Group Spam Scams in Second Life

Group Spam Scams

Ever since I started a ‘Scams Category‘ on my blog, covering different scams in Second Life that residents should be aware of, I have gotten numerous requests to talk about the group spam scams. I’ve been meaning to blog about them for a while, but was waiting until I had a screenshot of them to show what I was talking about. This morning in one of my groups a scammer hit and I got the screenshot I needed.

The way the group spam scam works is often the scammer will say something like they have gachas for sale in their marketplace store (or sometimes they won’t say anything at all), then they share a fake marketplace link in order to trick people into clicking on it. Once people click on it, they are often taken to a page that looks like the Second Life marketplace and are asked to login to their Second Life accounts. After residents do that, their login information is stolen and their lindens are drained. Whenever you see anyone sharing links in a group randomly like that, never click on it.

Another thing to remember is not to Abuse Report the resident that shares a spam link (like in my image above ^) because sometimes the scammers also use the accounts of the people they have scammed in order to trick more people. So sometimes the people that are sharing these spam links can also be the victims of the scammers. That is why I suggest not to AR them, just to ignore the link, not click on it and possibly warn the other members of the group not to click on it either, just like the helpful group members did in the picture above. (UPDATE: Please read the comment from Payton below as she suggested a way that you can AR the account to make Linden Lab aware of what’s going on)

As far as I can see, there is not much that we as a community can do about stopping these scammers, aside from just spreading awareness about this scam so other innocent residents don’t also become victims.

Please share this post with all your friends and family and on your social networks to create more awareness for this scam. The scams I blogged about earlier are also still going on, please re-read them and share them as well:

  1. Full Perm Marketplace Scams
  2. GiftBot Discount Scam in Second Life

I have a “Scams” category on my blog to inform you guys about different issues going on in the Second Life community. If you know of any issues or scams going on right now that you’d like me to blog about, please email me all of the information and I will look into it.

Thank you!

15 thoughts on “Group Spam Scams in Second Life

  1. Bobbie Faulds says:

    One other thing to do is watch for when the account goes offline and then send an IM to the account to let them know their account has been phished. I have a note card that explains what they need to do that I drop on them. The phisher usually doesn’t change the password so the owner gets n none the wiser and wonder what happened to their groups.

  2. Great advice, thank you Bobbie!

  3. Skate Foss says:

    Sadly over the last few days, spammers are using past JIRAs to send rascist and disgusting comments. I’ve received several, Linden Lab is ‘cleaning comments’ but nasty JIRA comments continue to be sent. Hopefully the Lab will rid these people. This is not what Second Life stands for.

  4. Actually, you should AR these accounts. When you submit the report, report that a scammer has taken over these accounts. LL will then freeze the account and the real account owner is notified this has happened and that they must show proof to unfreeze the account. How do I know this? A couple of people I knew were sadly nabbed in this very scam and when a report was made out, the hackers were stopped from doing too much damage with the victim’s account.

  5. Agree with Payton.. LL advice you do report these phishing link spammers as they can deal with it quicker than the person hacked (who often don’t know that they were hacked). So please DO AR them.

  6. Thank you Payton and Starlight. I have updated my post to make people aware of your comment.

  7. Laura Blues says:

    Not only will they drain your Lindens, but if your account happens to be linked to your bank account, credit card, or whatever, they will also buy more Lindens, draining your actual bank account of your very real money. I strongly recommend using PayPal, because that way you will certainly get your cash back (from my own painful experience).
    Next, report to Linden Lab that your account was hacked.
    When it happened to me, I had my account back in ca. 24 hours, and all my cash back in my PayPal account. But those minutes of seeing my bank account getting cleaned were sheer panic!

  8. Luna Azulejo says:

    I got phished when I was new to SL by clicking a link in an active chat in a legitimate and trusted group. I lost no money, but the scammers changed my SL and gmail passwords. I had an alt in storage, luckily, so I could still be inworld. I reported to LL, which took a week to restore my account.

    The weirdest outcome was when a Bulgarian cruised my RL Linkedin account. So beware!

  9. chericolette says:

    @Skate Foss..this happened to me this week. The first one (reportedly from JIRA) contained the ‘n’ word and I nearly replied. At that time I just thought it had been emailed to me by mistake as I had recently submitted a JIRA ticket. Then the 2nd one arrived and contained a message from ‘LL’ saying my account had been ‘terminated’. This shocked me and I quickly signed it to see it it was true. All was ok, thankgoodness. Maybe I should report this.

  10. Berry, have a well-deserved and happy vacation!

  11. chericolette – no the reply was not saying you had been banned, that was the spammer saying his account had been banned. No need to report it LL are well aware of it and removed the comments from the spammer and have temporarily stopped people commenting on Jiras they did not create.

  12. chericolette says:

    OK Starlight.

  13. If you absolutely want to check a link, although I do not understand why, you can do the following:

    1. Copy the link target. In SL you can do that by right-clicking on the link and select “Copy URL to Clipboard” (tested in Firestorm).

    2. Open an incognito/private window in your browser. Preferably a browser you normally use. Google can help you to find this function in your browser of choice. It has to be incognito, because that way you will not have active sessions running.

    3. Paste the link in your incognito window and navigate to the site. Check for obvious markers like a green lock next to the url in the navigation bar. Red locks are a big warning sign!

    4. Do not fill in forms or pass on any other personal data unless you are certain the site is legit. It’s best to check Linden Labs or online forums whether a site is really affiliated with them.

    —-

    Another tip that is going to help you tremendously is: use a password manager and unique passwords for each site. Passwords should not be shorter than sixteen characters, but longer is better (I personally think sixteen is too short already). Enable two-factor authentication where possible (SL does not have this for reason). This way you make your accounts harder to hack and even if one service is hacked, evildoers still don’t have the passwords of other accounts.

  14. Wolf Baginski says:

    This all illustrates one of the problem with current Linden Lab policies on ARs. They don’t talk about what they do. They don’t say whether you even provided useful info. There are no summaries ever published. And, when accounts never seem to be removed, just frozen indefinitely, making an AR on anything starts to look futile.

  15. STARVED Magic says:

    ANOTHER THING THAT USUALLY HAPPENS TO ME, IS MY COMPUTER WILL BRING UP A BIG RED SCREEN SAYING…THIS IS AN UNSAFE SITE…AND ANOTHER THING IS I AM ALWAYS LOGGED INTO MY MARKETPLACE SO WHEN I ACCIDENTLY, CLICK ON THE LINK…AND SEE THAT I HAVE TO LOG IN…I KNOW THAT THIS IS A SCAM AND I TRY TO WARN PPL IN THE GROUP THAT THIS LINK WAS PLACED IN.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>