Stolen Account !

well, i learn something new everyday. i'm two weeks short of my first rez-day and i had no idea. thanks peggy.

I joined in August of that year and I think my sister joined in November. I'll keep everyone updated when we find out more. There is a paper trail.

Even if they won't act on it, if any fraudulent charges happened with the card, the credit card company might insist that you report it in order to qualify for the fraud protection.

I'm almost certain the credit card company would require a police report being filed.

Odds are, he's probably going to sell the Lindens he bought with your sister's credit card on eBay. This explains a thread I read a few weeks back about eBay Lindens being so cheap now...

This goes way beyond your SL account. It sounds like you might be the victim of a "keylogger." This is a type of software that can be introduced into your machine if you unwittingly click on a link set up to sucker you into making contact so it can send it to you - it can be a fake website, it can be a spam e-mail. The software - I'm no techie, but this has happened to a number of people I am acquainted with - will record every keystroke you make and send it back to the criminal who fooled you into accepting it. It will send him your passwords when you type them in. ALL your passwords. For your bank account if you bank by Internet, for example. Credit card numbers if you type them in (and who doesn't now and then?). Your company network if it lets you log in from outside with a password. Literally anything you enter is potential grist for this criminal's mill. All he has to do is figure out when a sequence of characters is a password or other information useful to him. Your mother's maiden name, or the "secret" question and answer some sites use to verify your identity? He's got that too, if you typed it in when the keylogger was there. I am told there are other trojan horses that can root around hard drives looking for useful files and info, but don't know about that aspect.

Get your computer cleaned out of malware by somebody who knows what they are doing. Do it ASAP. Don't use your computer for anything even slightlly sensitive until you do. Then change any password for anything that you have ever used via your computer. And remember, don't use them on that computer until you are certain that it is clear! Otherwise, if the keylogger is still in there, it will just send out the new passwords and you are back to square one.

Also warn anyone youmight have sent a file to recently. It conceivably might have a copy of the keylogger secretly attached to it and it could then be on their computer as well.

I hope you are lucky and it is only your LL account and that credit card that are compromised. Depending on what you do with your computer, and what is in it, it potentially could be much worse for you.

Good rule of thumb from now on: Don't open any e-mail or file unless it is sent from a source you know and trust. And don't click on any url sent to you from any source unless it is a source you know and trust. If the source is unknown to you, don't take a chance. Treat it like a strange man offering you candy to get into his car.

Easy! "chocolate"

Even if you've only used that computer for SL and nothing else, if you are using the same password for SL that you use on other accounts, you need to reset it for everything. Knowing your personal info, they can possibly find out who you have other accounts with and give the SL password a shot there too.

It will be interesting to find out how the attacker gained access to the password.

Usually, just guessing a password is very difficult, unless the person who stole the account knows the victim, and can make good informed guesses about their password. I know a person that had an account hacked in another place on the internet, and they had the password "billy" (name of son). When they were told to immediately change their password, they changed it to "spot" (name of their dog). Duh! Some people just don't learn. Why do I know this? Because they also have see no problem in telling everybody they know their new password. People need to learn to take passwords very seriously.

My guess is that in this case a trojan/spyware/keylogger was used on the victims computer. Either that or somebody set up a phishing secondlife site, then sent a fake email to the victim with the URL to the fake site which asked for avatar name and password, then jumped over to the real site. Many people get caught by phishing schemes and have no idea they just gave somebody their private info.

Maybe they should have just changed their son's name.......

That's terrible to hear.
It bothered me the first time I bought Lindens in-world and it didn't ask me to verify anything about my cc. That's just asking for trouble. But what can you do? As it is, I had a moment after reading the OP where I seriously thought about removing my payment info. But that's not really possible now that I own land.

It's a really questionable system that LL needs to change so stuff like this doesn't happen.