Security in Second Life – Protect yourselves

SL Login Screen

Looks innocuous enough, doesn’t it ?

There you were just enjoying a normal, quiet day in Second Life, dancing in a club, chatting with some friends, wandering around the stores looking for a new pair of boots to go with that fabulous top you just found, or maybe doing a bit of furniture rearranging in your lovely new home. All was well in the SL world.

And then one of the group chat tabs flashed to indicate a new message…

You clicked on the tab and there’s a link to the Market Place!

http:/marketplacesecondlife852.my9gb.com/store 73660/secondlife.htm

It may even have been preceded by some text that said something like “Great bargains at my new store!”…

“Ooooo !”, you thought, “I wonder what’s on offer?”…

You clicked on the link, were presented with the above Market Place Login Screen, filled in your Username and Password, and pressed the enter key…

*sigh*

Congratulations! You just gave your Username and Password to a crook! A Phisher.

(Quoting Wikipedia) “Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.”

Don’t bother trying to log in to Second Life again because they will be there faster than you will and will have changed your password before you know it.

Wave a fond farewell to any Lindens you may have had, they will have been transferred to the phisher.

Forget any Transfer-enabled items you might have had in your inventory because they will have gone the same way, and are probably lined up for a “Yard Sale” in the coming days.

But, most importantly, if you have your payment information attached to your Username then you can expect a large hole to appear in your personal finances too, because the person who you just gave that information to is after one thing…. your money!

You are now officially stuffed UNLESS you IMMEDIATELY change your password on SL. Whatever you do do NOT log out until you have changed your password!!!

I spend a lot of time on Second Life and every day one or more of the groups I belong to (I’m maxed out at 42 all the time) will be hit by one or more of these phishing links. I was inspired to write this post because four of those groups (all connected to very well respected stores with which the victim and I share an interest) were “hit” by the same message at the same time this morning and chaos reigned for a while with all the group tabs flashing as intelligent people were posting “don’t click that” messages and the less well informed were blaming the poor, lost account holder for spamming the group.

What does that tell me? Well, it not only tells me that people out there, people possibly like you, are being silly enough to click on those links in the first place, but also that there is a lack of understanding of what is going on.

In my opinion too many people are blaming the person whose Username appears next to the message for “spamming”, and asking things like “what do they hope to gain from it?” and “why do they do that?… haven’t they got better things to do than annoy people?”

It is NOT the person whose Username appears next to the message that is doing the spamming/phishing, it is the crook who has taken over their account because that person was naive enough to click on the link and then enter their Username and Password onto the false screen in the first place. “Popsy Nooticles”, or whoever’s name appears next to the message, is not a spammer or phisher they are just the latest victim, and the next time they try to log in to Second Life they will be feeling somewhat deflated.

So, what can YOU do to protect yourself from this and other scams that crop up from time to time?

Well firstly NEVER click on any unexpected link that appears in a group chat window and is not an “in-world” link. “In-world” links are always in a format like “Noddy’s Super Store(192, 88, 26)” and will be a link to teleport you to somewhere in SL, normally the location of the store whose group chat the message and the link appears in.

Secondly… there is an option within SL that allows Multiple Logins. This is NOT a sensible option to select if you are in any way likely to make the mistake of clicking on dodgy links because it will mean that the phisher would be able to change your password while you are still logged in, and on the basis that they will be waiting and immediately notified of what you have entered they may do it before you have had time to react properly, meaning you would already be stuffed once you had pressed Enter on the false log-in screen.

Thirdly…. If you are one of the people who use real money to support your Second Life don’t keep your payment information attached to your main Username. If you haven’t already done so then set up another Username (an “Alt”) which you use purely for real life monetary transactions. Then, whenever you need to top-up your funds or even pay your tier, log in as your “Alt”, buy your Lindens using that Username, “Pay” your main Username any Lindens it needs (and ONLY as much as it needs on a short-term basis), and make any other payments such as tier from that account. (Most reputable real-estate agents in SL will have an option whereby you can pay tier for another Username.) And then simply log out from your Alt’s account. Moving real money around for you is its only function, pure and simple, so it doesn’t matter what it looks like, and have its “Home” location the same as for your main account as it’s even more secure if the two of you are not even friends and you have to be near each other in order to exchange funds. That way if, by some inadvertent chance, your main account were to become compromised then you may lose what you have in it but at least access to your bank account/credit card details will be shielded.

But above all please think about what you are doing.

Second Life may be a wonderful environment in which we can all fantasise about doing things that we could never do in the real world. It’s a place where we can be forever young, a furry, a fairy, a vampire, a robot, or whatever we want to be. We can see and experience amazing creations from the minds of people whose talent and imagination seems to have no limits. But it is also inhabited by real people because there is a real person behind every avatar and, as in the real world, there will be some for whom theft is a preferred means of existence and one should always be on one’s guard.

Have fun, enjoy the amazing creation that is Second Life, but above all…. take care.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s