.vresp.com/u?064233cb86/6de50ac2c5/efeb446

______________________________________________________________________
This message was sent by Linden Lab

LindenLab
1100 Sansome Street
San Francisco, California 94111

/327/9d/193818/1.html

Already answered..

Mandy C

So they took the Linden Lab email and added their own links to it? Sneaky . . .

Has an "Offical" comment on this been made yet. or wil it be allowed to brew and fester before it reaches the Blog?

Fester, since they already said that the Vresp is an 'official' representative a looong time ago. And the login 'blurb' says to expect an email from them if they find a discrepancy.

While it's a good idea to never click the links in an email, that email is not a phishing. It's a very valid email coming from the group that handles Linden Lab's mass emailing system. Yeah, they outsourced that

It probably isn't a scam as digested over at /327/9d/193818/1.html

Unfortunately, it sure looks like one. As the OP mentioned DON'T click on the links embedded in the mail, just follow the six steps listed and at least you are reasonably sure you are dealing with LL.

This and other LL/vresp e-mails that have preceded it deserve a corolllary to Hanlon's Razor: "Never attribute to malice that which can be adequately explained by stupidity, ignorance, and inept customer service".

Thanks. I do recall seeing that on login last night. I haven't checked my email in a few days. I'll see if I got one as well.

Submitted a Support Ticket on this with refernce to this thread and requesting LL to investigate and post on the blog to alieviate either needless panic, or to avoid a wide spread phishing scheme.

~Jessy

Wow, this is the best boil down of Linden Labs in a long time!

And Jessica, thank you! I just wish they'd go ahead and blog things like this, even if I haven't gotten the email yet, I'd probably check to see if the information is correct, just in case. So far, I haven't gotten it.. But then, they haven't had to use it recently either.

As noted by others above, the real issue is not the purported sender of the email. Nor is it the nature of the embedded links in the email.

The Red Flag to be raised is that is is *REALLY BAD PRACTICE* to email a link to anything that involves submitting sensitive information.

It is trivial to forge secondlife.com (or any other domain) as sender of an email.
It is trivial to offer a link that reads as secondlife.com but in fact links to somewhere else.
It is trivial so serve up a site that is an exact replica of the secondlife site.

If LL want people to log in and do something, they should request that in plain text only.
Email-embedded links leading to password submission are really dangerous. Certifiably insane!

The action required from LL is to cease embedding links in email to account holders, no matter who is sending them.

And as others have pointed out, there is NO link in the email pointing to any page involving submitting sensitive information. The single link inside that email just lands at the secondlife.com support page, and is provided for reference if you need help changing your account settings. Otherwise, they have effectively done EXACTLY as you have suggested. To actually change your account payment details, you must MANUALLY point your browser to the secondlife.com website, log in, and make your changes. NO LINK is provided in the email for this purpose. NONE.

"Ok, so they want me to go to the secondlife site and.... oh... there's a link in the email already... goodie! *click*"

If you think that doesn't happen then you're unusually naive, Zaphod . I personally think it's great that so many people are suspicious and cautious.



As far as the company is concerned (http://blog.secondlife.com/2007/03/10/email-from-linden-lab/):

Doesnt LL bill you in advance? Whats all the big concern over having payment info current? Is it just a service to help residents?

Would seem to me if you get billed (in advance) and they cant bill you becuase of out of date billing information, you can then remedy it.

Otherwise - since verification is going another way then "payment info on file" and thus payment information no longer links to identity - I guess I dont see the problem with being out of date as long as your bill is paid.


(I think Ive always been paid in advance, If for some reason you dont have to pay in advance, thats stupid and it should be changed to that.)

There is a jira issue on this open: https://jira.secondlife.com/browse/MISC-347

I think LL need to review their policy as regards using third parties for this sort of purpose.

An e-mail from a company concerning account/billing information which is from an e-mail address other than the companies domain, and which includes a link which isn't in that companies domain has all the warning signs of a phishing scam. So

a) this is extremely bad practice!
b) everytime an e-mail is sent out in this manner, many will ignore it, many others will post questions about it in the forums, or contact support, eventually LL with have to blog it (people aren't in general going to spend time going back 4 months in the blog to check...), which is a waste of everyone's time and effort.

Matthew

The email contains a link to a website.
That website *looks* like it's really secondlife.com
That website is not necessarily genuine.
That website has an 'old familiar' link to account entry.


LL blogging that such emails are "OK" makes the potential problem worse.
It conditions people to expect such emails unquestioningly. It lowers the perception of risk.
It increases the probability of an actual phish attempt, as the phishers will be aware that LL have edged open the door.

The reason that phishing works over and over again is not that the victims are terminally stupid. The reason is that phishers are generally very good at what they do.



It would appear that LL may have intended to do their users a service by putting a plain text instruction to log on to secondlife.com. Great!
However, someone went 'off message' and engineered in a link. Awful!

Well, LL could eliminate phishing all together if they'd do one simple practice...

Send e-mails to people, not with links, but with directives to see the BLOG for officail LL notices and directions.

You know? Use the Blog for it's intended purpose, maybe? It's called "management". Something LL is apparently still learning.

I'd say links off the Official Linden Blog would be fairly safe to use.

~Jessy

I posted in the other thread simple instructions on how to take advantage of players' expectation of LL misteps in order to scam SLers...

/327/9d/193818/2.html#post1567303

These are all things that make phishing LL customers more likely:

1) It's not a stretch to believe LL lost my payment info and I have to re-enter it
2) LL won't show me my payment info, so I have no way to verify the claim that there is a problem with it, or that the site I'm looking at already has information I've only provided LL
3) LL doesn't say what's wrong with my payment info, or even which account has a problem
4) Contrary to proper net wisdom, LL has validated the concept of email-requested financial data updates, and even that these requests may come from a third party
5) LL has de-activated alt accounts based on criteria they do not publish, so I'm anxious to resolve problems with my account since I don't know what kinds of problems will get me de-activated

No - I could take a snapshot of the current front page. Add a new blog entry to that which had a link to my fake blog (keeping all the other URLs on that snapshot linking to the real blog), and include on that fake blog entry a fake account log on page - using all the tricks to make it look legitimate which the phishers use.

Would a phisher go to such lengths - well the answer is they already do.

Matthew

I know for certain that if an email came to me claiming to represent SL but using a domain name anywhere in its headers or content that was not lindenlab.com or secondlife.com, I would delete it without thnking, and an hour later probably wouldn't even recall ever having received it, since it would be filed away in my mind as just another phishing scam.

If LL rally is doing this, they need to fix it, pronto.