Scam Alert: "Linden Hack" Phishing Scam
If you don't know what "Phishing" is, click this.
This was taken from the linden blog, but I thought it should be posted to as many places as possible. To see the original, click here.
Affects: Everyone with a secondlife account
Modus Operandi: The scammer spams chat with the following message:
Hot new LINDEN HACK/CHEAT!! Will give anyone 1 month or older to the game 10,000 L$ FOR EVERY 30 MINUTES SPENT OFFLINE!!! hteeteepee:\\LindenHack.citymax.com\! Limited time hack! Register and start recieveing now! ( URL munged)
THIS IS AN ATTEMPT TO GET YOUR PASSWORD! Read on!
How it goes down: The scammer gets you to go to the above website and enter your SL information into the form, promising you information on how to get free L$ through an exploit. The truth is, they take the L$ in your account and then turn your account into a spam bot to perpetuate the scam.
Seeing through the Scam: This should be common sense, but unfortunately people are greedy and gullable. DO NOT GIVE YOUR SL INFORMATION, ESPECIALLY YOUR PASSWORD TO ANYONE! Anyone asking you for your password is likely up to no good. No one should know your password but you, period. I don't care how much you 'trust' that person. Even LL employees shouldn't ask, or need to ask for your password. You also should rotate and change your password regularly and never use the same password for all your accounts ( such as messageboards, chats, email, banking, etc.) No legit organization would ask you for the account information and password you use on another service to give you something. If you encounter a site that asks for that sort of information, you should be immediately suspicious and just walk away. The most common forms of phishing tend to be sites that pose as banks, paypal, or ebay sites, but if you pay attention, the URLs are normally wrong. You should never click a link that looks fishy like that, and remember, if its too good to be true, it probably is.
Damage control: If you have fallen victim to this, it is recommended you change your password right away, provided you still have access to your account. You should also contact email@example.com immediately so they can run damage control as well.